Report - www.google.co.ke/url?sa==rafqigacjrkrnnioqkowziyxaiusnluqeulymwebekupzxoc&rct=zolesnudazazmzgsjvwdvqzilxazcumsnbozxtjbwldgyqzgdzrrmmqlnmokqbxpnmciglrj&sa=t&url=amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0

Report Overview

Visited public
2024-11-20 22:23:11
Tags
URL
www.google.co.ke/url?sa==rafqigacjrkrnnioqkowziyxaiusnluqeulymwebekupzxoc&rct=zolesnudazazmzgsjvwdvqzilxazcumsnbozxtjbwldgyqzgdzrrmmqlnmokqbxpnmciglrj&sa=t&url=amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0
Finishing URL
znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net
IP / ASN
142.250.74.3
#15169 GOOGLE
Title

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.co.ke	31211	2003-04-17	2024-11-20	2024-11-20	1.7 kB	2.5 kB	142.250.74.3
soterpedregal.com	unknown	2024-10-11	2024-11-20	2024-11-20	452 B	257 B	172.93.120.11
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-11-20	5.1 kB	187 kB	104.18.95.41
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-11-20	439 B	15 kB	104.17.24.14
code.jquery.com	634	2005-12-10	2012-05-21	2024-11-20	411 B	32 kB	151.101.130.137
znv.ubinexkhl.com	unknown	2024-10-31	2024-11-20	2024-11-20	2.1 kB	36 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-11-20	medium	ubinexkhl.com	Sinkholed
2024-11-20	medium	ubinexkhl.com	Sinkholed
2024-11-20	medium	ubinexkhl.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (49)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07 01:02	2024-11-21 06:43
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2024-11-21 06:43 Times Seen139551 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	unknown	1.9 kB	2024-11-18 12:13	2024-11-21 01:39
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-18 12:13 Last Seen2024-11-21 01:39 Times Seen23 Hash 9aef5ea5e3775b6b764fda9a0c45b580 875e4086d396164245479b08aad314c5c1281696 f480b611b496268a856ab8678ea09335c000283b62cec96d859acb2475d33ca3 Loading...

	unknown	1.4 kB	2024-11-20 22:23	2024-11-20 22:23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 1f71ec86f66527a0c1a9c72bd9cb5e3f eb557d2c37b50bd8ccbc58cfa2c9adb237569a4e 1a70250cea0604c61b65bd75c58fd75022c0429ba014aafd5e2b2f15e9550ec4 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/	3.5 kB	2024-11-20 22:23	2024-11-20 22:23
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/ IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash c4a411b6f9c0ac3f3f3f74037fd03ebd faa9f44e214cc4d7aba883656b0c29c26dd7be02 ebf09d0a5688d277891e5229d1bc419349648382e6f7c61d7d3c2dd929bf4c4e Loading...

	znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net	20 kB	2024-11-20 22:23	2024-11-20 22:23
Pretty URL znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash c01c325d1bda8c38bccb8261d7ebc6c0 ccc062703548a2aecea330381c766652c72c32bb f7961dffbc05672c0fc16c0d1ba5712b9c265ddf5d86b12c57b675ffe3d2db7e Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	48 kB	2024-11-20 11:52	2024-11-21 06:36
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-20 11:52 Last Seen2024-11-21 06:36 Times Seen417 Hash 481edb6f4045f16980c920ccd9705105 d8cb40abc935dc65d25d83d8358f52ac88742f73 5f7c821eea52471a9bbb0397df6b77ee279505be05bb52aef00932989522d3c2 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e5bd73dab0b5684&lang=auto	113 kB	2024-11-20 22:23	2024-11-20 22:23
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e5bd73dab0b5684&lang=auto IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 826c6d8a37c4813de5765ed424211617 2c5e980a0fb06d0a344d0ef70c914385d69ed0bc e80932fd3a2271169ec6eea09aafffc503545224a45d1a1b436bc2d182e1aa0c Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	48 kB	2023-03-07 01:31	2024-11-21 06:18
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2024-11-21 06:18 Times Seen49004 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 6e580288cf850af8e0912d5fa59bb997	60 B	2024-11-20 11:52	2024-11-21 06:36
Pretty Observations First Seen2024-11-20 11:52 Last Seen2024-11-21 06:36 Times Seen420 Hash 6e580288cf850af8e0912d5fa59bb997 068f1952fb7d23589053d9b6d6a5297fa2791141 6db656d334064b4cd8b23cf57256d0b07cecd479bcd848ae65e075f3f604d394 Loading...

	#2 Eval - 9ae672a454f374dc29a384fe7673ad8f	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 9ae672a454f374dc29a384fe7673ad8f 1828594c7f8d5c3ebce08b6a07bd4786c8231927 7101edfcd8fa101a218a25c32cd9249ba735855b78aa42897bd3a5453d2cfde8 Loading...

	#3 Eval - 0c49d891fda81ca192ed34e76a14072c	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 0c49d891fda81ca192ed34e76a14072c afc5760ce9377adea264254b55100f55108946b6 f7800d750d77e138b60179af952da765916a2359723e299a3935f2aea4e8f88d Loading...

	#4 Eval - aa953e4f3bd5e76d35601379f74bd2e3	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash aa953e4f3bd5e76d35601379f74bd2e3 254fea5be50eebb29f5d2d3df119da78a5fcfb0f b1be8ac5fe398065245d3a44d65c30dc1891ad558102397cc82bc2a20d9c3eb5 Loading...

	#5 Eval - 693445fe1f86083ca0b4fb66725794a0	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 693445fe1f86083ca0b4fb66725794a0 41d2f529e5016f71c612b1e96cd55506f0381040 1596bd4e417abee72414fc77277b9d2f5df9a41611319a387643c4454e100fef Loading...

	#6 Eval - 8db4cd1a6988175eaaa9b2477a1a5016	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 8db4cd1a6988175eaaa9b2477a1a5016 12b3fdc4fc0dcb80f656bc2205a920cbf32565d1 d4343cfa6bdd1afd30fb7be4d36a3c02d96f0f28a8b7503c65a813b807ff3f24 Loading...

	#7 Eval - 3f05864fc9a7741c37865abdfef763ac	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 3f05864fc9a7741c37865abdfef763ac 726731582700156fc807ee1b3a43319fa6fb755b 836a87f3e64ef1931c7577a4939845728b0d0cc2a9e023f85823393299db843b Loading...

	#8 Eval - 773eb7c46254afe51699a0dbdf14898d	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 773eb7c46254afe51699a0dbdf14898d 479d1d29ec58d48ebdc58477bec48ad212543377 434494f434e9f3fc226c73084058bb9bb429afe2738890e8754e305dd3d5f6ee Loading...

	#9 Eval - 2b8b7a25eaf379066b9ac47e27750242	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 2b8b7a25eaf379066b9ac47e27750242 472661f5bf436bd7b23c4b59f41c786bc39155be 9762564a0625d9987dd737986e5aa5fa9dc7686370a20b92e76bde9e80ae4794 Loading...

	#10 Eval - d9610531a3c3c23573825596be1dc726	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash d9610531a3c3c23573825596be1dc726 a3c46ba71dd37c670cd7e9f154a78a446f550121 fab11699a94734fbe829425e61f2a2f4155c9f479f82781e97d1a4b35d9a1ff3 Loading...

	#11 Eval - c98340c5129a777c7c6b5b2475eac885	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash c98340c5129a777c7c6b5b2475eac885 b13d0be3695e7193b575dae4639ef2a9c67f8018 8b8aa61a2b51d88134c9a288419a5b96f77d93a50d65eeaebe8a6b665132845b Loading...

	#12 Eval - db201a64e0fca02581723702a00ba170	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash db201a64e0fca02581723702a00ba170 6f127006485e2b81f323a4183fedc1113d8b2b76 867eec43cda470affb294efa52b4e124b9d99a68ab1e164d2a23d30f702dda43 Loading...

	#13 Eval - 65d6654846ac789177fb13cc9a7b1216	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 65d6654846ac789177fb13cc9a7b1216 5af3bd0de0bc1c1030cfa6bfaf4c463fa26686af 62c7355b7c5d4159403e6fc1600b19867ed00a36c8999effd7c86715dbeabce2 Loading...

	#14 Eval - 11ecc27deb83a9084518c893d2756d5b	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 11ecc27deb83a9084518c893d2756d5b 62df95553509fa3362cdfe35eeb440a3fed89abc 327788df302dbe9d05b7cadc9843e0f905a2be4ef92095caf6b693a8fcbc2a0a Loading...

	#15 Eval - e4d99b94ea8baa94971c855939047a25	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash e4d99b94ea8baa94971c855939047a25 bb9af2d5c16449b31d01835c3f7dcebbf7c75d5b 3a9ea4fa37da6b21f828049886efe815160fe7f3d3d9af577307e2859f7f505d Loading...

	#16 Eval - c4a8d7cf0482fc90e6dcaa9ad98faf0f	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash c4a8d7cf0482fc90e6dcaa9ad98faf0f 01566b64c682cfcc41c0b7037fde0e7477d3864c bd6701532825d155746f30b5dce5dc1602e70c48f655ce8ccce80a54fa8e9220 Loading...

	#17 Eval - 3a3acebeff9654b7e3240e271e73831a	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 3a3acebeff9654b7e3240e271e73831a 9f89203ea19c4f55a48288df14b11370988acfb1 4d977b065bcb6c38262bb67d0b4ecb83af37ecfada99b589e62471e8d0b34fd9 Loading...

	#18 Eval - 1658bb0c45a03327008a4109d59383d5	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 1658bb0c45a03327008a4109d59383d5 8d85d162f4d5a6d80e4593b971babf3238a89a26 26b265195d982d0ad36fe08e17c229a892b94c98ee9ec062bbd90b61c6184da0 Loading...

	#19 Eval - c4bac1b4422c92aa7505de728a4aabb9	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash c4bac1b4422c92aa7505de728a4aabb9 0e6ff75b37d45b70b2f3e1ee02fef174d44d44a3 3adb55c6ac9de1f93707b26a54284f9a3fa8e7c26c5a793a8bde87b42545c028 Loading...

	#20 Eval - 718d06a8656edb1457681fd09239d31f	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 718d06a8656edb1457681fd09239d31f e1c5754682f80f0faf38f584b1533fd8eecaacb6 2c6d021a999da848022f5b11d1dd2aa62a06920e9ae411ba411dca1b2e82db36 Loading...

	#21 Eval - 873e6d9cd6dd9012736aba6192aadcef	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 873e6d9cd6dd9012736aba6192aadcef 67d548574f2f9ffc9593cd5f323ceb9099072a3e e59e4f05bd205e6ba51cfafd95d7b2beb7b325d55231bde0701c9caa34a170bd Loading...

	#22 Eval - ffd7f1ddc60eabd9b61a51d6644f16ae	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash ffd7f1ddc60eabd9b61a51d6644f16ae 27a93cfe8910ea9b129d044125c81456ed7ec9b6 806a677994a67c7044020cc255e4e8037da67ffc451fd98a9511222b71295fa2 Loading...

	#23 Eval - c2112b753e1b99110534139cd9cb4d2c	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash c2112b753e1b99110534139cd9cb4d2c a47f34a39b729bb4adade9de88879ba3c350dfa7 87fc6bc2ce53004d261b3298d5eefa73f0075efbea2978224510f4b2f369e567 Loading...

	#24 Eval - a0e217f28c584440bed326ca2d6742cb	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash a0e217f28c584440bed326ca2d6742cb 838c86ef4df2f9f897fbe77d4a499526a7e91a6e 9f5fbda32e739dba0e322961f96420fada62952311156adfc5aee338bc88ef7c Loading...

	#25 Eval - 3b6afb8a6374bbdad45f1d9a09642da8	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 3b6afb8a6374bbdad45f1d9a09642da8 84394e64c0ffeebb5606eb0212f0db9dcae8edf0 9ff0fbcd07cc12b09aa2c4cd6908689ff9e7c0e50bb9f0540928ef520ab5bcb1 Loading...

	#26 Eval - 4f31db6d7bfe2bacfa2d750e8681754b	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 4f31db6d7bfe2bacfa2d750e8681754b e7c3e7400e6727df784c081b69165039203387ab 8eba3f2d7bb23eec67b83b77d63d9be7eabbf1a8c0f4c2285d705dbf0fbe935c Loading...

	#27 Eval - de7286701c16a33c26f1ffd672ec6d77	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash de7286701c16a33c26f1ffd672ec6d77 58a9a80dcd7fe1cf2779c58a632dba931f70864a da86f8632eeb9ef630d4d7d2a5afa39dd4be0b04351d06e90bcc36e29175bbcd Loading...

	#28 Eval - a79e039a2172da12b9bc8d62e4d417c5	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash a79e039a2172da12b9bc8d62e4d417c5 0d93ccb16a9a3733cc6d21c60a0efdbb053161ea 164e16ec21a39d835d37d69419cfa05f55fa3038c5bd7b23f4edcf1114f0312a Loading...

	#29 Eval - c03319c8604928ee94a6eb0bd20e7120	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash c03319c8604928ee94a6eb0bd20e7120 db30f589adc5ed4fc7bd016ddb2ddabc6e391a67 86d917ce0aa0fa1b97038a50a94d5dffb57c91c0783c6902570b345e9a435bb4 Loading...

	#30 Eval - 07bfcbfccb8df5595542a042f212e8a6	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 07bfcbfccb8df5595542a042f212e8a6 21d61d5666343b1ab94519cb88ed183cd5ebea8c 1e2802209967441c0e6d13ac13f07fe9fb7f0c9c571b824e5d81aaee3216af55 Loading...

	#31 Eval - 0d3bd7aabd74ffa5eee7555686dab48b	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 0d3bd7aabd74ffa5eee7555686dab48b 558484add16ea8748dcc2a7d5f2bedf028cabaef 95fe4eda58bf686cb2e734aee81ea9e9a6881921c3c36e278bb76c8a11c9a7b4 Loading...

	#32 Eval - 74045d635ee1e7fb94c4f0594b093fee	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 74045d635ee1e7fb94c4f0594b093fee b2fa78732122ff8ffaa2d2d698b151984289bd61 5d8194249a5a9528e257f54758b18dc50b46f80d3070b93ecc55c4b55c0785df Loading...

	#33 Eval - 51a33f1887de883366616fb717ff1f98	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 51a33f1887de883366616fb717ff1f98 0896f59d2dddbf040b9b261fba5428340b50a7a6 4eedb5a30b758697ef0aab976549d1d643ab161d76de1133f1f04cf16f414cbc Loading...

	#34 Eval - 8c22121e894c5063705f9e91f06a77f7	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 8c22121e894c5063705f9e91f06a77f7 04416c7b7f42d8e55308b1639fd4391776846db7 f596c0cf2a45d92afbd230ef623041d11ff6869412400cd93da4bb1b73908678 Loading...

	#35 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2024-11-21 06:36
Pretty Observations First Seen2023-03-07 01:03 Last Seen2024-11-21 06:36 Times Seen319798 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#36 Eval - a2680b1a49cbbde122e705e619625b23	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash a2680b1a49cbbde122e705e619625b23 01387e5ace3626f701b0176320a855bc6033bad9 39d469b10cc2ee323a02ed38be880b1df4971c1c928ea4fc7322d84439f555f3 Loading...

	#37 Eval - 59a287b0af3fd4ae5ddfffda48b997d1	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash 59a287b0af3fd4ae5ddfffda48b997d1 df5cf27573aefb69648d7abf3f29ac3746e5a70a 231134e97dddd955e5b8730301cf519c3dffeb21028c53d0d955b771249d4037 Loading...

	#38 Eval - edebec9b33d0ae65d2ceb13241ead9e7	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash edebec9b33d0ae65d2ceb13241ead9e7 f2b20b5faac14097b736d1ad95b6437c9362176c 936b1964e76f068ffe43b70e1978f7ba8532ae44ead7e80c2e2bfa87eea248b2 Loading...

	#39 Eval - a3bdd323ada7969d6b79e3b16f144682	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash a3bdd323ada7969d6b79e3b16f144682 be421d37161fe585e6af731515267761c6eba4f0 27945a7cec57564521ab65e13d7d6178b91f15c6e36c02416d647b74c7ecb8b3 Loading...

	#40 Eval - d519db1324c3c38f5585ed3169b0565d	28 B	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash d519db1324c3c38f5585ed3169b0565d adab363a81dae73ba5bde1bcf946a2ec478bf0ff c48070f65ad18cd1cf733e355bd40a301283e344c2b5a60cd4b224392d512ce0 Loading...

		Size	First Seen	Last Seen
	#1 Write - d79d77f7197dcd50539e44a3fd2bfdbf	5.8 kB	2024-11-20 22:23	2024-11-20 22:23
Pretty Observations First Seen2024-11-20 22:23 Last Seen2024-11-20 22:23 Times Seen1 Hash d79d77f7197dcd50539e44a3fd2bfdbf c5ea931075f85886f820e4e1431a98e8915c5913 0a68b0076ff78a9c7b9ce033c6eae3e1e030eb7e2ff2c64a7406fd4302f15332 Loading...

HTTP Transactions (16)

URL IP Response Size

www.google.co.ke/url?sa==rafqigacjrkrnnioqkowziyxaiusnluqeulymwebekupzxoc&rct=zolesnudazazmzgsjvwdvqzilxazcumsnbozxtjbwldgyqzgdzrrmmqlnmokqbxpnmciglrj&sa=t&url=amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0

142.250.74.3

302 Found

308 B

URL
www.google.co.ke/url?sa==rafqigacjrkrnnioqkowziyxaiusnluqeulymwebekupzxoc&rct=zolesnudazazmzgsjvwdvqzilxazcumsnbozxtjbwldgyqzgdzrrmmqlnmokqbxpnmciglrj&sa=t&url=amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
308 B (308 bytes)
Hash
404253f39471d53aa8325715c2e198c9
cb6a924935541304ef0b1d18e033c8e11ca59c9c
6b5ddae3ae1a4cc268d759615798658c7d9e64bdc155c744f1e8642c6728fe2c

HTTP Headers

GET /url?sa==rafqigacjrkrnnioqkowziyxaiusnluqeulymwebekupzxoc&rct=zolesnudazazmzgsjvwdvqzilxazcumsnbozxtjbwldgyqzgdzrrmmqlnmokqbxpnmciglrj&sa=t&url=amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0 HTTP/1.1
Host: www.google.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://www.google.co.ke/amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0
cache-control: private
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-50NEa_45AQ7xD1kN51Q2vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Wed, 20 Nov 2024 22:22:46 GMT
server: gws
content-length: 308
x-xss-protection: 0
set-cookie: __Secure-ENID=24.SE=AJBOJexY5svh7GLAYvo6TItz2xmr8EnMRqmS5buXfyC8nB-Y-oQA8PzFhR1u-PnoUenpCPGvPTGb_vX_e2whUGM09EBRj9S8it6IMOvmehX52t563apkgnIJr7Wzxsl44X0NpHPPfuWcR7NxR7-u3ovuuF6y5iE3V0yweLRY1MOMk3u9bWuJSTm--IR0Rf-YaPmUxCmBSt9Sm6FjVQUcIu1jSwWVbhFmUFU__uw; expires=Sun, 21-Dec-2025 14:41:04 GMT; path=/; domain=.google.co.ke; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.co.ke/amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0

142.250.74.3

302 Found

286 B

URL
www.google.co.ke/amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
286 B (286 bytes)
Hash
d2057183c2996a36430cc33789c8a0e4
5f7535a03b562101423162725adfd0d628d84a40
83b9903d3cce8a6f3e33ced65530b234b939a229e1ec5fccd4c1b4532f4b59d8

HTTP Headers

GET /amp/soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0 HTTP/1.1
Host: www.google.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=24.SE=AJBOJexY5svh7GLAYvo6TItz2xmr8EnMRqmS5buXfyC8nB-Y-oQA8PzFhR1u-PnoUenpCPGvPTGb_vX_e2whUGM09EBRj9S8it6IMOvmehX52t563apkgnIJr7Wzxsl44X0NpHPPfuWcR7NxR7-u3ovuuF6y5iE3V0yweLRY1MOMk3u9bWuJSTm--IR0Rf-YaPmUxCmBSt9Sm6FjVQUcIu1jSwWVbhFmUFU__uw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
location: http://soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0
cache-control: private
x-robots-tag: noindex
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-KX6weQ_xtyUz1optnjB1Xw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
date: Wed, 20 Nov 2024 22:22:46 GMT
server: gws
content-length: 286
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0

172.93.120.11

200 OK

0 B

URL
soterpedregal.com/let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0
IP
172.93.120.11:0
ASN
#393960 HOST4GEEKS-LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /let/cat/5vBbJ7Q0iNYcNK7C1Vt17Rl7FKS/aWZvd2xlckBzbHVycG1haWwubmV0 HTTP/1.1
Host: soterpedregal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 20 Nov 2024 22:22:46 GMT
Server: Apache
refresh: 0;url=https://Znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.18.95.41

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB
ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://znv.ubinexkhl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 20 Nov 2024 22:22:47 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/e4025c85ea63/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e5bd73c3a52569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

14 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
FingerprintE6:47:BB:06:9C:32:48:7E:A6:0A:4B:62:53:7B:F0:35:5D:A9:A3:8A
ValiditySat, 28 Sep 2024 05:35:05 GMT - Fri, 27 Dec 2024 05:35:04 GMT

File type
JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Size
14 kB (13972 bytes)
Hash
2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://znv.ubinexkhl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Nov 2024 22:22:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 85646
expires: Mon, 10 Nov 2025 22:22:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bJj31dd8c9JZK6mAy6p7rlL32UP9S69UUCfOoticX36yBjWg3pU3QNlvX%2FenKWT6S5dlf6e4SknKCV3I5odMYzJHVhFbRvztd9RH0TjU2BbEYyFNqFcLmir0KG0ZJxzmKquhsdte"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8e5bd73c8d550b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://znv.ubinexkhl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 20 Nov 2024 22:22:47 GMT
age: 2123694
x-served-by: cache-lga21931-LGA, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 491756
x-timer: S1732141368.784027,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

znv.ubinexkhl.com/TyAyE/

188.114.97.1

200 OK

5.3 kB

URL
znv.ubinexkhl.com/TyAyE/
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (7737), with CRLF line terminators
Size
5.3 kB (5280 bytes)
Hash
36227d164ae2be332c273a0c9b01720c
2900da477ba43603ef6f2f0c8480daac3f12466a
fac1c846ec3b802f190fec60f1a9989e7e8e16b1e66f526e344853cd0d2a8b82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /TyAyE/ HTTP/1.1
Host: znv.ubinexkhl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Nov 2024 22:22:47 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1bKvN3GySMUKVnXoZBwOv2dmjVrNrlHnmculEJMsGCINKQnFm29KI2rsmlN59jT1mWIusXfVjC34p4yCPwem26bpe2ZfGAnzCeNxzHjRlQRvYegJVDizeh5gII97UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IitMT2hMV21RVm41am1jWDlqY0JkZ1E9PSIsInZhbHVlIjoiclZ1OGdrelNZWnNwWHVaZjU2dGc1YnY4U0ZvQ0Q2b0MwdkluN1hPNmwxNHZTMUI4V2xKNDdRMXM1dFk3eVVsVXVnU2xyUzMrOWQ3dXNWMTBvbkRkbVI4cjRZRlcwMzkxSWJTeFNNbm5PekoweEw5bVFjME5rN0MyLzR2NThGUXEiLCJtYWMiOiI2NTdlY2MzMjA5NTg1NzQ3NDhlYjc1OGRlOWFiYjE4NGJhMGM2YmE3NGJkNjRjNTNiNDJmMWNiYzcxZmM3YjkxIiwidGFnIjoiIn0%3D; expires=Thu, 21-Nov-2024 00:22:47 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjNYMzZBcXRTWWhxV2liT21kUWMwUFE9PSIsInZhbHVlIjoieWwrMVpDZUhLc1FRbUs1UG1KUlkwVzl5ajB1T3dEcENLYWRYVnc4NFhLbytEbVBTOWFFcVkvSnZsTmhETkVMWEpLZjlDdFBRb3pjTEV2YlBxWE4vWXlxVE9YWmZJTXl1QWZ6U2hwWTdIK1Q1TnN0czkzY1BOZVFYaWdBdmJJOHciLCJtYWMiOiJlMjEwOWM0YmY1MDg4ZDk5MDNjNjJlNmFjMjEyZjZjZmM2ZjQyZjIwNDUzZGUxMDNhOGRjYTc1OGFmNTIyZjk5IiwidGFnIjoiIn0%3D; expires=Thu, 21-Nov-2024 00:22:47 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 8e5bd7377a405694-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=35884&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1386&delivery_rate=79475&cwnd=233&unsent_bytes=0&cid=f50d98d3aa0c08d6&ts=234&x=0", cfL4;desc="?proto=TCP&rtt=21756&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1254&delivery_rate=261623&cwnd=246&unsent_bytes=0&cid=b91efc2619e5204a&ts=631&x=0"
X-Firefox-Spdy: h2

znv.ubinexkhl.com/favicon.ico

188.114.97.1

404 Not Found

5.3 kB

URL GET HTTP/3
znv.ubinexkhl.com/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectubinexkhl.com
Fingerprint23:08:D5:FA:5E:E7:08:46:78:A3:0E:28:84:62:DD:F3:69:44:57:7D
ValidityThu, 31 Oct 2024 19:48:58 GMT - Wed, 29 Jan 2025 19:48:57 GMT

File type
data
Size
5.3 kB (5298 bytes)
Hash
e062029bade6e1339821679e3cd52be8
61123f65ab2a6a3045369396fb43be8121b0495d
6d9e8bfbd9be4e7b93866b0bdc4857d54d8a3c195e8d4b8c23b0d3cc02a3d403

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: znv.ubinexkhl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://znv.ubinexkhl.com/TyAyE/
Cookie: XSRF-TOKEN=eyJpdiI6IitMT2hMV21RVm41am1jWDlqY0JkZ1E9PSIsInZhbHVlIjoiclZ1OGdrelNZWnNwWHVaZjU2dGc1YnY4U0ZvQ0Q2b0MwdkluN1hPNmwxNHZTMUI4V2xKNDdRMXM1dFk3eVVsVXVnU2xyUzMrOWQ3dXNWMTBvbkRkbVI4cjRZRlcwMzkxSWJTeFNNbm5PekoweEw5bVFjME5rN0MyLzR2NThGUXEiLCJtYWMiOiI2NTdlY2MzMjA5NTg1NzQ3NDhlYjc1OGRlOWFiYjE4NGJhMGM2YmE3NGJkNjRjNTNiNDJmMWNiYzcxZmM3YjkxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjNYMzZBcXRTWWhxV2liT21kUWMwUFE9PSIsInZhbHVlIjoieWwrMVpDZUhLc1FRbUs1UG1KUlkwVzl5ajB1T3dEcENLYWRYVnc4NFhLbytEbVBTOWFFcVkvSnZsTmhETkVMWEpLZjlDdFBRb3pjTEV2YlBxWE4vWXlxVE9YWmZJTXl1QWZ6U2hwWTdIK1Q1TnN0czkzY1BOZVFYaWdBdmJJOHciLCJtYWMiOiJlMjEwOWM0YmY1MDg4ZDk5MDNjNjJlNmFjMjEyZjZjZmM2ZjQyZjIwNDUzZGUxMDNhOGRjYTc1OGFmNTIyZjk5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Wed, 20 Nov 2024 22:22:47 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUqA8ZO6wfC4SH4UXsuzRHDnSl0b%2F0UYsLN6gxQ%2FIok2jiuWBPY9P3qgnCi82PDuo4UR0BRG9mLpHSchjyPMedhcBWM2GYsf716FRXTGEemMkH63%2F4yDMX0GTnkNCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 8621
server: cloudflare
cf-ray: 8e5bd73dc95bca70-HAM
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=47771&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2087&delivery_rate=59531&cwnd=251&unsent_bytes=0&cid=e5930ca1b01d15d9&ts=464&x=0", cfL4;desc="?proto=QUIC&rtt=17752&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4042&recv_bytes=1685&delivery_rate=38680&cwnd=12000&unsent_bytes=0&cid=f4a1ca04436936a2&ts=388&x=1", cfHdrFlush;dur=0

challenges.cloudflare.com/turnstile/v0/g/e4025c85ea63/api.js

104.18.95.41

200 OK

24 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/g/e4025c85ea63/api.js
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB
ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT

File type
JavaScript source, ASCII text, with very long lines (47694)
Size
24 kB (24444 bytes)
Hash
481edb6f4045f16980c920ccd9705105
d8cb40abc935dc65d25d83d8358f52ac88742f73
5f7c821eea52471a9bbb0397df6b77ee279505be05bb52aef00932989522d3c2

HTTP Headers

GET /turnstile/v0/g/e4025c85ea63/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://znv.ubinexkhl.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Nov 2024 22:22:47 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 19 Nov 2024 14:16:20 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e5bd73c8ab5569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/

104.18.95.41

200 OK

13 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://znv.ubinexkhl.com/TyAyE/#Mifowler@slurpmail.net
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB
ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT

File type
HTML document, ASCII text, with very long lines (22074)
Size
13 kB (13069 bytes)
Hash
ed1fb3b566e924cc88c56c7fbba6773a
9232e74659773df08214acf9e04293159ee466d6
9f805c3a1848debc1303e28c305356c3fbea31219e32bcef137453ba590b99e9

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://znv.ubinexkhl.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Nov 2024 22:22:47 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
server: cloudflare
cf-ray: 8e5bd73dab0b5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8e5bd73dab0b5684/1732141368377/eGqewno5CRPhRJL

104.18.95.41

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8e5bd73dab0b5684/1732141368377/eGqewno5CRPhRJL
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB
ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT

File type
PNG image data, 25 x 52, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
7cbfe0bd70692f4a7269a93a015fe74b
a6be4a11b394e57e3322cc299bc83ca5994aca59
753eeecc4443a1c7cbe8303c69d92c99ecb20266b03993a478f4ac0de2247c97

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/8e5bd73dab0b5684/1732141368377/eGqewno5CRPhRJL HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Nov 2024 22:22:50 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8e5bd74bc9ab5684-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8e5bd73dab0b5684/1732141368378/cb80d7afd49010c53163694a4dd58fbf075ec8efa705134496e30ed7fae16931/-TjXdIHldM2mZwU

104.18.95.41

401 Unauthorized

1 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8e5bd73dab0b5684/1732141368378/cb80d7afd49010c53163694a4dd58fbf075ec8efa705134496e30ed7fae16931/-TjXdIHldM2mZwU
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB
ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/8e5bd73dab0b5684/1732141368378/cb80d7afd49010c53163694a4dd58fbf075ec8efa705134496e30ed7fae16931/-TjXdIHldM2mZwU HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Wed, 20 Nov 2024 22:22:50 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gy4DXr9SQEMUxY2lKTdWPvwdeyO-nBRNEluMO1_rhaTEAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIMuA16_UkBDFMWNpSk3Vj78HXsjvpwUTRJbjDtf64WkxABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIMuA16_UkBDFMWNpSk3Vj78HXsjvpwUTRJbjDtf64WkxABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA2ofNYujuBSGe3VokTOshcBYsN3IYqVG1vzSM-oCNQXOis6OMxshBYgGBi7QofI09eX3MiEJXFbY9F5l3e8-_QYq1SaXGxnEUzFLxdxsrqg_HDC1t7FnimSy0L1ex7MmHaWHHFKZvblAZW4u3w1pnvpb9w-jFqacUEW3fpSMZS_Yd7X8ZtgHadv02nmX_vYOfXYz1-xrGqFTGxaoYv67qpr8Z_qEW3JxhCu5bAG07lhyKUQwCjYBaHaw9ts0dop6n4rTO43MDNBGwSB1W3JKJgCrpVXUb1nOd5pPabD8TOMECeRricTImLIJXlsMxbWvR9FO1r0FuE_1vIFSjDDXnaQIDAQAB", max-age=20
server: cloudflare
cf-ray: 8e5bd74c3a185684-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2071990221:1732137184:d2HefxvUGAYKctcIjq0aAuo-UAg5E3FaXarpDj6D-qA/8e5bd73dab0b5684/PSF6uZrMI8YCn1eLPmPFsYQtYWwcQLWyC9BdlCGAieo-1732141367-1.1.1.1-1jzWF6xn8ueAW9RgL0a76Ai39Q_s_PAbqxtjuliecFi4g4MwsTTx9rR75wWMbOO_

104.18.95.41

200 OK

30 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2071990221:1732137184:d2HefxvUGAYKctcIjq0aAuo-UAg5E3FaXarpDj6D-qA/8e5bd73dab0b5684/PSF6uZrMI8YCn1eLPmPFsYQtYWwcQLWyC9BdlCGAieo-1732141367-1.1.1.1-1jzWF6xn8ueAW9RgL0a76Ai39Q_s_PAbqxtjuliecFi4g4MwsTTx9rR75wWMbOO_
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB
ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT

File type
ASCII text, with very long lines (26328), with no line terminators
Size
30 kB (30367 bytes)
Hash
77b21141c61628df09d15726867000e5
f9f7e0d7039bf4d5cc91e2a899853a0551905612
91c4ee020f5f0dfcd2e71ebaaebe497b2e04a2e7c993ab2afedbd923aa2a1432

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2071990221:1732137184:d2HefxvUGAYKctcIjq0aAuo-UAg5E3FaXarpDj6D-qA/8e5bd73dab0b5684/PSF6uZrMI8YCn1eLPmPFsYQtYWwcQLWyC9BdlCGAieo-1732141367-1.1.1.1-1jzWF6xn8ueAW9RgL0a76Ai39Q_s_PAbqxtjuliecFi4g4MwsTTx9rR75wWMbOO_ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: PSF6uZrMI8YCn1eLPmPFsYQtYWwcQLWyC9BdlCGAieo-1732141367-1.1.1.1-1jzWF6xn8ueAW9RgL0a76Ai39Q_s_PAbqxtjuliecFi4g4MwsTTx9rR75wWMbOO_
CF-Chl-RetryAttempt: 0
Content-Length: 27883
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Nov 2024 22:22:50 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: asEeIuT+w1udc0t5I/HBPNFsj5m7qdO0WtnayWLNPNgnrn4UBcmxqyjQZ2I3joGZ0wMgRwxuwGqQXEWy$1sV6ugefPltK3zEG
server: cloudflare
cf-ray: 8e5bd74d6b605684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1

104.18.95.41

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB
ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 20 Nov 2024 22:22:48 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8e5bd73e3b9f5684-OSL
alt-svc: h3=":443"; ma=86400

znv.ubinexkhl.com/TyAyE/

188.114.97.1

200 OK

20 kB

URL User Request GET HTTP/2
znv.ubinexkhl.com/TyAyE/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectubinexkhl.com
Fingerprint23:08:D5:FA:5E:E7:08:46:78:A3:0E:28:84:62:DD:F3:69:44:57:7D
ValidityThu, 31 Oct 2024 19:48:58 GMT - Wed, 29 Jan 2025 19:48:57 GMT

File type
HTML document, ASCII text, with very long lines (7737), with CRLF line terminators
Size
20 kB (20460 bytes)
Hash
36227d164ae2be332c273a0c9b01720c
2900da477ba43603ef6f2f0c8480daac3f12466a
fac1c846ec3b802f190fec60f1a9989e7e8e16b1e66f526e344853cd0d2a8b82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /TyAyE/ HTTP/1.1
Host: znv.ubinexkhl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Nov 2024 22:22:47 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1bKvN3GySMUKVnXoZBwOv2dmjVrNrlHnmculEJMsGCINKQnFm29KI2rsmlN59jT1mWIusXfVjC34p4yCPwem26bpe2ZfGAnzCeNxzHjRlQRvYegJVDizeh5gII97UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IitMT2hMV21RVm41am1jWDlqY0JkZ1E9PSIsInZhbHVlIjoiclZ1OGdrelNZWnNwWHVaZjU2dGc1YnY4U0ZvQ0Q2b0MwdkluN1hPNmwxNHZTMUI4V2xKNDdRMXM1dFk3eVVsVXVnU2xyUzMrOWQ3dXNWMTBvbkRkbVI4cjRZRlcwMzkxSWJTeFNNbm5PekoweEw5bVFjME5rN0MyLzR2NThGUXEiLCJtYWMiOiI2NTdlY2MzMjA5NTg1NzQ3NDhlYjc1OGRlOWFiYjE4NGJhMGM2YmE3NGJkNjRjNTNiNDJmMWNiYzcxZmM3YjkxIiwidGFnIjoiIn0%3D; expires=Thu, 21-Nov-2024 00:22:47 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjNYMzZBcXRTWWhxV2liT21kUWMwUFE9PSIsInZhbHVlIjoieWwrMVpDZUhLc1FRbUs1UG1KUlkwVzl5ajB1T3dEcENLYWRYVnc4NFhLbytEbVBTOWFFcVkvSnZsTmhETkVMWEpLZjlDdFBRb3pjTEV2YlBxWE4vWXlxVE9YWmZJTXl1QWZ6U2hwWTdIK1Q1TnN0czkzY1BOZVFYaWdBdmJJOHciLCJtYWMiOiJlMjEwOWM0YmY1MDg4ZDk5MDNjNjJlNmFjMjEyZjZjZmM2ZjQyZjIwNDUzZGUxMDNhOGRjYTc1OGFmNTIyZjk5IiwidGFnIjoiIn0%3D; expires=Thu, 21-Nov-2024 00:22:47 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 8e5bd7377a405694-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=35884&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1386&delivery_rate=79475&cwnd=233&unsent_bytes=0&cid=f50d98d3aa0c08d6&ts=234&x=0", cfL4;desc="?proto=TCP&rtt=21756&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1254&delivery_rate=261623&cwnd=246&unsent_bytes=0&cid=b91efc2619e5204a&ts=631&x=0"
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e5bd73dab0b5684&lang=auto

104.18.95.41

200 OK

113 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e5bd73dab0b5684&lang=auto
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB
ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
113 kB (113391 bytes)
Hash
826c6d8a37c4813de5765ed424211617
2c5e980a0fb06d0a344d0ef70c914385d69ed0bc
e80932fd3a2271169ec6eea09aafffc503545224a45d1a1b436bc2d182e1aa0c

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e5bd73dab0b5684&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ej780/0x4AAAAAAAzBG2DCl0k9WO21/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 20 Nov 2024 22:22:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8e5bd73e4ba35684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (49)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations