Report - grabify.link/film.php?id=IHGPCO.exe

Report Overview

Submitted URL
grabify.link/film.php?id=IHGPCO.exe
IP
104.26.8.202
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 19:21:08
Access
public
Website Title
403 Forbidden
Final URL
galaxyswapperv2.com/Downloads/Key.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
galaxyswapperv2.com	unknown	2021-09-03	2023-03-13	2024-04-12	1.9 kB	15 kB	172.67.72.193
grabify.link	181878	2015-07-05	2015-07-08	2024-04-08	491 B	3.6 kB	104.26.8.202

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 19:20:43	medium	Client IP	104.26.8.202	ET INFO Observed IP Tracking Domain (grabify .link in TLS SNI)
2024-05-10 19:20:43	medium	Client IP	104.26.8.202	ET INFO Observed IP Tracking Domain (grabify .link in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	galaxyswapperv2.com/Downloads/Key.php	1.1 kB	2024-05-10	2024-05-10
Pretty URL galaxyswapperv2.com/Downloads/Key.php IP 172.67.72.193 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 21:21:08 Last Seen2024-05-10 21:21:08 Times Seen1 Hash 3b383a42f2249cebff18cea74d2dbbe5 87e56d4f0aa8fd6277e0330da4bc5dfeb110bd4f b3925f2ae1e023a4d7b60eadfc617aad65ee4e169fd54a116e434875388fb38d Loading...

	unknown	247 B	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:21:08 Last Seen2024-05-10 21:21:08 Times Seen1 Hash 9c21c994ff941d52b2486dface4d138f b28ad512fc882914161208ff44718fbe8313b86c e7580a4ae6c622737994bd1b8a45a21b9b2fbf7b8ff371a45b728192b532ca53 Loading...

	galaxyswapperv2.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.8 kB	2024-05-10	2024-05-10
Pretty URL galaxyswapperv2.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.26.14.156 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 20:49:43 Last Seen2024-05-10 21:21:08 Times Seen8 Hash 67df134e076d8ca6fe744e053aa8edab 7ee32573160266aaf784c52ad6dfec2e2b30303b cab7ccb93e5b26eb25a137561d44670eb0f7b809d7bf63f595f5be99ad75caa1 Loading...

HTTP Transactions (6)

	URL	IP	Response	Size
	galaxyswapperv2.com/Downloads/Key.php	172.67.72.193	403 Forbidden	993 B
URL User Request GET HTTP/1.1 galaxyswapperv2.com/Downloads/Key.php IP 172.67.72.193:80 ASN #13335 CLOUDFLARENET File type HTML document, ASCII text, with very long lines (1144), with CRLF, LF line terminators Size 993 B (993 bytes) Hash 8353d26693a808de500849fc504e3022 3ed3110dad25ba72cbe52a87af017f9450b607fa 42d09e6a5c044a4310afeaef48555ae9b1f614e604542e1bcbe8d1cc23d47f54 HTTP Headers `GET /Downloads/Key.php HTTP/1.1 Host: galaxyswapperv2.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 403 Forbidden Date: Fri, 10 May 2024 19:20:46 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache x-turbo-charged-by: LiteSpeed CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lm%2FPl2JHrlwd3AVTt1ob0171zVOP6DgSqwXmDkWreQQI00%2B%2FqgPcj893p6LOCDpsh986IMymfBVcgtR%2BuRNKuaWL64o93xHPN%2BTMtSbduKqjOsEJEqgSCnOAcvqMWmOPrLDiHXM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 881c49d6d89656b7-OSL Content-Encoding: gzip alt-svc: h2=":443"; ma=60

	galaxyswapperv2.com/favicon.ico	172.67.72.193	403 Forbidden	5.8 kB
URL GET HTTP/1.1 galaxyswapperv2.com/favicon.ico IP 172.67.72.193:80 ASN #13335 CLOUDFLARENET Requested by http://galaxyswapperv2.com/Downloads/Key.php File type HTML document, ASCII text, with very long lines (14190), with no line terminators Size 5.8 kB (5812 bytes) Hash b08a976a7b2b71fbb214b6f743634cc7 8742e7e3147725ed07e363338a08b58048c9441e b032f9649c4362897572cf5fe715c8cada1276c49463d63f36fe719071556848 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: galaxyswapperv2.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://galaxyswapperv2.com/Downloads/Key.php Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 403 Forbidden Date: Fri, 10 May 2024 19:20:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: mrrZ/FzQ/ozkY4On4GsCo6b7oJ62HKCKExA+WgSKaDCoaJzQs03F2L21dk2/lFfZ75aRkzXMj3L4ZV0UypW5DZSmdxy80TYMrAe9VO0JZYIeGf+9bJJ9M7yiCNC6xZ8f9H5otyMq0XGF2MFtqy9pLA==$NDzT5sW82uJZzo7hV3pCZg== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BasylscVuFKWGTsbJjPAqT0fDtWmk87iVcDWvA8aAPvyjG4umjgPwQVGUQ1sEOmBOI3Mx1p5JZxXIPSb4OxzQ3b1IY74XeF7xX1L7UhBM%2BSjhoatIgmHQ7JQdsSFWQzcomgLMEU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 881c49da2d3a56b7-OSL Content-Encoding: gzip alt-svc: h2=":443"; ma=60

	galaxyswapperv2.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	104.26.14.156	302 Found	0 B
URL GET HTTP/1.1 galaxyswapperv2.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.26.14.156:80 ASN #13335 CLOUDFLARENET Requested by http://galaxyswapperv2.com/Downloads/Key.php File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1 Host: galaxyswapperv2.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 302 Found Date: Fri, 10 May 2024 19:20:46 GMT Content-Length: 0 Connection: keep-alive location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js access-control-allow-origin: * cache-control: max-age=300, public Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qf3r1ZoDt16Z7H%2Fu3aOHpBqU6Sn57sgecHn8YmDOIJcy4Nndncztg86AenwiM14PXPkyvRj2vIRTakt9lhkLS1D9J%2F33oavxfHNqp65oNGcDErTzcC2PBF5ZG9h1K%2FkXSOryc5c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 881c49da2c7656a9-OSL alt-svc: h2=":443"; ma=60

	galaxyswapperv2.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js	104.26.14.156	200 OK	3.6 kB
URL GET HTTP/1.1 galaxyswapperv2.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js IP 104.26.14.156:80 ASN #13335 CLOUDFLARENET Requested by http://galaxyswapperv2.com/Downloads/Key.php File type JavaScript source, ASCII text, with very long lines (7822), with no line terminators Size 3.6 kB (3595 bytes) Hash 67df134e076d8ca6fe744e053aa8edab 7ee32573160266aaf784c52ad6dfec2e2b30303b cab7ccb93e5b26eb25a137561d44670eb0f7b809d7bf63f595f5be99ad75caa1 HTTP Headers `GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js HTTP/1.1 Host: galaxyswapperv2.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Date: Fri, 10 May 2024 19:20:46 GMT Content-Type: application/javascript; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive x-content-type-options: nosniff cache-control: max-age=14400, public Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ozTarDZnNmBzHlgXBPvmKEGvjUGC66VBaiQazv3kvHq5piegf591nyCyWc4Lvsrnm26HxWj8SAMC91S3W6S2EEi8Ure8gGOtHyOBe876JDzvuzWRbhouCdf6y9cn6EgCLJLiTJg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 881c49da4c8f56a9-OSL Content-Encoding: gzip alt-svc: h2=":443"; ma=60

	galaxyswapperv2.com/cdn-cgi/challenge-platform/h/g/jsd/r/881c49d6d89656b7	104.26.14.156	200 OK	0 B
URL POST HTTP/1.1 galaxyswapperv2.com/cdn-cgi/challenge-platform/h/g/jsd/r/881c49d6d89656b7 IP 104.26.14.156:80 ASN #13335 CLOUDFLARENET Requested by http://galaxyswapperv2.com/Downloads/Key.php File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `POST /cdn-cgi/challenge-platform/h/g/jsd/r/881c49d6d89656b7 HTTP/1.1 Host: galaxyswapperv2.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json Content-Length: 11590 Origin: http://galaxyswapperv2.com DNT: 1 Connection: keep-alive Referer: http://galaxyswapperv2.com/Downloads/Key.php Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Date: Fri, 10 May 2024 19:20:46 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 0 Connection: keep-alive Set-Cookie: cf_clearance=ujMZeAKPbmL5r7_6vLa0DJ72m6NwDw1PYLlzVR5DPuQ-1715368846-1.0.1.1-rVZsbkEhyttcFSVi4kEXgkL8teJaMu9Qy2B0fDtq_KuerilykJBNELIFuD6977PhRbrYjHn3lHCzR75IAEdulQ; Path=/; Expires=Sat, 10-May-25 19:20:46 GMT; Domain=.galaxyswapperv2.com; HttpOnly Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s07PjZkVHEnSDDkokcqeyULgxL1xDrYn2ZNvGRlR7xvENU6nfQF1KceZbgvZPQceZCT5KdCSxOlfxc9Mh%2BuiQvm0KltC99xEyxqN15v5arrQ%2BefxOCkuWOfnckcgwSLjuATU9MI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 881c49db4dd456a9-OSL alt-svc: h2=":443"; ma=60

	grabify.link/film.php?id=IHGPCO.exe	104.26.8.202	301 Moved Permanently	1.9 kB
URL User Request GET HTTP/2 grabify.link/film.php?id=IHGPCO.exe IP 104.26.8.202:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjectgrabify.link FingerprintAC:38:58:E1:2F:C3:ED:2D:5E:CE:4A:44:D5:B4:54:47:F0:A7:58:19 ValidityWed, 08 May 2024 01:03:36 GMT - Tue, 06 Aug 2024 01:03:35 GMT File type Size 1.9 kB (1905 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /film.php?id=IHGPCO.exe HTTP/1.1 Host: grabify.link User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 301 Moved Permanently date: Fri, 10 May 2024 19:20:45 GMT content-type: text/html; charset=UTF-8 location: https://galaxyswapperv2.com/Downloads/Key.php cache-control: no-cache, private x-robots-tag: noindex, nofollow x-content-type-options: nosniff x-abuse: abuse@grabify.link x-ratelimit-limit: 15 x-ratelimit-remaining: 14 set-cookie: XSRF-TOKEN=eyJpdiI6Im5oaElxb1h1NDFwb0ZWNjc3dm9aZkE9PSIsInZhbHVlIjoib3NzTEJnRXplV0JsL0NXTVBBcnVhR3FlN1BIK0hpUnhiS0xWWEZsU0dhSU5iUlZ0Z3YxYlBKY2VFdFlWN0dqVTExaVhMeG8zTTF4aEtUYk15NkVkU21Dc3NVS09IcUFpeUxKTHZSVTBXbnA0aGFmYVhsVk1sanVLTVo1c1hrLzIiLCJtYWMiOiI2NGM1ZTc5MzUxOTk2ODRhMjkzZGJiMTNjOTRiNDNhYzk2ZWQyYzlmZWIyNWI2ZmI4YjZjZTFkNGVmZmMxOTU4IiwidGFnIjoiIn0%3D; expires=Sat, 11 May 2024 00:20:45 GMT; Max-Age=18000; path=/; secure g_session=eyJpdiI6ImEwc2t4ZDM5V2RmaFlxSnFGUjdCN0E9PSIsInZhbHVlIjoiUDRTdnNoOHFwcE13Nm1TajUxV3BqMi80RTFrUGFLc1NBT1FTTU1uRS8xOWZOVjZhZUVyWVhnK3AwVUVHWlR0d0d4THRZYXhFYmlUdWdrRlpvODhtVkM0eVVBMnRLLy9VeUNJWGJ3MjA1Q3hxaDZVMU52d1UwNzZvais2cXJRN0UiLCJtYWMiOiI1YTc0ODYyY2M1ZTg5ZmZhNjZkYmE5OTVmMDFhMTM1MjEwMTVhZjhhY2ZiNzViMmFmYTNmZWEwODI4MTRlMThkIiwidGFnIjoiIn0%3D; expires=Sat, 11 May 2024 00:20:45 GMT; Max-Age=18000; path=/; secure; httponly cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cz%2Fc7uvGeC7ivJQl%2Fxf5ToNXLHtvsFO7wDscAtMHS3R%2BXUfZXNC5JCAD%2FQyW4XI3XsqGKPStbyEX5ieWMw%2BdSKotSQaVS0LyQc9GxZCNSbhmnlFTdB3K%2BHTsdfUVAA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 881c49c778755694-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2