Report - auesk.cfd/?aD1mNmM2OWMzYjBiZDJmNTIwZWM3MjZjMjNiZGY0Mjk3ZCZ1c2VyPTE3MyZzaWQ9NzImdHlwZT1jJmFkY29kZT0yJnRtcD01&file=G-RJ01154297-v24.03.31.rar

Report Overview

Submitted URL
auesk.cfd/?aD1mNmM2OWMzYjBiZDJmNTIwZWM3MjZjMjNiZGY0Mjk3ZCZ1c2VyPTE3MyZzaWQ9NzImdHlwZT1jJmFkY29kZT0yJnRtcD01&file=G-RJ01154297-v24.03.31.rar
IP
104.21.7.132
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 08:18:44
Access
public
Website Title
rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT
Final URL
rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ey18yuot4.xyz	unknown	2023-10-23	2023-10-23	2024-04-17	2.6 kB	14 kB	172.67.155.160
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	389 B	1.6 kB	142.250.74.74
rdtyucf.xyz	unknown	unknown	No data	No data	1.6 kB	63 kB	172.67.175.124
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	546 B	16 kB	142.250.74.163
freeiconshop.com	unknown	2015-04-29	2015-05-30	2024-03-28	418 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	rdtyucf.xyz	Sinkholed
2024-05-04	medium	rdtyucf.xyz	Sinkholed
2024-05-04	medium	rdtyucf.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT	0 B	2023-03-07	2024-05-18
Pretty URL rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT IP 172.67.175.124 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 06:37:27 Times Seen37771683 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	rdtyucf.xyz/new/js/jquery.js	88 kB	2023-03-07	2024-05-16
Pretty URL rdtyucf.xyz/new/js/jquery.js IP 172.67.175.124 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:27 Last Seen2024-05-16 00:29:01 Times Seen194 Hash b4d0f8d3f1e17a37e8f669569aea4cb7 908825421e02011e4fb4915d0ba80d39ccb1fc94 6fdf878caa6115ab88f270d81cfdbccbaa93935924bb9d015b0c4cf4a1d483db Loading...

HTTP Transactions (11)

URL IP Response Size

ey18yuot4.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.155.160

302 Found

0 B

URL GET HTTP/3
ey18yuot4.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.155.160:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
Certificate
IssuerGoogle Trust Services LLC
Subjectey18yuot4.xyz
Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47
ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Sat, 04 May 2024 08:18:20 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XkpjpLVls9fkxefPMRH1NaKogOPY2b7sKEm961HkGcUfqR%2BO%2B6rerEvvtQPSqOqlBPPcx7lFY2XcT18ufIUV8qwdyWoe%2B2bvd9%2BIxotAXUOwNuDWZrroZWqRBXU0UBbf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e70f3c0a6fb515-OSL
alt-svc: h3=":443"; ma=86400

ey18yuot4.xyz/cdn-cgi/challenge-platform/h/g/jsd/r/87e70f377b4a5696

172.67.155.160

200 OK

0 B

URL POST HTTP/3
ey18yuot4.xyz/cdn-cgi/challenge-platform/h/g/jsd/r/87e70f377b4a5696
IP
172.67.155.160:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
Certificate
IssuerGoogle Trust Services LLC
Subjectey18yuot4.xyz
Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47
ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/87e70f377b4a5696 HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12284
Origin: https://ey18yuot4.xyz
DNT: 1
Connection: keep-alive
Referer: https://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 08:18:20 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=ZVRvYu1QuJsk6KqrSsORHBMvZFJlBnqyCTALBuD5k.I-1714810700-1.0.1.1-4Gs2cqsr4uCDv6Ta5KV7R60BJ5xV6he1gX_P47yN2wOBWeaQ8j50v31NrmA5H3CWEA9VvgIN4XSEWOTcBuh36A; path=/; expires=Sun, 04-May-25 08:18:20 GMT; domain=.ey18yuot4.xyz; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NbzE73a6pCxcPnyGz6mPgwgztSmXQcAMWJv5JDWpolX9Z3xj5cwH%2FT1rZsVUe3vcKhhpWq1ytOqUtCkOVaJpfl%2Fc%2BA93W3JZmvzcBo4wiUOLCNWbUN1xMlYhkiF%2B7pUY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e70f3d4bafb515-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Asap

142.250.74.74

200 OK

928 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Asap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
928 B (928 bytes)
Hash
a098abcc56e230b47813263f15799f54
7775f72e232b0b48baa4517dee8d032d147d1c10
41aa708e524049f0f0366bad1fe9824bf64b86104126150ad15a2a6e1218cabe

HTTP Headers

GET /css?family=Asap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 08:18:24 GMT
date: Sat, 04 May 2024 08:18:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rdtyucf.xyz/new/js/jquery.js

172.67.175.124

200 OK

47 kB

URL GET HTTP/3
rdtyucf.xyz/new/js/jquery.js
IP
172.67.175.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT
Certificate
IssuerLet's Encrypt
Subjectrdtyucf.xyz
Fingerprint99:AD:05:9B:12:D8:BA:DE:36:6D:D3:0C:47:BC:7C:33:3D:3A:F2:4F
ValiditySat, 27 Apr 2024 18:35:37 GMT - Fri, 26 Jul 2024 18:35:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
47 kB (46743 bytes)
Hash
b4d0f8d3f1e17a37e8f669569aea4cb7
908825421e02011e4fb4915d0ba80d39ccb1fc94
6fdf878caa6115ab88f270d81cfdbccbaa93935924bb9d015b0c4cf4a1d483db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /new/js/jquery.js HTTP/1.1
Host: rdtyucf.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=38b2b0dcdb92ef8846627dc716590a69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 08:18:24 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=88145
last-modified: Fri, 15 Oct 2021 19:37:00 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVN5JkMI55m8MCtqZCJiTGAm7lNf8zGh1UXfQm4FkMncA57jwwzNSZ6CCfAfZy4sQanbziqNzfuv5aANT%2BOeWqGAJfMyEPwPwzk7JO5tFHN7a7chrRDO%2BFoYkUdIXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e70f54ee31569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rdtyucf.xyz/favicon.ico

172.67.175.124

404 Not Found

9.1 kB

URL GET HTTP/3
rdtyucf.xyz/favicon.ico
IP
172.67.175.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT
Certificate
IssuerLet's Encrypt
Subjectrdtyucf.xyz
Fingerprint99:AD:05:9B:12:D8:BA:DE:36:6D:D3:0C:47:BC:7C:33:3D:3A:F2:4F
ValiditySat, 27 Apr 2024 18:35:37 GMT - Fri, 26 Jul 2024 18:35:36 GMT

File type
HTML document, ASCII text, with no line terminators
Size
9.1 kB (9139 bytes)
Hash
3dea6e4a74ae5c8a6b8dd3bae0de6081
0b2672db2629a86272ca21084220113c548195db
6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rdtyucf.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=38b2b0dcdb92ef8846627dc716590a69
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sat, 04 May 2024 08:18:25 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PjZEThKK%2FhX6a%2BOiDkPi5s2clmXP7zmgirlUYBgct1%2BE9f27x9X5Fdjnt1DN64owOqn0CBfbFjtP8SnpDSFTwKH4uxQqDKljEf69mKDv8IdVblYc5QgaOruviUajzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e70f5a1b58569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/asap/v30/KFOOCniXp96a4Tc2DaTeuDAoKsE617JFc49knOIYdjTYkqUcKWmW.woff2

142.250.74.163

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/asap/v30/KFOOCniXp96a4Tc2DaTeuDAoKsE617JFc49knOIYdjTYkqUcKWmW.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15036, version 1.0
Size
15 kB (15036 bytes)
Hash
7e2ecfd75a716509f6860fed1d4619ad
4bcc7d99f712b2be0599c5709c6254685f05b3f8
a07a2e0ca3402a2df11bd4b5144e81fd31709101d9a72ea0e27b48828a23f559

HTTP Headers

GET /s/asap/v30/KFOOCniXp96a4Tc2DaTeuDAoKsE617JFc49knOIYdjTYkqUcKWmW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rdtyucf.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:11:08 GMT
expires: Fri, 02 May 2025 02:11:08 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Jun 2023 20:38:31 GMT
content-type: font/woff2
age: 194836
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

freeiconshop.com/wp-content/uploads/edd/android-flat.png

0.0.0.0

0 B

URL GET
freeiconshop.com/wp-content/uploads/edd/android-flat.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/uploads/edd/android-flat.png HTTP/1.1
Host: freeiconshop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13

172.67.155.160

200 OK

2.5 kB

URL User Request POST HTTP/2
ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
IP
172.67.155.160:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectey18yuot4.xyz
Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47
ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT

File type
JavaScript source, ASCII text, with very long lines (2577), with no line terminators
Size
2.5 kB (2481 bytes)
Hash
f19430779f87453d6aa0f1cc687a6441
8882138b55ba7328b8695b1c8e18014860b1c47f
c31ace8c203ea6381ff3276d92c2d627af3779e00bbc3d8f55ba413bb49b64f3

HTTP Headers

POST /?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13 HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 95
Origin: https://auesk.cfd
DNT: 1
Connection: keep-alive
Referer: https://auesk.cfd/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:18:20 GMT
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z2Uf3DwChkY9kJAvrG0LP6GAQnz4pjJ%2B7IIoZxjaCLfbeVXxiMhZTqyciLRdFonNM%2BqmfQruYX8tQsJ2iCxBmUZWWafcWpHqTSZsJmY9dJ%2FI0VPPBvmwWg297hsh1H1c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e70f377b4a5696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ey18yuot4.xyz/favicon.ico

172.67.155.160

404 Not Found

236 B

URL GET HTTP/3
ey18yuot4.xyz/favicon.ico
IP
172.67.155.160:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
Certificate
IssuerGoogle Trust Services LLC
Subjectey18yuot4.xyz
Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47
ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
236 B (236 bytes)
Hash
3dea6e4a74ae5c8a6b8dd3bae0de6081
0b2672db2629a86272ca21084220113c548195db
6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 04 May 2024 08:18:20 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5syifl1bwUBB6SYFlbnExsCs2TFUnP%2F6YN1pd9IgogeFxo5CL%2B4MvVC7HoQJKxdS3hqIbKShVaNgdIIAFG3extXEmY2gBfISF2%2Bvz7jkNzNisuz%2B9xv0Xq%2BpzuNcpyom"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e70f3bfa6eb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ey18yuot4.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js

172.67.155.160

200 OK

7.8 kB

URL GET HTTP/3
ey18yuot4.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
IP
172.67.155.160:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
Certificate
IssuerGoogle Trust Services LLC
Subjectey18yuot4.xyz
Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47
ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT

File type
JavaScript source, ASCII text, with very long lines (7797), with no line terminators
Size
7.8 kB (7797 bytes)
Hash
31a651cd95fb00d6202879c827d6972c
c162e6e69f169a93de1ebada3b066c0916e585a6
cccdaab75ad97da2880a5b7edd3282dd5ec170948358aa208051569b0a103d4e

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 08:18:20 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
content-encoding: br
x-content-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GnU0Ej8Lv17A6d5iKN0h3jl18voVJcWTXnad%2FhqgrGAqhee2y7SB2YglHnt3JawzIQ%2FnxW7lzhhL%2BHt6yYHCmurE%2FOtm5EIiW2msVtPb2bw7%2FkaK5ZMhR%2BgrAG6TGotr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e70f3c3a9bb515-OSL
alt-svc: h3=":443"; ma=86400

rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT

172.67.175.124

200 OK

4.7 kB

URL User Request POST HTTP/2
rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT
IP
172.67.175.124:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectrdtyucf.xyz
Fingerprint99:AD:05:9B:12:D8:BA:DE:36:6D:D3:0C:47:BC:7C:33:3D:3A:F2:4F
ValiditySat, 27 Apr 2024 18:35:37 GMT - Fri, 26 Jul 2024 18:35:36 GMT

File type
HTML document, ASCII text, with very long lines (5039), with no line terminators
Size
4.7 kB (4651 bytes)
Hash
fceadbdca82a7d9982b0e8e6914f9f1d
5a6341a69e374697263f01ec7fe07b26e0d3c70c
54428a7bd0ee8f11b4ef6b6ffb210b7b65535d6f9f63e53e6de690f9cafe3629

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT HTTP/1.1
Host: rdtyucf.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Origin: https://ey18yuot4.xyz
DNT: 1
Connection: keep-alive
Referer: https://ey18yuot4.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 08:18:24 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=38b2b0dcdb92ef8846627dc716590a69; path=/; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2F8PMQe7dnjPdJUmMsGVuwQUIe6E5%2Fob7jCOeK2ozDJA7A379qwg08hsmvsK1BiJI0ReKNbN5DEsINy17VulyvQx2v9S7JnNd5W%2FKlrC7FzQYPscUU6sxY5yvG1VA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e70f50ceb656c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP