Report - femxa73e.cc/invite/i=37779

Report Overview

Visited public
2024-07-07 12:41:43
Tags
URL
femxa73e.cc/invite/i=37779
Finishing URL
femxa73e.cc/invite/i=37779
IP / ASN
172.67.211.100
#13335 CLOUDFLARENET
Title
femxa73e.cc/invite/i=37779

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-06 18:12:32	1.6 kB	4.4 kB	23.33.119.57
femxa73e.cc	unknown	unknown	No data	No data	827 B	2.5 kB	104.21.83.40

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-07	medium	femxa73e.cc	Sinkholed
2024-07-07	medium	femxa73e.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f63e8d9e64abf0e5b2784ca051160e84
d15d17504ed5c584ba42145060cf745fdb41c1d0
652ee033c72bc8eadcf29c25a5387bc303bf86e6c57f262c576117f659f15eab

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "652EE033C72BC8EADCF29C25A5387BC303BF86E6C57F262C576117F659F15EAB"
Last-Modified: Fri, 05 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5792
Expires: Sun, 07 Jul 2024 14:17:49 GMT
Date: Sun, 07 Jul 2024 12:41:17 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
abec3934929082bd707108b7042796da
4f200b04ad1c6fcac9833107c492a59ebf36dc6e
8e27309b919c0dcb3b0736dd99dad8c7d3bc16b4816dd982e6af6b79d7ead9ed

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E27309B919C0DCB3B0736DD99DAD8C7D3BC16B4816DD982E6AF6B79D7EAD9ED"
Last-Modified: Sun, 07 Jul 2024 03:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5649
Expires: Sun, 07 Jul 2024 14:15:26 GMT
Date: Sun, 07 Jul 2024 12:41:17 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
508d0867e7982df7cfa6ad58e05ce470
6f4e15b94e527d02e8dd38f8b69b493cfae84c56
376a5286b71a4a7e90b3eece9b39480f50435d5ef3c7793828481f590d04bc77

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "376A5286B71A4A7E90B3EECE9B39480F50435D5EF3C7793828481F590D04BC77"
Last-Modified: Thu, 04 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15632
Expires: Sun, 07 Jul 2024 17:01:50 GMT
Date: Sun, 07 Jul 2024 12:41:18 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e430ff7defba95ef2e40c2a2623032a3
4df33994f03cf02626fdfe9c6a51a71f5fea6058
ea2bc04f18953a2d203b059f541bf8bfcd32c63d67b8e1113d927453d8cc9a58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EA2BC04F18953A2D203B059F541BF8BFCD32C63D67B8E1113D927453D8CC9A58"
Last-Modified: Sun, 07 Jul 2024 04:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11236
Expires: Sun, 07 Jul 2024 15:48:34 GMT
Date: Sun, 07 Jul 2024 12:41:18 GMT
Connection: keep-alive

femxa73e.cc/invite/i=37779

104.21.83.40

503 Service Unavailable

214 B

URL User Request GET HTTP/2
femxa73e.cc/invite/i=37779
IP
104.21.83.40:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectfemxa73e.cc
Fingerprint61:DF:03:9D:4A:66:60:22:CA:4F:28:2E:E5:02:5B:BE:45:CB:FA:3B
ValidityTue, 02 Jul 2024 11:39:36 GMT - Mon, 30 Sep 2024 11:39:35 GMT

File type
HTML document, ASCII text
Size
214 B (214 bytes)
Hash
9444dbea2ec4721b1b759dbcee3720f7
508244f125b4ea356be4848b82aee32b8acbce3f
9293720d3a29d567b28d6477c2c0c6664daa4040e8c19f03c18ea15a38b73cdf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /invite/i=37779 HTTP/1.1
Host: femxa73e.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 503 Service Unavailable
date: Sun, 07 Jul 2024 12:41:18 GMT
content-type: text/html
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HLCAoq%2F1f3co5whHZ2GfA50tJu%2F4%2FaqNJGwmYxoorR1pkvJw1mvhilenD6XiBPd5n%2F1E2mV4e2OSZgGyVDAo35TYeU9UBYGGteR%2FaPNb0vnHkrkJqrN20a%2BrECu8iA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f7e871bdb2b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

femxa73e.cc/favicon.ico

104.21.83.40

200 OK

993 B

URL GET HTTP/1.1
femxa73e.cc/favicon.ico
IP
104.21.83.40:80
ASN
#13335 CLOUDFLARENET

Requested by
http://femxa73e.cc/invite/i=37779

File type
HTML document, ASCII text, with very long lines (2706), with no line terminators
Size
993 B (993 bytes)
Hash
006fcff04c4deef4b6cb8ca7c83532ae
51c9598590094feaa1e2dff124020bcde81f6bb4
7075ddbe521056839c9b1b97e1573b5d0ba777ba28896932e48f7b834a410058

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: femxa73e.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://femxa73e.cc/invite/i=37779
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 07 Jul 2024 12:41:18 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: STALE
Age: 31701
Last-Modified: Sun, 07 Jul 2024 03:52:57 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8BjqLyLOkw51B%2B1aVoU8rwDeoiBBzuVILeVha9y66pFOx9ilTXD2KA%2FGGn5rzoNHlcddNGr8U%2Bft5nmrxVkprFel6evIWeY5oSlndYkjG78Rfv%2Bi4aW7kLUhnPjWaA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89f7e874bfc6b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
861cce1bf441610f1dfbb14264d55122
1596b2c44fcdb5f7a49c73da766e4ab48b6bd064
f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2"
Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17322
Expires: Sun, 07 Jul 2024 17:30:02 GMT
Date: Sun, 07 Jul 2024 12:41:20 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers