Report - shkdx.plaisnrf.net/

Report Overview

Visitedpublic

2025-04-12 17:59:12

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
ywisnajhzavd.com	unknown	2025-04-12	2025-04-12	2025-04-12	2.4 kB	470 kB	43.160.204.233
shkdx.plaisnrf.net	unknown	2025-04-04	2025-04-12	2025-04-12	475 B	1.0 kB	104.21.80.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-11	medium	shkdx.plaisnrf.net/	Apple Inc.
2025-04-12	medium	ywisnajhzavd.com/pearid/	Apple Inc.

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-12	medium	plaisnrf.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	ywisnajhzavd.com/pearid/assets/index-CC2ogHQk.js	ScriptElement	428 kB	2025-04-06	2025-05-02
URL ywisnajhzavd.com/pearid/assets/index-CC2ogHQk.js IP / ASN 43.160.204.233 #132203 Tencent Building, Kejizhongyi Avenue Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-06 Last Seen 2025-05-02 Times Seen 136 Size 428 kB (428022 bytes) MD5 3e8e4ebb235d82cbf421182c6cf9daf9 SHA1 6588f9ac94b8dd67ac4d64dc582bfc7e0b7fb488 SHA256 1abab28c7203dd691362bd4d8a9ac44558426e1a674c1c0f7aad93e40f5da197 Format Code Loading...

HTTP Transactions (6)

URL IP Response Size

GET ywisnajhzavd.com/pearid/assets/index-BoK4JfES.css

43.160.204.233

200 OK

17 kB

URL

ywisnajhzavd.com/pearid/assets/index-BoK4JfES.css

IP / ASN

43.160.204.233

#132203 Tencent Building, Kejizhongyi Avenue

Requested byhttps://ywisnajhzavd.com/pearid/

Resource Info

File typeASCII text, with very long lines (17417)

First Seen2025-04-06

Last Seen2025-05-02

Times Seen136

Size17 kB (17418 bytes)

MD5223c36f5f35461a25217a83f7a4da2b6

SHA148c6b1655e60b4b4a9bafc114e44a77ae150539a

SHA25665b5f1c5b28478b09dbdae12f24a13e9bbf45ee6bc525b11de101c74f2dfbf1a

Certificate Info

IssuerLet's Encrypt

Subjectywisnajhzavd.com

FingerprintE7:16:67:F3:87:92:3F:86:93:63:9A:0E:F2:55:93:95:D4:DA:3D:85

ValiditySat, 12 Apr 2025 03:38:13 GMT - Fri, 11 Jul 2025 03:38:12 GMT

HTTP Headers

GET /pearid/assets/index-BoK4JfES.css HTTP/1.1
Host: ywisnajhzavd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ywisnajhzavd.com/pearid/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.3
Date: Sat, 12 Apr 2025 17:58:53 GMT
Content-Type: text/css
Last-Modified: Sat, 05 Apr 2025 11:48:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"67f1187e-440a"
Expires: Mon, 12 May 2025 17:58:53 GMT
Cache-Control: max-age=2592000, public, max-age=2592000
Content-Encoding: gzip

GET ywisnajhzavd.com/pearid/assets/index-CC2ogHQk.js

43.160.204.233

200 OK

428 kB

URL

ywisnajhzavd.com/pearid/assets/index-CC2ogHQk.js

IP / ASN

43.160.204.233

#132203 Tencent Building, Kejizhongyi Avenue

Requested byhttps://ywisnajhzavd.com/pearid/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (44579)

First Seen2025-04-06

Last Seen2025-05-02

Times Seen136

Size428 kB (428022 bytes)

MD53e8e4ebb235d82cbf421182c6cf9daf9

SHA16588f9ac94b8dd67ac4d64dc582bfc7e0b7fb488

SHA2561abab28c7203dd691362bd4d8a9ac44558426e1a674c1c0f7aad93e40f5da197

Certificate Info

IssuerLet's Encrypt

Subjectywisnajhzavd.com

FingerprintE7:16:67:F3:87:92:3F:86:93:63:9A:0E:F2:55:93:95:D4:DA:3D:85

ValiditySat, 12 Apr 2025 03:38:13 GMT - Fri, 11 Jul 2025 03:38:12 GMT

HTTP Headers

GET /pearid/assets/index-CC2ogHQk.js HTTP/1.1
Host: ywisnajhzavd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ywisnajhzavd.com/pearid/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.3
Date: Sat, 12 Apr 2025 17:58:53 GMT
Content-Type: application/javascript
Last-Modified: Sat, 05 Apr 2025 11:48:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"67f1187e-687f6"
Expires: Mon, 12 May 2025 17:58:53 GMT
Cache-Control: max-age=2592000, public, max-age=2592000
Content-Encoding: gzip

POST ywisnajhzavd.com/open/visitors/info/createOrGetUserInfo

43.160.204.233

404 Not Found

9 B

URL

ywisnajhzavd.com/open/visitors/info/createOrGetUserInfo

IP / ASN

43.160.204.233

#132203 Tencent Building, Kejizhongyi Avenue

Requested byhttps://ywisnajhzavd.com/pearid/

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-02

Times Seen15777

Size9 B (9 bytes)

MD59d1ead73e678fa2f51a70a933b0bf017

SHA1d205cbd6783332a212c5ae92d73c77178c2d2f28

SHA2560019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

Certificate Info

IssuerLet's Encrypt

Subjectywisnajhzavd.com

FingerprintE7:16:67:F3:87:92:3F:86:93:63:9A:0E:F2:55:93:95:D4:DA:3D:85

ValiditySat, 12 Apr 2025 03:38:13 GMT - Fri, 11 Jul 2025 03:38:12 GMT

HTTP Headers

POST /open/visitors/info/createOrGetUserInfo HTTP/1.1
Host: ywisnajhzavd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 397
Origin: https://ywisnajhzavd.com
DNT: 1
Connection: keep-alive
Referer: https://ywisnajhzavd.com/pearid/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.26.3
Date: Sat, 12 Apr 2025 17:58:55 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: https://ywisnajhzavd.com
set-cookie: locale=en-us; path=/; max-age=31557600; expires=Sun, 12 Apr 2026 23:58:55 GMT

GET ywisnajhzavd.com/pearid/favicon.ico

43.160.204.233

200 OK

22 kB

URL

ywisnajhzavd.com/pearid/favicon.ico

IP / ASN

43.160.204.233

#132203 Tencent Building, Kejizhongyi Avenue

Requested byhttps://ywisnajhzavd.com/pearid/

Resource Info

File typeMS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

First Seen2023-04-12

Last Seen2025-08-01

Times Seen3284

Size22 kB (22382 bytes)

MD5891e510219786f543ca998282ed99f45

SHA119fe2ff6a2418bcb44b02308b998cef84199ee08

SHA256e4bdf72e2f803f7e19907c12f407ac7f7cd5f1f94bfd730b9be24b0d49191b48

Certificate Info

IssuerLet's Encrypt

Subjectywisnajhzavd.com

FingerprintE7:16:67:F3:87:92:3F:86:93:63:9A:0E:F2:55:93:95:D4:DA:3D:85

ValiditySat, 12 Apr 2025 03:38:13 GMT - Fri, 11 Jul 2025 03:38:12 GMT

HTTP Headers

GET /pearid/favicon.ico HTTP/1.1
Host: ywisnajhzavd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ywisnajhzavd.com/pearid/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.3
Date: Sat, 12 Apr 2025 17:58:55 GMT
Content-Type: image/x-icon
Content-Length: 22382
Last-Modified: Sat, 15 Mar 2025 12:18:26 GMT
Connection: keep-alive
ETag: "67d57012-576e"
Expires: Mon, 12 May 2025 17:58:55 GMT
Cache-Control: max-age=2592000, public, max-age=2592000
Accept-Ranges: bytes

GET shkdx.plaisnrf.net/

104.21.80.1

200 OK

206 B

URL

shkdx.plaisnrf.net/

IP / ASN

104.21.80.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2025-04-12

Last Seen2025-04-13

Times Seen25

Size206 B (206 bytes)

MD545f6e5fb82e348eb69ab15be3b8c879f

SHA1897c4276c285472a372209807c84d365b66a4e7c

SHA2563bbaa62e51a467e5c14a4f20a4356329ac10b22c0ee7324b5d2b974f11e1075d

Certificate Info

IssuerGoogle Trust Services

Subjectplaisnrf.net

Fingerprint52:E9:14:2E:45:2F:D2:50:DD:BF:45:A4:CB:76:B5:AC:AA:D2:1F:A6

ValidityFri, 04 Apr 2025 07:06:26 GMT - Thu, 03 Jul 2025 08:03:50 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Apple Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: shkdx.plaisnrf.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Apr 2025 17:58:51 GMT
content-type: text/html
last-modified: Sat, 12 Apr 2025 04:36:47 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QY2nBRkiH2sExpZawVLz0Rq5TchyCOoPeBjzRTFOI%2FX82OVLvLSkOgU5mT4jc6hymCTgjFBPtkXCYKEGJiM0LCuKQ4zRTwkY1tt9JtiI%2FehNmCfY88seD66t09zMjOBZlnBrdSU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92f49d356e9356a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1841&min_rtt=535&rtt_var=2673&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3180&recv_bytes=1119&delivery_rate=6798122&cwnd=253&unsent_bytes=0&cid=5d9f41f36e6043a4&ts=574&x=0"
X-Firefox-Spdy: h2

GET ywisnajhzavd.com/pearid/

43.160.204.233

200 OK

492 B

URL

ywisnajhzavd.com/pearid/

IP / ASN

43.160.204.233

#132203 Tencent Building, Kejizhongyi Avenue

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF, CR, LF line terminators

First Seen2025-04-07

Last Seen2025-05-02

Times Seen61

Size492 B (492 bytes)

MD52cefe66cfc725c684e2f0bdc4dbf1eba

SHA1711381590d67a4a7aadc974b78d6ed1204bbc0a8

SHA2567e4e3871a77229d980980de5b303177ea86c20c9cd13c42f57cd2d099e588f51

Certificate Info

IssuerLet's Encrypt

Subjectywisnajhzavd.com

FingerprintE7:16:67:F3:87:92:3F:86:93:63:9A:0E:F2:55:93:95:D4:DA:3D:85

ValiditySat, 12 Apr 2025 03:38:13 GMT - Fri, 11 Jul 2025 03:38:12 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Apple Inc.

HTTP Headers

GET /pearid/ HTTP/1.1
Host: ywisnajhzavd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.3
Date: Sat, 12 Apr 2025 17:58:52 GMT
Content-Type: text/html
Last-Modified: Sat, 05 Apr 2025 11:48:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"67f1187e-1ec"
Content-Encoding: gzip