Report - mega-guy.com/s?xGRB

Report Overview

Submitted URL
mega-guy.com/s?xGRB
IP
172.67.208.69
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 07:23:40
Access
public
Website Title
stownrusis.com/s?xGRB
Final URL
stownrusis.com/s?xGRB
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pogothere.xyz	unknown	2022-08-22	2022-09-04	2024-04-17	842 B	104 kB	188.114.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	520 B	8.7 kB	142.250.74.163
gforanopportu.info	unknown	2023-11-07	2023-11-27	2024-04-14	490 B	8.8 kB	172.67.134.236
d1wzdj81h1hubn.cloudfront.net	unknown	2008-04-25	2023-01-18	2024-03-11	988 B	113 kB	54.230.241.226
mega-guy.com	unknown	2023-03-19	2023-03-19	2024-02-14	473 B	57 kB	172.67.208.69
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	934 B	59 kB	142.250.74.138
d2bs5vtcw2lxsv.cloudfront.net	unknown	unknown	No data	No data	414 B	91 kB	54.230.241.27
stownrusis.com	unknown	2023-12-31	2024-02-01	2024-03-04	477 B	96 kB	172.67.174.33
dfdgfruitie.xyz	unknown	2022-08-22	2022-12-12	2024-03-16	409 B	714 B	104.21.13.114
afnyfiexpecttha.info	unknown	2024-03-31	2024-03-31	2024-04-17	991 B	1.3 kB	188.114.97.1
undefined	142677	unknown	2020-01-28	2023-07-23	957 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	undefined	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	stownrusis.com/s?xGRB	92 kB	2024-04-18	2024-04-18
Pretty URL stownrusis.com/s?xGRB IP 172.67.174.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 09:23:46 Last Seen2024-04-18 09:23:47 Times Seen1 Hash e6f006eeee84124dba27337ee1451654 433fe75335606f38427d2eca5d854e2e6580455e ce6557473fbb7f72a5e262002614fda5f69357322f0a53f5f343c45dfff03723 Loading...

	dfdgfruitie.xyz/adserver/yzfdmoan.js	0 B	2023-03-07	2024-05-01
Pretty URL dfdgfruitie.xyz/adserver/yzfdmoan.js IP 104.21.13.114 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-01 03:17:50 Times Seen37235243 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	d2bs5vtcw2lxsv.cloudfront.net/?tid=991768	230 kB	2024-04-18	2024-04-18
Pretty URL d2bs5vtcw2lxsv.cloudfront.net/?tid=991768 IP 54.230.241.27 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 09:23:47 Last Seen2024-04-18 09:23:47 Times Seen2 Hash 1d3c24af602764ebeb2b9fee32832b5f c3ab371b2ba7d6c90b9915bcd654c26c3f69aa07 e8fd31c69f75bbce50ae7f58d994e05e82299c36538f2215db01cb491b74f46d Loading...

HTTP Transactions (15)

URL IP Response Size

mega-guy.com/s?xGRB

172.67.208.69

302 Found

56 kB

URL User Request GET HTTP/2
mega-guy.com/s?xGRB
IP
172.67.208.69:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmega-guy.com
Fingerprint08:35:E2:66:6E:D9:F9:FB:F9:68:27:60:4F:B5:EA:BF:99:66:CA:E5
ValidityFri, 08 Mar 2024 13:58:37 GMT - Thu, 06 Jun 2024 13:58:36 GMT

File type
data
Size
56 kB (56211 bytes)
Hash
1068bab3e8f9908cbad4513f2d656f8e
5641f5281ed2e6af36e4d86cca227e95f094d279
3efde3e704ae720833d05186843a3674345d24a8d54a79363004fd7754da1122

HTTP Headers

GET /s?xGRB HTTP/1.1
Host: mega-guy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 18 Apr 2024 07:23:14 GMT
content-type: text/html
location: https://stownrusis.com/s?xGRB
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gvJD0DuNv%2FOKgL%2BXLy15DQNx2CXnNj7qtr19gp6lftt5u%2BgtM%2F%2B3KM7EJFtvbQ5tETqsHH1NaCVmtwJQqdp9%2BVLA1youNjLGAUJsPeF0%2FE0OsmW780aArLeoRyNIzIw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8762e8856bfbb515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

142.250.74.138

200 OK

57 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
57 kB (56940 bytes)
Hash
07c4b6be489e3b739fd1cf5b03368363
debb88364e661a599f94e82653f9714c043055a5
b00e3c818ce2a12e3d5c966b220447ade4df4975a56bcf119267487f3f981166

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 07:23:14 GMT
date: Thu, 18 Apr 2024 07:23:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dfdgfruitie.xyz/adserver/yzfdmoan.js

104.21.13.114

200 OK

0 B

URL GET HTTP/2
dfdgfruitie.xyz/adserver/yzfdmoan.js
IP
104.21.13.114:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerGoogle Trust Services LLC
Subjectdfdgfruitie.xyz
Fingerprint9B:73:95:36:E6:2A:E8:AE:DA:A0:BE:44:07:A2:37:71:C9:26:70:46
ValidityFri, 29 Mar 2024 21:30:02 GMT - Thu, 27 Jun 2024 21:30:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /adserver/yzfdmoan.js HTTP/1.1
Host: dfdgfruitie.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:23:15 GMT
content-type: application/x-javascript
content-length: 0
last-modified: Fri, 03 Feb 2023 19:26:28 GMT
etag: "63dd5fe4-0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4211
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Y1kYSh65Je6RnJz%2Fvj9S6Y9oRaka9HM%2FxZb%2FRLfEjms75CsLCJc41VW5xcbtoR8OsmwwLRMo0B17ySblrpnS6J%2BGeccQc1r2daxfAqeL64HDtzNAMdDl74%2FMvgMMdn7MBc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8762e88c4f6c56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

d2bs5vtcw2lxsv.cloudfront.net/?tid=991768

54.230.241.27

200 OK

90 kB

URL GET HTTP/2
d2bs5vtcw2lxsv.cloudfront.net/?tid=991768
IP
54.230.241.27:443
ASN
#16509 AMAZON-02

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (891)
Size
90 kB (90185 bytes)
Hash
1d3c24af602764ebeb2b9fee32832b5f
c3ab371b2ba7d6c90b9915bcd654c26c3f69aa07
e8fd31c69f75bbce50ae7f58d994e05e82299c36538f2215db01cb491b74f46d

HTTP Headers

GET /?tid=991768 HTTP/1.1
Host: d2bs5vtcw2lxsv.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 90185
date: Thu, 18 Apr 2024 07:23:15 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HX6cCR010KGiv5PyGml4LCxFkvPaqiNCoCrlh4lsEawZ_Nl-nq9eMg==
X-Firefox-Spdy: h2

afnyfiexpecttha.info/TXlOTEliRi0/dAA/CDYoCywIFgwfIxQNBz0of3kuDy4ACx5/NGg4IClEd3V4ek92ajkkHXN/fGsKOi09OApzfW8kFygjdGsPc3xneFd4YntrDHN9bzkJLyt0fF8+OD0hRH97eH5NfHhwdEx7eX8

188.114.97.1

204 No Content

0 B

URL GET HTTP/2
afnyfiexpecttha.info/TXlOTEliRi0/dAA/CDYoCywIFgwfIxQNBz0of3kuDy4ACx5/NGg4IClEd3V4ek92ajkkHXN/fGsKOi09OApzfW8kFygjdGsPc3xneFd4YntrDHN9bzkJLyt0fF8+OD0hRH97eH5NfHhwdEx7eX8
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerLet's Encrypt
Subjectafnyfiexpecttha.info
Fingerprint6B:ED:1A:88:9C:57:2B:90:45:C1:12:0F:50:A2:BE:77:05:42:3A:DB
ValiditySun, 31 Mar 2024 11:28:54 GMT - Sat, 29 Jun 2024 11:28:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /TXlOTEliRi0/dAA/CDYoCywIFgwfIxQNBz0of3kuDy4ACx5/NGg4IClEd3V4ek92ajkkHXN/fGsKOi09OApzfW8kFygjdGsPc3xneFd4YntrDHN9bzkJLyt0fF8+OD0hRH97eH5NfHhwdEx7eX8 HTTP/1.1
Host: afnyfiexpecttha.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 18 Apr 2024 07:23:15 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2BwrLwjx3RYvWrb0XuxKcuAfk0pyja6L3cNjWgXWBw9IiId5xj5mdav1BAZJpmFdAuC%2BddA8JBX4J2Ggo%2BW0MYINMcnyYY%2FBpPd2MM6kKFhfWpQh6mU%2BtzJYePv5eU6GnGJyOLTlmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8762e88e89305699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

188.114.96.1

200 OK

103 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerGoogle Trust Services LLC
Subjectpogothere.xyz
Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B
ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT

File type
data
Size
103 kB (102758 bytes)
Hash
447b43bf237960262b26ba47127dcccc
d4a98b80898b5bc17601f611bfcb01d14f7219b7
78c10bdb066cdc049e6c313d26f67bee44a04c3a05b03887f6128ad4d27b56af

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stownrusis.com/
Origin: https://stownrusis.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:23:15 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://stownrusis.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3900
last-modified: Thu, 18 Apr 2024 06:18:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VdXSuHIQkarKEAvKGMqbik4onHPLgFYrO%2FKDFlOvMKThM3iKrPscUuqaj9PRQWQhlGAYClg%2FrkCgxPov0sWHgRE7yKX2r9Ibfe3G%2B6kV26fnJV5Y7kdP7%2B6AAm5grB9e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8762e88e8b6c5687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.163

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://stownrusis.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 05:54:09 GMT
expires: Wed, 16 Apr 2025 05:54:09 GMT
cache-control: public, max-age=31536000
age: 178147
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gforanopportu.info/tc

172.67.134.236

200 OK

7.8 kB

URL POST HTTP/2
gforanopportu.info/tc
IP
172.67.134.236:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerGoogle Trust Services LLC
Subjectgforanopportu.info
Fingerprint88:EF:8F:A6:1A:10:6F:B7:78:8F:B9:49:D0:08:96:29:77:D2:8D:F5
ValidityWed, 28 Feb 2024 10:32:46 GMT - Tue, 28 May 2024 10:32:45 GMT

File type
JSON text data
Size
7.8 kB (7826 bytes)
Hash
883b7c7f4c10922b99109cec886ea262
20bbd5c33d8d61fe1a214ebc19b4f6472967f577
6b877bb4ce1406ee2afc950dba9a453c723199115b957a1ed0508615cb8bf256

HTTP Headers

POST /tc HTTP/1.1
Host: gforanopportu.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stownrusis.com/
Content-Type: application/json
Content-Length: 181
Origin: https://stownrusis.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:23:16 GMT
content-type: application/json
set-cookie: ci=1153531816841205; Max-Age=86400; Secure; SameSite=None
access-control-allow-origin: https://stownrusis.com
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST, GET, OPTIONS, HEAD
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WlkPKC5UCMvCDQzoHkzObf1%2FwVB2Ho%2FCJsWUGOmstmg1vdaiKzCU1NuD3RFlb2z35t%2BS5Gc10BOjCo0FEj9FIT4KcTn%2Bp4pdB%2FrA540vCMoo6LkZ%2FymqNDmb7os72Pqb8kUZFwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8762e892ac6956a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

d1wzdj81h1hubn.cloudfront.net/6232cc06638526056f6a5687fa1c1626fe2e93c2c212d1fad32776563d7a3fdd.jpg

54.230.241.226

200 OK

56 kB

URL GET HTTP/2
d1wzdj81h1hubn.cloudfront.net/6232cc06638526056f6a5687fa1c1626fe2e93c2c212d1fad32776563d7a3fdd.jpg
IP
54.230.241.226:443
ASN
#16509 AMAZON-02

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3
Size
56 kB (56060 bytes)
Hash
bda9a9eb6062a57499f6e09aaaa87bff
7f22300e1260864ce5f92aa91b3b57eb1c2e5832
8571a5cc7330321121866d654968f9450e19a8e994543d361d2b900357f66636

HTTP Headers

GET /6232cc06638526056f6a5687fa1c1626fe2e93c2c212d1fad32776563d7a3fdd.jpg HTTP/1.1
Host: d1wzdj81h1hubn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 56060
last-modified: Sun, 14 Apr 2024 23:03:48 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 18 Apr 2024 06:14:45 GMT
etag: "bda9a9eb6062a57499f6e09aaaa87bff"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aOh_HfDZpGOAs-TrCE2SEXtBWlHRusEbDZE0dQhVlwLGKwZNY_zmXw==
age: 8232
X-Firefox-Spdy: h2

undefined/aTJWdmwIUDUbUwgPNFAZG15rU14vF2QwCFtQJUMaHVEhRAARQSBYDwVdIxIKG104AkIHVyJTXi8KNRs2XWsBQj4qYA8+OThrBj4qEWoFRwg5ZGcsOS9VOTMvLAoAMi1daB40PSd3MRUuOnAlOS1YYxs1G11zFxofGnEsRjYsSjUcIytnJTM4OFcANCUqcAA4LzhwBzctK2Q0Lgs4cxMgGCNgIU47K3cAID8oawEwGxlmFAELCnAXEQ4qcGYwPyhRHiQ9HnAVN1Q8dgdPND92YyM9LHgSJQAvdRUaCCNgEEYbOAImJC0BQR8yPgV+BzA1KGUAERg8d3sOKTFmFDI/BXc1NCknfh8wCCxhEx4lOgIUISQeYxgxPQVWAw8EKGQ9Gj4xWRghPzxgNScLKGATAR88cQc0KTF2BBA4AgszIC4ndAM3SgNBORgcVGY8JQccXRQgCyNbAwY

0.0.0.0

0 B

URL GET
undefined/aTJWdmwIUDUbUwgPNFAZG15rU14vF2QwCFtQJUMaHVEhRAARQSBYDwVdIxIKG104AkIHVyJTXi8KNRs2XWsBQj4qYA8+OThrBj4qEWoFRwg5ZGcsOS9VOTMvLAoAMi1daB40PSd3MRUuOnAlOS1YYxs1G11zFxofGnEsRjYsSjUcIytnJTM4OFcANCUqcAA4LzhwBzctK2Q0Lgs4cxMgGCNgIU47K3cAID8oawEwGxlmFAELCnAXEQ4qcGYwPyhRHiQ9HnAVN1Q8dgdPND92YyM9LHgSJQAvdRUaCCNgEEYbOAImJC0BQR8yPgV+BzA1KGUAERg8d3sOKTFmFDI/BXc1NCknfh8wCCxhEx4lOgIUISQeYxgxPQVWAw8EKGQ9Gj4xWRghPzxgNScLKGATAR88cQc0KTF2BBA4AgszIC4ndAM3SgNBORgcVGY8JQccXRQgCyNbAwY
IP
0.0.0.0:0
ASN
#0

Requested by
https://stownrusis.com/s?xGRB

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aTJWdmwIUDUbUwgPNFAZG15rU14vF2QwCFtQJUMaHVEhRAARQSBYDwVdIxIKG104AkIHVyJTXi8KNRs2XWsBQj4qYA8+OThrBj4qEWoFRwg5ZGcsOS9VOTMvLAoAMi1daB40PSd3MRUuOnAlOS1YYxs1G11zFxofGnEsRjYsSjUcIytnJTM4OFcANCUqcAA4LzhwBzctK2Q0Lgs4cxMgGCNgIU47K3cAID8oawEwGxlmFAELCnAXEQ4qcGYwPyhRHiQ9HnAVN1Q8dgdPND92YyM9LHgSJQAvdRUaCCNgEEYbOAImJC0BQR8yPgV+BzA1KGUAERg8d3sOKTFmFDI/BXc1NCknfh8wCCxhEx4lOgIUISQeYxgxPQVWAw8EKGQ9Gj4xWRghPzxgNScLKGATAR88cQc0KTF2BBA4AgszIC4ndAM3SgNBORgcVGY8JQccXRQgCyNbAwY HTTP/1.1
Host: undefined
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fonts.googleapis.com/css?family=Poppins:wght@300;400;500;600;700&display=swap

142.250.74.138

200 OK

781 B

URL GET HTTP/3
fonts.googleapis.com/css?family=Poppins:wght@300;400;500;600;700&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (799), with no line terminators
Size
781 B (781 bytes)
Hash
f2734c367eb54d2729867445e0ea79a8
18f8b32901dae48bedc55cc12baca116e56e6bb7
d5f6fe55368116052648d76167ba4c103db2e0e52680340cd0cb014d3f6cf1d4

HTTP Headers

GET /css?family=Poppins:wght@300;400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 07:23:16 GMT
date: Thu, 18 Apr 2024 07:23:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

afnyfiexpecttha.info/popunder.gif

188.114.97.1

200 OK

35 B

URL GET HTTP/3
afnyfiexpecttha.info/popunder.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerLet's Encrypt
Subjectafnyfiexpecttha.info
Fingerprint6B:ED:1A:88:9C:57:2B:90:45:C1:12:0F:50:A2:BE:77:05:42:3A:DB
ValiditySun, 31 Mar 2024 11:28:54 GMT - Sat, 29 Jun 2024 11:28:53 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: afnyfiexpecttha.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 07:23:15 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 47756
last-modified: Wed, 17 Apr 2024 18:07:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uUpM%2FCZ2bpsO%2FBMDgDzn01YqRzk090LGpzCRjBHk22jphziFjygEvn2krPOoAOFZZ8ZDUg88draK5GlOavIhn13f9iQi54bPcygD0RDYxuI5JgPCSKYFlxgId5uR23PcKSQSNa3d1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8762e890ba1bb52d-OSL
alt-svc: h3=":443"; ma=86400

stownrusis.com/s?xGRB

172.67.174.33

200 OK

96 kB

URL User Request GET HTTP/2
stownrusis.com/s?xGRB
IP
172.67.174.33:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectstownrusis.com
Fingerprint30:C8:89:AC:75:9B:91:EB:F9:13:4C:D7:D0:72:E4:2F:8B:B7:87:39
ValiditySun, 31 Mar 2024 11:48:50 GMT - Sat, 29 Jun 2024 11:48:49 GMT

File type
HTML document, ASCII text, with very long lines (61004)
Size
96 kB (95670 bytes)
Hash
fdf9ecd2590b5c29dfb0dddb40fc4aa1
bb9f54faa9c39c0eba78bd749eafc3551d38542c
d2068139d5067dd702fb7b1b9d707a8ec4c9b329669de78981d8b999af0df65f

HTTP Headers

GET /s?xGRB HTTP/1.1
Host: stownrusis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:23:14 GMT
content-type: text/html
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST, GET, OPTIONS, HEAD
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O8be%2FNTjnXz7qjTp8rb9a%2FUGfJnbjLtqOgLTQEUthK8%2FLTbkfm9ZUfjCgLKUcWN0clq8tXcU5t33YrTcFgmTl0B13WmW8jP4lGe5yMjZtovhbM7MMAP2PZ1sAQrFtP%2BjTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8762e886fc8f56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

d1wzdj81h1hubn.cloudfront.net/6232cc06638526056f6a5687fa1c1626fe2e93c2c212d1fad32776563d7a3fdd.jpg

54.230.241.226

200 OK

56 kB

URL GET HTTP/2
d1wzdj81h1hubn.cloudfront.net/6232cc06638526056f6a5687fa1c1626fe2e93c2c212d1fad32776563d7a3fdd.jpg
IP
54.230.241.226:443
ASN
#16509 AMAZON-02

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3
Size
56 kB (56060 bytes)
Hash
bda9a9eb6062a57499f6e09aaaa87bff
7f22300e1260864ce5f92aa91b3b57eb1c2e5832
8571a5cc7330321121866d654968f9450e19a8e994543d361d2b900357f66636

HTTP Headers

GET /6232cc06638526056f6a5687fa1c1626fe2e93c2c212d1fad32776563d7a3fdd.jpg HTTP/1.1
Host: d1wzdj81h1hubn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://stownrusis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 56060
last-modified: Sun, 14 Apr 2024 23:03:48 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 18 Apr 2024 06:14:45 GMT
etag: "bda9a9eb6062a57499f6e09aaaa87bff"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gLHCSTh_O-GJAcEv6ylaOl0jRE9OimgE5emIZJNWe2X-uqAn5jWosQ==
age: 8232
X-Firefox-Spdy: h2

pogothere.xyz/

188.114.96.1

200 OK

26 B

URL GET HTTP/2
pogothere.xyz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://stownrusis.com/s?xGRB
Certificate
IssuerGoogle Trust Services LLC
Subjectpogothere.xyz
Fingerprint34:D3:33:F8:49:E2:1E:3E:44:A8:5D:74:68:9C:B8:A0:D5:F8:DD:0B
ValidityWed, 27 Mar 2024 02:15:30 GMT - Tue, 25 Jun 2024 02:15:29 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
874c4f3639a8b742d4e39fd45572ef67
c495e9e3644f92fbebeab012215de27fc39290fa
e66b37fe1588e2cefcab1ac81d46c31a611f4032b7dd8726ea1c988865425ef9

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://stownrusis.com/
Origin: https://stownrusis.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 07:23:15 GMT
content-type: text/plain
set-cookie: csu=640208331802348@1@1713424995; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://stownrusis.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2gaLIqy1b%2Bflay55r%2F3gUfXMV5%2BaeddMYvR0tONeg2520GCSfxd2zClqJqWvAC6Zv7z3a%2FcCodgza3FrrAqH6fpsemlNFnxD9tBHfC5HxKHil95z05RWiZfQoL5356QK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8762e88e8b6e5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type