{"report_id":"094a10f5-fd37-4662-bf91-8dc0d78aaae6","version":6,"status":"done","tags":[],"date":"2025-03-25T09:49:02Z","url":{"schema":"http","addr":"yfdpco.com/sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7","fqdn":"yfdpco.com","domain":"yfdpco.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":0,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"final":{"url":{"schema":"http","addr":"yfdpco.com/sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7","fqdn":"yfdpco.com","domain":"yfdpco.com","tld":"com"},"title":"yfdpco.com/sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-03T09:49:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"yfdpco.com","ip":{"addr":"208.91.196.46","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-03-03","domain_rank":0,"first_seen":"2025-03-18T08:32:39.216281Z","last_seen":"2025-03-18T08:32:39.216281Z","alert_count":3,"request_count":3,"received_data":2570,"sent_data":1873,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"yfdpco.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"yfdpco.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"yfdpco.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"yfdpco.com/sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7","fqdn":"yfdpco.com","domain":"yfdpco.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-25T09:48:40.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"yfdpco.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 03 Mar 2025 16:23:29 GMT","end":"Sun, 01 Jun 2025 16:23:28 GMT"},"fingerprint":{"sha1":"11:27:A7:25:C2:B3:A2:D1:26:CC:50:AF:91:B3:7E:94:9B:1C:B6:C3","sha256":"54:CD:21:99:46:93:DC:B2:C6:D6:DF:D1:BA:CF:AC:07:71:C9:25:E6:D6:5B:84:EE:1E:E9:BA:4D:FD:31:2C:ED"}}},"request":{"raw":"GET /sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7 HTTP/1.1\r\nHost: yfdpco.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 25 Mar 2025 09:48:36 GMT\r\nServer: Apache\r\nReferrer-Policy: no-referrer-when-downgrade\r\nAccept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nPermissions-Policy: ch-ua-platform-version=(\"https://dts.gnpge.com\"), ch-ua-model=(\"https://dts.gnpge.com\")\r\nContent-Length: 299\r\nKeep-Alive: timeout=5, max=67\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":299,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (329), with no line terminators","md5":"fa32b84534b7a1786b3857375da38504","sha1":"9a46fa9e5003b5e037ecd7335e52e79cec44ee78","sha256":"661f2dacf953cf949a97f907a72f1fc9dc24be706badf0d02d1a3effaef81216","sha512":"49639d2715434b09c2bdab60782bed017f03ba88588440bfd0f2ea8da00588e0c4bc7c643855c0baa9bd30989160ee27efc0d11adcb06c90fe1c054d3e03ffb7","ssdeep":"","tlshash":"2de0c22fa404700a6111cd6068e27b1747aeb60281b9194047e9026ed9ceafaccfbad4","first_seen":"2024-10-11T06:28:02Z","last_seen":"2025-04-05T07:21:45.65586Z","times_seen":84,"resource_available":false,"data":null}},"time_used":1359,"timings":{"blocked":446,"dns":50,"connect":130,"send":0,"wait":467,"receive":0,"ssl":263},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"yfdpco.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"yfdpco.com/sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7","fqdn":"yfdpco.com","domain":"yfdpco.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-25T09:48:42.046Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7 HTTP/1.1\r\nHost: yfdpco.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Tue, 25 Mar 2025 09:48:37 GMT\r\nServer: Apache\r\nReferrer-Policy: no-referrer-when-downgrade\r\nAccept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nPermissions-Policy: ch-ua-platform-version=(\"https://dts.gnpge.com\"), ch-ua-model=(\"https://dts.gnpge.com\")\r\nContent-Length: 299\r\nKeep-Alive: timeout=5, max=127\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":299,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (329), with no line terminators","md5":"59d757df8c482408f503730891773f3c","sha1":"5c55ba6a8071f306493040535b4ce17cc69505d7","sha256":"97f97033e3cb0c70d6edfd8482b7d0c420f798d6975871f5ecad24908b689a09","sha512":"ce4ceaafccc413571b91a4154b1355c89c0bab1b7e82d7bf59c0609f4f02111f2a707d09c767187c881b2e0ea0a15a0c88a1b7a4f8d29aa166348636c20b7133","ssdeep":"","tlshash":"02e0c22fa404700a6111cd6068e27b1647aeb60281b9194047e9026ed9ceaf6ccfbad4","first_seen":"2024-10-04T10:51:50.518725Z","last_seen":"2025-04-02T23:15:15.475344Z","times_seen":82,"resource_available":false,"data":null}},"time_used":1066,"timings":{"blocked":127,"dns":1,"connect":131,"send":0,"wait":806,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"yfdpco.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"yfdpco.com/favicon.ico","fqdn":"yfdpco.com","domain":"yfdpco.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"","requested_by":"http://yfdpco.com/sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7","date":"2025-03-25T09:48:43.110Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: yfdpco.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://yfdpco.com/sk-park.php?pid=9PO15V947\u0026dn=offfice.com\u0026ua=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/134.0.0.0+Safari/537.36\u0026requrl=http://offfice.com/\u0026al=en-US,en;q=0.9,te;q=0.8,kn;q=0.7\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 25 Mar 2025 09:48:38 GMT\r\nServer: Apache\r\nReferrer-Policy: no-referrer-when-downgrade\r\nAccept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nPermissions-Policy: ch-ua-platform-version=(\"https://dts.gnpge.com\"), ch-ua-model=(\"https://dts.gnpge.com\")\r\nContent-Length: 10\r\nKeep-Alive: timeout=5, max=110\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":10,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"ASCII text, with no line terminators","md5":"6608dd3e21ca3beabd4bdfa625a0b221","sha1":"e926d0f8694a4bc4013308afaca7af51e4c9fd9f","sha256":"c75eb01138771bfb2a5517aeae882356733782767c4560cc9601c34d2591ca75","sha512":"fb9a38c874cd26e779eaa5acfffccd3835620a41adbfe9b086c6a213bf0596f4f98823487f9c79b8f02f649b8b2e4d3232ffcb78106147b3ff671ed7809bbd51","ssdeep":"","tlshash":"f6500003000000003300000c000c0000c000c0000fcc0000300c000300300030000000","first_seen":"2023-04-05T09:28:17Z","last_seen":"2026-04-17T01:02:16.991407Z","times_seen":12381,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-03-25","alert":"Sinkholed","trigger":"yfdpco.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}