Report - femxa73e.cc/invite/i=37779

Report Overview

Visitedpublic

2024-07-07 12:41:43

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-06 18:12:32	1.6 kB	4.4 kB	23.33.119.57
femxa73e.cc	unknown	unknown	No data	No data	827 B	2.5 kB	104.21.83.40

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-07	medium	femxa73e.cc	Sinkholed
2024-07-07	medium	femxa73e.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-05

Last Seen2024-08-19

Times Seen40297

Size504 B (504 bytes)

MD5f63e8d9e64abf0e5b2784ca051160e84

SHA1d15d17504ed5c584ba42145060cf745fdb41c1d0

SHA256652ee033c72bc8eadcf29c25a5387bc303bf86e6c57f262c576117f659f15eab

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "652EE033C72BC8EADCF29C25A5387BC303BF86E6C57F262C576117F659F15EAB"
Last-Modified: Fri, 05 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5792
Expires: Sun, 07 Jul 2024 14:17:49 GMT
Date: Sun, 07 Jul 2024 12:41:17 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-07

Last Seen2024-08-19

Times Seen23660

Size504 B (504 bytes)

MD5abec3934929082bd707108b7042796da

SHA14f200b04ad1c6fcac9833107c492a59ebf36dc6e

SHA2568e27309b919c0dcb3b0736dd99dad8c7d3bc16b4816dd982e6af6b79d7ead9ed

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E27309B919C0DCB3B0736DD99DAD8C7D3BC16B4816DD982E6AF6B79D7EAD9ED"
Last-Modified: Sun, 07 Jul 2024 03:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5649
Expires: Sun, 07 Jul 2024 14:15:26 GMT
Date: Sun, 07 Jul 2024 12:41:17 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-05

Last Seen2024-08-19

Times Seen43182

Size504 B (504 bytes)

MD5508d0867e7982df7cfa6ad58e05ce470

SHA16f4e15b94e527d02e8dd38f8b69b493cfae84c56

SHA256376a5286b71a4a7e90b3eece9b39480f50435d5ef3c7793828481f590d04bc77

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "376A5286B71A4A7E90B3EECE9B39480F50435D5EF3C7793828481F590D04BC77"
Last-Modified: Thu, 04 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15632
Expires: Sun, 07 Jul 2024 17:01:50 GMT
Date: Sun, 07 Jul 2024 12:41:18 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-07

Last Seen2024-08-19

Times Seen17024

Size504 B (504 bytes)

MD5e430ff7defba95ef2e40c2a2623032a3

SHA14df33994f03cf02626fdfe9c6a51a71f5fea6058

SHA256ea2bc04f18953a2d203b059f541bf8bfcd32c63d67b8e1113d927453d8cc9a58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EA2BC04F18953A2D203B059F541BF8BFCD32C63D67B8E1113D927453D8CC9A58"
Last-Modified: Sun, 07 Jul 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11236
Expires: Sun, 07 Jul 2024 15:48:34 GMT
Date: Sun, 07 Jul 2024 12:41:18 GMT
Connection: keep-alive

GET femxa73e.cc/invite/i=37779

104.21.83.40

503 Service Unavailable

214 B

URL User Request GET HTTPS

femxa73e.cc/invite/i=37779

IP / ASN

104.21.83.40

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2023-05-25

Last Seen2024-11-19

Times Seen10

Size214 B (214 bytes)

MD59444dbea2ec4721b1b759dbcee3720f7

SHA1508244f125b4ea356be4848b82aee32b8acbce3f

SHA2569293720d3a29d567b28d6477c2c0c6664daa4040e8c19f03c18ea15a38b73cdf

Certificate Info

IssuerGoogle Trust Services

Subjectfemxa73e.cc

Fingerprint61:DF:03:9D:4A:66:60:22:CA:4F:28:2E:E5:02:5B:BE:45:CB:FA:3B

ValidityTue, 02 Jul 2024 11:39:36 GMT - Mon, 30 Sep 2024 11:39:35 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /invite/i=37779 HTTP/1.1
Host: femxa73e.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 503 Service Unavailable
date: Sun, 07 Jul 2024 12:41:18 GMT
content-type: text/html
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HLCAoq%2F1f3co5whHZ2GfA50tJu%2F4%2FaqNJGwmYxoorR1pkvJw1mvhilenD6XiBPd5n%2F1E2mV4e2OSZgGyVDAo35TYeU9UBYGGteR%2FaPNb0vnHkrkJqrN20a%2BrECu8iA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f7e871bdb2b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET femxa73e.cc/favicon.ico

104.21.83.40

200 OK

993 B

URL GET HTTP

femxa73e.cc/favicon.ico

IP / ASN

104.21.83.40

#13335 CLOUDFLARENET

Requested byhttp://femxa73e.cc/invite/i=37779

Resource Info

File typeHTML document, ASCII text, with very long lines (2706), with no line terminators

First Seen2024-07-06

Last Seen2024-08-19

Times Seen3

Size993 B (993 bytes)

MD5006fcff04c4deef4b6cb8ca7c83532ae

SHA151c9598590094feaa1e2dff124020bcde81f6bb4

SHA2567075ddbe521056839c9b1b97e1573b5d0ba777ba28896932e48f7b834a410058

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: femxa73e.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://femxa73e.cc/invite/i=37779
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 07 Jul 2024 12:41:18 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: STALE
Age: 31701
Last-Modified: Sun, 07 Jul 2024 03:52:57 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8BjqLyLOkw51B%2B1aVoU8rwDeoiBBzuVILeVha9y66pFOx9ilTXD2KA%2FGGn5rzoNHlcddNGr8U%2Bft5nmrxVkprFel6evIWeY5oSlndYkjG78Rfv%2Bi4aW7kLUhnPjWaA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89f7e874bfc6b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r10.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-05

Last Seen2024-08-19

Times Seen44889

Size504 B (504 bytes)

MD5861cce1bf441610f1dfbb14264d55122

SHA11596b2c44fcdb5f7a49c73da766e4ab48b6bd064

SHA256f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2"
Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17322
Expires: Sun, 07 Jul 2024 17:30:02 GMT
Date: Sun, 07 Jul 2024 12:41:20 GMT
Connection: keep-alive