Overview

URL zutzt67dcxr6mxcn.onion.to/9B4B-4597-3DD3-0006-4E9C?iframe
IP185.100.85.150
ASNAS200651 FlokiNET ehf
Location Romania
Report completed2018-08-20 21:01:59 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-08-20 21:01:18 CEST 1  185.100.85.150 Client IP ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert (2)
2018-08-20 21:01:17 CEST 1 Client IP  185.100.85.150 ET CNC Ransomware Tracker Reported CnC Server group 23


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-08-20 2 zutzt67dcxr6mxcn.onion.to/antanistaticmap/tor2web.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 185.100.85.150

Date UQ / IDS / BL URL IP
2018-09-06 01:23:29 +0200
0 - 2 - 0 i3ezlvkoi7fwyood.tor2web.org/ 185.100.85.150
2018-09-03 07:22:22 +0200
0 - 2 - 0 https://wayawaytcl3k66fl.onion.to 185.100.85.150
2018-08-25 05:19:20 +0200
0 - 4 - 0 cerberhhyed5frqa.onion.to/2EF7-BC07-2290-0000-0FBB 185.100.85.150
2018-08-25 05:19:14 +0200
0 - 2 - 0 cerberhhyed5frqa.onion.to/61F4-D5BC-F243-26E6-E977 185.100.85.150
2018-08-25 05:13:11 +0200
0 - 1 - 0 cerberhhyed5frqa.onion.to/53ED-E50F-B231-0000-0090 185.100.85.150
2018-08-25 05:11:57 +0200
0 - 5 - 0 cerberhhyed5frqa.onion.to/D3C7-EE8C-64E0-0000-0CC5 185.100.85.150
2018-08-25 04:17:10 +0200
0 - 1 - 0 zubrrotzdg2m2uy7.onion.to/ 185.100.85.150
2018-08-22 21:59:33 +0200
0 - 2 - 0 twbers4hmi6dc65f.tor2web.org/ 185.100.85.150
2018-08-20 21:55:10 +0200
0 - 2 - 0 onion.to/ 185.100.85.150
2018-08-20 03:02:07 +0200
0 - 3 - 0 cerberhhyed5frqa.onion.to/101D-B810-A459-0000 (...) 185.100.85.150

Last 10 reports on ASN: AS200651 FlokiNET ehf

Date UQ / IDS / BL URL IP
2018-09-06 01:23:29 +0200
0 - 2 - 0 i3ezlvkoi7fwyood.tor2web.org/ 185.100.85.150
2018-09-06 00:04:10 +0200
0 - 1 - 0 https://onedriveai.pw/?verify=office-login 185.100.85.10
2018-09-03 07:22:22 +0200
0 - 2 - 0 https://wayawaytcl3k66fl.onion.to 185.100.85.150
2018-09-02 07:57:11 +0200
0 - 1 - 0 https://onedriveai.pw/?verify=office-login 185.100.85.10
2018-08-25 05:19:20 +0200
0 - 4 - 0 cerberhhyed5frqa.onion.to/2EF7-BC07-2290-0000-0FBB 185.100.85.150
2018-08-25 05:19:14 +0200
0 - 2 - 0 cerberhhyed5frqa.onion.to/61F4-D5BC-F243-26E6-E977 185.100.85.150
2018-08-25 05:13:11 +0200
0 - 1 - 0 cerberhhyed5frqa.onion.to/53ED-E50F-B231-0000-0090 185.100.85.150
2018-08-25 05:11:57 +0200
0 - 5 - 0 cerberhhyed5frqa.onion.to/D3C7-EE8C-64E0-0000-0CC5 185.100.85.150
2018-08-25 04:17:10 +0200
0 - 1 - 0 zubrrotzdg2m2uy7.onion.to/ 185.100.85.150
2018-08-23 22:33:07 +0200
0 - 3 - 0 onedrivead.pw/?view\=new-signin 185.100.85.10

No other reports on domain: onion.to



JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (7)


Request Response
                                        
                                            GET /9B4B-4597-3DD3-0006-4E9C?iframe HTTP/1.1 
Host: zutzt67dcxr6mxcn.onion.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.100.85.150
HTTP/1.1 302 Found
                                        
Transfer-Encoding: chunked
Location: https://zutzt67dcxr6mxcn.onion.to/9B4B-4597-3DD3-0006-4E9C?iframe


--- Additional Info ---
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 20 Aug 2018 19:01:18 GMT
Content-Length: 1523
Connection: keep-alive
Set-Cookie: __cfduid=d9f97520beab5473f7164adc8ef776a531534791678; expires=Tue, 20-Aug-19 19:01:18 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Mon, 20 Aug 2018 18:45:25 GMT
Expires: Fri, 24 Aug 2018 18:45:25 GMT
Etag: "530ad3555b79ba168a071dbccdc12397e27376cd"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 44d71b94f5a8427f-OSL


--- Additional Info ---
Magic:  data
Size:   1523
Md5:    ced2e7f96e3af86c3499508be455775a
Sha1:   530ad3555b79ba168a071dbccdc12397e27376cd
Sha256: 8287d8754b8d2762c710d7a1efe0e1a371dba09fb3ea48d9ddb45e20a29bb335
                                        
                                            GET /9B4B-4597-3DD3-0006-4E9C?iframe HTTP/1.1 
Host: zutzt67dcxr6mxcn.onion.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         185.100.85.150
HTTP/1.1 500 Internal Server Error
                                        
Content-Length: 424
X-Check-Tor: false
X-Robots-Tag: noindex
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   424
Md5:    9d328f5bec94182678b0dabb5b995ff7
Sha1:   b90bc7b3f8eab07fa7db30f20c03ba6283e98bb0
Sha256: 0fbeaa5fd4081031c5d1bc7bc5a3eb9cfc1d20d627d20bbf8e8b068a9ac8a33f
                                        
                                            GET /antanistaticmap/tor2web.js HTTP/1.1 
Host: zutzt67dcxr6mxcn.onion.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://zutzt67dcxr6mxcn.onion.to/9B4B-4597-3DD3-0006-4E9C?iframe

                                         
                                         185.100.85.150
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 2289
X-Check-Tor: false
X-Robots-Tag: noindex
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2289
Md5:    ce8a3dfdc1654c6f4e2d6044316468b9
Sha1:   953c67c099ff317c8cf4730f48434ec7f7a4475e
Sha256: b866b570a9320fa8996bdda57c384f6670483a73f5ac97f34d27445b87df88b6

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /antanistaticmap/tor2web.css HTTP/1.1 
Host: zutzt67dcxr6mxcn.onion.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://zutzt67dcxr6mxcn.onion.to/9B4B-4597-3DD3-0006-4E9C?iframe

                                         
                                         185.100.85.150
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 472
X-Check-Tor: false
X-Robots-Tag: noindex
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   472
Md5:    4d5e555748a7a735567497f001a857ae
Sha1:   ef66502215667c86b16a24ec2cbcb330492ca819
Sha256: 67b2e114846c7d85cdcd49b269a8d878396613b07464ddf5d92407e978759f3a
                                        
                                            GET /antanistaticmap/tor2web.png HTTP/1.1 
Host: zutzt67dcxr6mxcn.onion.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://zutzt67dcxr6mxcn.onion.to/9B4B-4597-3DD3-0006-4E9C?iframe

                                         
                                         185.100.85.150
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 10291
X-Check-Tor: false
X-Robots-Tag: noindex
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10291
Md5:    c65a8220083dd9ce4edced93c36bb928
Sha1:   8db7206ba55a2892e059eb7fc318beb8e47b9a8c
Sha256: fcf985f689fd36b307c341b7e126c608b6bf2460f443556171cfa25dd854579e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: zutzt67dcxr6mxcn.onion.to
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         0.0.0.0
                                        


--- Additional Info ---