Report Overview
URL
e18.kiviotio.ru/Y3Jle7cp5@zKAM/$abc@rd.com
Finishing URL
e18.kiviotio.ru/exe34wtcatww?47b33086622f-3a7ae5e406240d9ea2c1af0497-1aa93cf859c86d5e34a24efbb0f32bee-14774a5ae5addafcf8dd7084cfc5-5d5ef089598d8b1bf93ca6d1b5f68452/
IP / ASN
104.21.85.117
Title
Phishing - Microsoft
Phishing - Tycoon Phishing Kit
Detections
urlquery
3
Network Intrusion Detection
0
Threat Detection Systems
2
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
cdnjs.cloudflare.com | 1222 | 2009-02-17 | 2012-05-23 | 2025-09-21 | 451 B | 62 kB | 104.17.24.14 |  |
e18.kiviotio.ru 76 alert(s) on this Host | unknown | 2025-08-28 | 2025-09-12 | 2025-09-12 | 43 kB | 1.5 MB | 104.21.85.117 | |
ipwhois.app | 48917 | 2020-06-10 | 2020-06-10 | 2025-09-22 | 954 B | 1.8 kB |  136.243.53.56 | |
h1smxsp.ceshootai.sa.com 2 alert(s) on this Host | unknown | unknown | No data | No data | 644 B | 1.2 kB | 172.67.161.18 | |
xhyw.frootriocre.za.com 1 alert(s) on this Host | unknown | 2025-09-18 | 2025-09-25 | 2025-09-25 | 456 B | 582 B | 104.21.74.186 | |
ajax.aspnetcdn.com | 21241 | 2010-10-12 | 2012-05-24 | 2025-09-21 | 438 B | 90 kB |  23.36.76.194 |
Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Related reports
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| DNS0 Zero | e18.kiviotio.ru | malicious | Sinkholed |
| Quad9 DNS | h1smxsp.ceshootai.sa.com | malicious | Sinkholed |
JavaScript (24)
| HASH | FROM | Size | First Seen | Last Seen | |
|---|---|---|---|---|---|
| a6fc8d1c7399e1cb2abb038ee956959b | DocumentWrite | 197 kB | 2025-09-25 | 2025-09-25 | |
Introduced by DocumentWrite First Seen 2025-09-25 Last Seen 2025-09-25 Times Seen 1 Size 197 kB (196786 bytes) MD5 a6fc8d1c7399e1cb2abb038ee956959b SHA1 18f04cb7884678945fe486c525ff97e63550b942 Loading... | |||||
| 9dbcb4dbf028b109bb5b06639bb1c30a | DocumentWrite | 42 kB | 2025-09-25 | 2025-09-25 | |
Introduced by DocumentWrite First Seen 2025-09-25 Last Seen 2025-09-25 Times Seen 1 Size 42 kB (41977 bytes) MD5 9dbcb4dbf028b109bb5b06639bb1c30a SHA1 4bc1e33fd5b71833067e890244d30adee2aadb7b Loading... | |||||
| c31375fd5485668f00dd50c7f9e1ef2e | DocumentWrite | 4.7 kB | 2025-09-25 | 2025-09-25 | |
Introduced by DocumentWrite First Seen 2025-09-25 Last Seen 2025-09-25 Times Seen 1 Size 4.7 kB (4669 bytes) MD5 c31375fd5485668f00dd50c7f9e1ef2e SHA1 7a1c2248f7376f5d52a5ad95d72ac342971b9731 Loading... | |||||
| a3207fc7ea31f8a4f4b3073dd62174bb | DocumentWrite | 354 kB | 2025-09-25 | 2025-09-25 | |
Introduced by DocumentWrite First Seen 2025-09-25 Last Seen 2025-09-25 Times Seen 1 Size 354 kB (353820 bytes) MD5 a3207fc7ea31f8a4f4b3073dd62174bb SHA1 bd6c6449431f362ef6125c909a35a4f03cc24506 Loading... | |||||
HTTP Transactions (39)
| URL | IP | Response | Size |
|---|