Report - f.asx2.xyz/?xt=ZSD7dWJX

Report Overview

Submitted URL
f.asx2.xyz/?xt=ZSD7dWJX
IP
172.67.201.243
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 06:43:53
Access
public
Website Title
PMYP Prime Minister Laptop Scheme 2024 – Apply Online
Final URL
g.xce3.xyz/#1714805009114
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
g.xce3.xyz	unknown	unknown	No data	No data	944 B	25 kB	104.21.81.142
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-03	852 B	69 kB	216.58.211.10
563cdn.com	unknown	2023-05-12	2023-05-12	2024-04-12	437 B	91 kB	188.114.97.1
tj.657g.xyz	unknown	2023-07-13	2023-12-07	2024-04-18	870 B	2.9 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-19	medium	tj.657g.xyz/	PayPal Inc.
2024-03-19	medium	tj.657g.xyz/	PayPal Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	g.xce3.xyz/	2.6 kB	2024-04-18	2024-05-09
Pretty URL g.xce3.xyz/ IP 104.21.81.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 11:21:27 Last Seen2024-05-09 22:14:13 Times Seen15 Hash bcb1aaa49a20e7b1dc786cd06f7ac01d 0e6e845f89e45bdc0bee07fe087885701b07d2dd ce5ff23d4090423a12e6d03868deba69eb6dce3f3a31f2e80cf9b9a3c8fe7933 Loading...

	g.xce3.xyz/	345 B	2023-12-13	2024-05-09
Pretty URL g.xce3.xyz/ IP 104.21.81.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-13 18:56:14 Last Seen2024-05-09 22:14:13 Times Seen41 Hash ecffbe366e1b36e55da681315cda4e78 4932abca38dc9d841be2c4cd52207207b29c2714 214f1274f0b94b658764f6179e2de89e09de88248f35e3d9bf506ce9049c5a14 Loading...

	unknown	305 B	2024-01-22	2024-05-04
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-01-22 18:55:06 Last Seen2024-05-04 08:43:59 Times Seen7 Hash a6452f19264a2057f11f01d80319ec97 ce1ccc3e699b09f8d9a6a6e70741125046d3e1f4 9e8d9c1b999566e51da1fdbd804e9cdac2cf0dcc40c8cc8ac3d8d237afa45662 Loading...

	g.xce3.xyz/	228 B	2024-01-22	2024-05-09
Pretty URL g.xce3.xyz/ IP 104.21.81.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-22 18:55:06 Last Seen2024-05-09 22:14:13 Times Seen22 Hash 2768b69fa39beebc2afa7874bf5482e3 aff70fe363268c0b9d68b4580e998a68bf051c34 7a4a9bdcb8e68e6ad5628d6460333092224e7db0c7fa7425127050393238b580 Loading...

	tj.657g.xyz/js/script.js	1.3 kB	2023-05-22	2024-05-18
Pretty URL tj.657g.xyz/js/script.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 17:22:24 Last Seen2024-05-18 06:47:14 Times Seen3527 Hash abd4e2373b2e8c4dac2e80159641c5f1 e273656e58ca934d873204e68dd35670fde657ed 021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	96 kB	2023-03-07	2024-05-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 216.58.211.10 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-18 06:55:34 Times Seen47990 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

HTTP Transactions (7)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

216.58.211.10

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://g.xce3.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://f.asx2.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:47:24 GMT
expires: Fri, 02 May 2025 01:47:24 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 190564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

216.58.211.10

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://g.xce3.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g.xce3.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:47:24 GMT
expires: Fri, 02 May 2025 01:47:24 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 190565
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

563cdn.com/images/laptopfree.jpeg

188.114.97.1

91 kB

URL
563cdn.com/images/laptopfree.jpeg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1082x672, components 3
Size
91 kB (90602 bytes)
Hash
ad43c64a98ce069e008bd61dbd64f87e
c8882647f2bc82bcb66752ed094dd4d9e5c6ec4c
7887bebae5fca7fb2139245ab9ae67b401da166c6737367a98097b73b7db8dda

HTTP Headers

GET /images/laptopfree.jpeg HTTP/1.1
Host: 563cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g.xce3.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 06:43:29 GMT
content-type: image/jpeg
content-length: 90602
etag: "ad43c64a98ce069e008bd61dbd64f87e"
last-modified: Wed, 24 Jan 2024 01:59:12 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2B5IS0ZAIeR%2FZD6jMnjKZj5%2FN9yh%2BbnG5IfmGIPG7wugDDCeiZY34ruDlxwZPFZwOLmqVlaQw61xQ14YZXHDUhLMcI4SjJivjhB%2Fdf0NtVo9yCKPWtjAcTp1zs%2FE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6844a1bb356ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tj.657g.xyz/api/event

188.114.97.1

2 B

URL
tj.657g.xyz/api/event
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

POST /api/event HTTP/1.1
Host: tj.657g.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 97
Origin: https://g.xce3.xyz
DNT: 1
Connection: keep-alive
Referer: https://g.xce3.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 202 Accepted
date: Sat, 04 May 2024 06:43:29 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: max-age=0, private, must-revalidate
x-request-id: F8w2MBugu7D5OsUOHj0i
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkcB%2BTihfHrvKo9C4%2FEb6RRxYQilow7aSfqEm991lVcLWWYP0YYANXvZkzP1forcAqwlSnLUi2dZiRd1v72QdQLpm8k%2BfblH574I1cDZw%2BKGop%2Fnr0%2BLn4o3n2%2FisQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6844b3e79b4fa-OSL
alt-svc: h3=":443"; ma=86400

g.xce3.xyz/favicon.ico

104.21.81.142

7.2 kB

URL
g.xce3.xyz/favicon.ico
IP
104.21.81.142:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
7.2 kB (7167 bytes)
Hash
5a5e8efb2b060a20e1e745e3f0115664
72f17dfd86e34d991d94ebfd967635b849b56bd0
5d1d75b702f13e1bb14ff8d52cac1690acacec3a15821af7fe482a79afda5b99

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: g.xce3.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g.xce3.xyz/
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sat, 04 May 2024 06:43:29 GMT
content-type: text/html
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gif6bc1KqvOf2UvhVeOC3XWaReSP5ZpU60mc%2BI5LOzwON6QjlH0dGwhmuidvEyZ%2BeSix0QMeVUJ2pwEmGmbT7qhJFg%2FamEzDbeFqs7YTlhZYaO%2B5G0yv9iVGjFO3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6844ca947b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

g.xce3.xyz/

104.21.81.142

200 OK

17 kB

URL User Request GET HTTP/2
g.xce3.xyz/
IP
104.21.81.142:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectxce3.xyz
Fingerprint8A:C2:40:E0:18:07:7F:1A:8C:91:03:ED:15:1C:7C:0C:18:8A:B4:0D
ValidityFri, 03 May 2024 19:03:18 GMT - Thu, 01 Aug 2024 19:03:17 GMT

File type

Size
17 kB (16953 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: g.xce3.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://f.asx2.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:43:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: loclang=en; expires=Sun, 05-May-2024 06:43:28 GMT; Max-Age=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ljM%2BqT2TR2CaVu9t3TvD%2BA6183qyu2w5cbcQxfj%2FRNukKo%2BSUrQWJq3NLM8ei3iv%2F%2BULnkfs65QW9BTaUPlwUWNhCWhUmkFO9SZpKUHXPjjWYnb5PGyTftXXOCsH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e684489aeb569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tj.657g.xyz/js/script.js

188.114.97.1

200 OK

1.3 kB

URL GET HTTP/2
tj.657g.xyz/js/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://g.xce3.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject657g.xyz
Fingerprint62:A7:5F:68:68:61:92:3D:96:17:20:8B:09:D3:38:03:80:11:C4:39
ValidityFri, 03 May 2024 08:38:58 GMT - Thu, 01 Aug 2024 08:38:57 GMT

File type
ASCII text, with very long lines (1384), with no line terminators
Size
1.3 kB (1346 bytes)
Hash
16cfd1982a40489c41a52add24d36b85
344f1896d895c5d0a7c4caecafcf1942603cd026
72073aacecd145e525b16c4c845c07bff5798e813eeed702dff748a18b6186ce

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /js/script.js HTTP/1.1
Host: tj.657g.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://g.xce3.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 06:43:29 GMT
content-type: application/javascript
cf-bgj: minify
expires: Sat, 04 May 2024 10:57:02 GMT
vary: Accept-Encoding
x-cache: HIT
access-control-allow-origin: *
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 28116
last-modified: Fri, 03 May 2024 22:54:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3YpXkj%2BkvHsT7NlbfJBmbXkGJktlVufqrk4KuvAxkCArCGQH7gmVzvWSJ%2BB8r9lfN20F9cliwJkCBIiMilG%2Bz6yslDj72s3myWphEQYTUJq9X7TlUDIASivHac78fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e6844a5d1eb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate