Report - lap.6of5.top/?xt=XFWirWJk

Report Overview

Submitted URL
lap.6of5.top/?xt=XFWirWJk
IP
172.67.157.47
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 03:52:20
Access
public
Website Title
PMYP Prime Minister Laptop Scheme 2024 – Apply Online
Final URL
a50.xcwqd.shop/#1714103515908
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-25	858 B	69 kB	142.250.74.74
563cdn.com	unknown	2023-05-12	2023-05-12	2024-04-17	441 B	91 kB	188.114.97.1
tj.657g.xyz	unknown	2023-07-13	2023-12-07	2024-04-18	883 B	2.9 kB	188.114.96.1
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-04-25	1.2 kB	12 kB	14.215.183.79
a50.xcwqd.shop	unknown	unknown	No data	No data	958 B	28 kB	104.21.36.110

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-19	medium	tj.657g.xyz/	PayPal Inc.
2024-03-19	medium	tj.657g.xyz/	PayPal Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	96 kB	2023-03-07	2024-05-06
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 19:38:38 Times Seen47081 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	a50.xcwqd.shop/	2.6 kB	2024-04-18	2024-05-04
Pretty URL a50.xcwqd.shop/ IP 104.21.36.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 11:21:27 Last Seen2024-05-04 17:31:33 Times Seen14 Hash bcb1aaa49a20e7b1dc786cd06f7ac01d 0e6e845f89e45bdc0bee07fe087885701b07d2dd ce5ff23d4090423a12e6d03868deba69eb6dce3f3a31f2e80cf9b9a3c8fe7933 Loading...

	unknown	372 B	2024-04-26	2024-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-26 05:52:26 Last Seen2024-04-26 05:52:26 Times Seen1 Hash 03534fff07d941afb572900ef901b752 685bc18d0ed15812d69297db0ae64a44d8be8133 a4901e63580f761aa9aec8f8dc49426882fe637ac61753292469070302d94dd0 Loading...

	a50.xcwqd.shop/	345 B	2023-12-13	2024-05-04
Pretty URL a50.xcwqd.shop/ IP 104.21.36.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-13 18:56:14 Last Seen2024-05-04 17:31:33 Times Seen39 Hash ecffbe366e1b36e55da681315cda4e78 4932abca38dc9d841be2c4cd52207207b29c2714 214f1274f0b94b658764f6179e2de89e09de88248f35e3d9bf506ce9049c5a14 Loading...

	a50.xcwqd.shop/	228 B	2024-01-22	2024-05-04
Pretty URL a50.xcwqd.shop/ IP 104.21.36.110 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-22 18:55:06 Last Seen2024-05-04 17:31:33 Times Seen20 Hash 2768b69fa39beebc2afa7874bf5482e3 aff70fe363268c0b9d68b4580e998a68bf051c34 7a4a9bdcb8e68e6ad5628d6460333092224e7db0c7fa7425127050393238b580 Loading...

	unknown	316 B	2024-01-22	2024-05-04
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-01-22 00:15:49 Last Seen2024-05-04 17:31:33 Times Seen18 Hash f29d942572b68cc8c76d5067c2d4d6c6 6257f1620f626907778d0d10daf2211c9a52697f cbcb07a5ac544e58895e869208dfa323a5d304c1f2e10d190084f2b598356b9f Loading...

	unknown	37 B	2023-04-11	2024-05-06
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-05-06 05:43:26 Times Seen22291 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	tj.657g.xyz/js/script.js	1.3 kB	2023-05-22	2024-05-06
Pretty URL tj.657g.xyz/js/script.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 17:22:24 Last Seen2024-05-06 16:05:07 Times Seen3309 Hash abd4e2373b2e8c4dac2e80159641c5f1 e273656e58ca934d873204e68dd35670fde657ed 021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94 Loading...

	hm.baidu.com/hm.js?499e8c96f07e810d9e479117ebfaf473	30 kB	2024-04-26	2024-04-26
Pretty URL hm.baidu.com/hm.js?499e8c96f07e810d9e479117ebfaf473 IP 14.215.183.79 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:52:26 Last Seen2024-04-26 05:52:26 Times Seen2 Hash a54e0bd501f63c099fe3d111b49f2049 ef319fc922f5899c526db66e371fc5a37953cff6 01955e973fdddade27142af7522050876108968aa748677749b3be55a24c7e89 Loading...

HTTP Transactions (9)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

142.250.74.74

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://a50.xcwqd.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lap.6of5.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 Apr 2024 12:01:54 GMT
expires: Sun, 20 Apr 2025 12:01:54 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

142.250.74.74

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://a50.xcwqd.shop/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a50.xcwqd.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 Apr 2024 12:01:54 GMT
expires: Sun, 20 Apr 2025 12:01:54 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 489001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

563cdn.com/images/laptopfree.jpeg

188.114.97.1

200 OK

91 kB

URL GET HTTP/2
563cdn.com/images/laptopfree.jpeg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a50.xcwqd.shop/
Certificate
IssuerLet's Encrypt
Subject563cdn.com
Fingerprint9C:97:7F:B8:CE:1C:FD:45:D8:D6:47:6B:0E:AA:47:47:24:8E:7A:4E
ValidityWed, 10 Apr 2024 01:29:56 GMT - Tue, 09 Jul 2024 01:29:55 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1082x672, components 3
Size
91 kB (90602 bytes)
Hash
ad43c64a98ce069e008bd61dbd64f87e
c8882647f2bc82bcb66752ed094dd4d9e5c6ec4c
7887bebae5fca7fb2139245ab9ae67b401da166c6737367a98097b73b7db8dda

HTTP Headers

GET /images/laptopfree.jpeg HTTP/1.1
Host: 563cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a50.xcwqd.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:51:56 GMT
content-type: image/jpeg
content-length: 90602
etag: "ad43c64a98ce069e008bd61dbd64f87e"
last-modified: Wed, 24 Jan 2024 01:59:12 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e6%2BVhXPgMD1XRWlcUth34Pzdmz30znaYqb5LFDY%2BcVaHtn%2B2Mzoq5VJG2Q1LsbT6cezUU0FnfuVj%2B4SV6u3cpBHvmvZE3%2BmPEN%2B9KSCHyqjVyCw0Q6nebftexTih"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a39dfdeceb56a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tj.657g.xyz/api/event

188.114.96.1

202 Accepted

2 B

URL POST HTTP/3
tj.657g.xyz/api/event
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a50.xcwqd.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject657g.xyz
Fingerprint50:D6:E0:11:AD:45:D4:13:FA:D4:11:BC:81:A3:03:88:0B:91:49:F4
ValidityTue, 05 Mar 2024 08:51:58 GMT - Mon, 03 Jun 2024 08:51:57 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

POST /api/event HTTP/1.1
Host: tj.657g.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 104
Origin: https://a50.xcwqd.shop
DNT: 1
Connection: keep-alive
Referer: https://a50.xcwqd.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 202 Accepted
date: Fri, 26 Apr 2024 03:51:56 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: max-age=0, private, must-revalidate
x-request-id: F8m4MFdxZKT6qVUMsdZB
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f59v8uxaK5t1dYJ8KNGx3AcUO7LFPfTIFP3I31E6U2Xpo3G6Uy2u5ycP7b8vufELpa1oV6jwXjKvTsVyikz9VaPeaW7jcBLFoOWejrZPoFCme4l95Z36YQzw%2BZMcbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a39dfecc98b505-OSL
alt-svc: h3=":443"; ma=86400

hm.baidu.com/hm.js?499e8c96f07e810d9e479117ebfaf473

14.215.183.79

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?499e8c96f07e810d9e479117ebfaf473
IP
14.215.183.79:443
ASN
#4134 Chinanet

Requested by
https://a50.xcwqd.shop/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (619)
Size
11 kB (11257 bytes)
Hash
a54e0bd501f63c099fe3d111b49f2049
ef319fc922f5899c526db66e371fc5a37953cff6
01955e973fdddade27142af7522050876108968aa748677749b3be55a24c7e89

HTTP Headers

GET /hm.js?499e8c96f07e810d9e479117ebfaf473 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a50.xcwqd.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Fri, 26 Apr 2024 03:51:58 GMT
Etag: ca8f5a93b19ba4a307f6ca4f2cea7cbd
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=A759E479CB7CAA52; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1001639939&si=499e8c96f07e810d9e479117ebfaf473&su=https%3A%2F%2Flap.6of5.top%2F&v=1.3.0&lv=1&sn=35594&r=0&ww=1280&u=https%3A%2F%2Fa50.xcwqd.shop%2F%231714103515908&tt=PMYP%20Prime%20Minister%20Laptop%20Scheme%202024%20%E2%80%93%20Apply%20Online

14.215.183.79

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1001639939&si=499e8c96f07e810d9e479117ebfaf473&su=https%3A%2F%2Flap.6of5.top%2F&v=1.3.0&lv=1&sn=35594&r=0&ww=1280&u=https%3A%2F%2Fa50.xcwqd.shop%2F%231714103515908&tt=PMYP%20Prime%20Minister%20Laptop%20Scheme%202024%20%E2%80%93%20Apply%20Online
IP
14.215.183.79:443
ASN
#4134 Chinanet

Requested by
https://a50.xcwqd.shop/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1001639939&si=499e8c96f07e810d9e479117ebfaf473&su=https%3A%2F%2Flap.6of5.top%2F&v=1.3.0&lv=1&sn=35594&r=0&ww=1280&u=https%3A%2F%2Fa50.xcwqd.shop%2F%231714103515908&tt=PMYP%20Prime%20Minister%20Laptop%20Scheme%202024%20%E2%80%93%20Apply%20Online HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a50.xcwqd.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 26 Apr 2024 03:51:58 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=E3EB75AFF731EECF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

a50.xcwqd.shop/favicon.ico

104.21.36.110

404 Not Found

9.1 kB

URL GET HTTP/3
a50.xcwqd.shop/favicon.ico
IP
104.21.36.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a50.xcwqd.shop/
Certificate
IssuerLet's Encrypt
Subjectxcwqd.shop
Fingerprint16:C7:E1:7A:0F:C4:85:00:37:8B:B6:CA:BC:6F:BD:86:BF:F6:37:B1
ValiditySun, 24 Mar 2024 10:06:07 GMT - Sat, 22 Jun 2024 10:06:06 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
9.1 kB (9140 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a50.xcwqd.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a50.xcwqd.shop/
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 03:51:56 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvQloUP86MtyhYyGNo6tkelhB2JZSRLxcSrrYkCXjxQS0MpPTDQFqNs8jNnwWaImD5dgGsU4FGSJuAIB9g9Kv6zW6va7JrZiWVK49hGI%2FFUJgfU%2F3vD9PrTZuAnySt0Brg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a39e008a4a5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tj.657g.xyz/js/script.js

188.114.96.1

200 OK

1.3 kB

URL GET HTTP/2
tj.657g.xyz/js/script.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://a50.xcwqd.shop/
Certificate
IssuerGoogle Trust Services LLC
Subject657g.xyz
Fingerprint50:D6:E0:11:AD:45:D4:13:FA:D4:11:BC:81:A3:03:88:0B:91:49:F4
ValidityTue, 05 Mar 2024 08:51:58 GMT - Mon, 03 Jun 2024 08:51:57 GMT

File type
ASCII text, with very long lines (1384), with no line terminators
Size
1.3 kB (1346 bytes)
Hash
16cfd1982a40489c41a52add24d36b85
344f1896d895c5d0a7c4caecafcf1942603cd026
72073aacecd145e525b16c4c845c07bff5798e813eeed702dff748a18b6186ce

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /js/script.js HTTP/1.1
Host: tj.657g.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a50.xcwqd.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:51:55 GMT
content-type: application/javascript
cf-bgj: minify
expires: Fri, 26 Apr 2024 05:15:28 GMT
vary: Accept-Encoding
x-cache: HIT
access-control-allow-origin: *
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 38322
last-modified: Thu, 25 Apr 2024 17:13:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ezA5Qxc6Oo6acirZ7tce57X%2FfF%2BhmPXg%2BaIR%2B18RMDKzFCEyQ14MtHYoS3Q%2BxrMSvuxqjA7jUDec1UITNWfg1IZ1mIGC6G0qYEq5OdA0XPPVUcuxPr79gr2OfyDPZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a39dfddebf1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a50.xcwqd.shop/

104.21.36.110

200 OK

18 kB

URL User Request GET HTTP/2
a50.xcwqd.shop/
IP
104.21.36.110:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectxcwqd.shop
Fingerprint16:C7:E1:7A:0F:C4:85:00:37:8B:B6:CA:BC:6F:BD:86:BF:F6:37:B1
ValiditySun, 24 Mar 2024 10:06:07 GMT - Sat, 22 Jun 2024 10:06:06 GMT

File type

Size
18 kB (17913 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: a50.xcwqd.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lap.6of5.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:51:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: loclang=en; expires=Sat, 27-Apr-2024 03:51:55 GMT; Max-Age=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a6l3umMopgKRcOW28IxFXWgeHF2Rn89AYL%2FALfW9DfiTCwEiPy5kfa0a8AV4sEglaKCJWFozpmnca0Iik0E8aPyvWHAW4PPe9UMctLxnQadbz2pdM9CKQLLPbJ3st3wHqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a39dfc8cb5568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash