Report - laptop.cu8w6.site/

Report Overview

Submitted URL
laptop.cu8w6.site/
IP
172.67.168.48
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 22:16:05
Access
public
Website Title
PMYP Prime Minister Laptop Scheme 2024 – Apply Online
Final URL
laptop.cu8w6.site/#1713996940655
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tj.657g.xyz	unknown	2023-07-13	2023-12-07	2024-03-20	891 B	2.9 kB	172.67.156.164
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-04-24	1.1 kB	12 kB	183.240.98.228
laptop.cu8w6.site	unknown	unknown	No data	No data	923 B	19 kB	172.67.168.48
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-24	433 B	34 kB	172.217.21.170
563cdn.com	unknown	2023-05-12	2023-05-12	2024-04-17	444 B	91 kB	172.67.154.55

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-19	medium	tj.657g.xyz/	PayPal Inc.
2024-03-19	medium	tj.657g.xyz/	PayPal Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	96 kB	2023-03-07	2024-05-04
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-04 13:22:20 Times Seen46982 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	laptop.cu8w6.site/	2.6 kB	2024-04-18	2024-05-04
Pretty URL laptop.cu8w6.site/ IP 172.67.168.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 11:21:27 Last Seen2024-05-04 08:43:59 Times Seen13 Hash bcb1aaa49a20e7b1dc786cd06f7ac01d 0e6e845f89e45bdc0bee07fe087885701b07d2dd ce5ff23d4090423a12e6d03868deba69eb6dce3f3a31f2e80cf9b9a3c8fe7933 Loading...

	unknown	316 B	2024-01-22	2024-05-04
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-01-22 00:15:49 Last Seen2024-05-04 00:55:25 Times Seen17 Hash f29d942572b68cc8c76d5067c2d4d6c6 6257f1620f626907778d0d10daf2211c9a52697f cbcb07a5ac544e58895e869208dfa323a5d304c1f2e10d190084f2b598356b9f Loading...

	unknown	37 B	2023-04-11	2024-05-04
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-05-04 13:03:01 Times Seen22219 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	unknown	342 B	2024-04-25	2024-04-25
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-25 00:16:12 Last Seen2024-04-25 00:16:12 Times Seen1 Hash 34de2caebe13d8922cba3d92a7f539f3 b4eebb038120a9717970245bfc78f8780cabcfc5 d1dbdddb5425d0394789f788d0e100d74f995ddafcfbfde89fd5919481d1e555 Loading...

	laptop.cu8w6.site/	345 B	2023-12-13	2024-05-04
Pretty URL laptop.cu8w6.site/ IP 172.67.168.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-13 18:56:14 Last Seen2024-05-04 08:43:59 Times Seen38 Hash ecffbe366e1b36e55da681315cda4e78 4932abca38dc9d841be2c4cd52207207b29c2714 214f1274f0b94b658764f6179e2de89e09de88248f35e3d9bf506ce9049c5a14 Loading...

	laptop.cu8w6.site/	228 B	2024-01-22	2024-05-04
Pretty URL laptop.cu8w6.site/ IP 172.67.168.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-22 18:55:06 Last Seen2024-05-04 08:43:59 Times Seen19 Hash 2768b69fa39beebc2afa7874bf5482e3 aff70fe363268c0b9d68b4580e998a68bf051c34 7a4a9bdcb8e68e6ad5628d6460333092224e7db0c7fa7425127050393238b580 Loading...

	tj.657g.xyz/js/script.js	1.3 kB	2023-05-22	2024-05-04
Pretty URL tj.657g.xyz/js/script.js IP 172.67.156.164 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 17:22:24 Last Seen2024-05-04 13:01:09 Times Seen3289 Hash abd4e2373b2e8c4dac2e80159641c5f1 e273656e58ca934d873204e68dd35670fde657ed 021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94 Loading...

	hm.baidu.com/hm.js?b455b34c8fc89e7c3c83de5ab7844adb	30 kB	2024-04-25	2024-04-25
Pretty URL hm.baidu.com/hm.js?b455b34c8fc89e7c3c83de5ab7844adb IP 183.240.98.228 ASN #56040 China Mobile communications corporation Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 00:16:12 Last Seen2024-04-25 00:16:12 Times Seen2 Hash 13771e6fb9befd0c146464c2b05bdb14 a8bf2ded19cdd6dd724295eb9ed4f205fc9d6f68 8e5b467b0a3b07978936e040cda36ce061d11d3f35c419763c8ee18ef27d10cc Loading...

HTTP Transactions (8)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

172.217.21.170

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://laptop.cu8w6.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://laptop.cu8w6.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:46:16 GMT
expires: Fri, 18 Apr 2025 17:46:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 534564
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

563cdn.com/images/laptopfree.jpeg

172.67.154.55

200 OK

91 kB

URL GET HTTP/2
563cdn.com/images/laptopfree.jpeg
IP
172.67.154.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://laptop.cu8w6.site/
Certificate
IssuerLet's Encrypt
Subject563cdn.com
Fingerprint9C:97:7F:B8:CE:1C:FD:45:D8:D6:47:6B:0E:AA:47:47:24:8E:7A:4E
ValidityWed, 10 Apr 2024 01:29:56 GMT - Tue, 09 Jul 2024 01:29:55 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1082x672, components 3
Size
91 kB (90602 bytes)
Hash
ad43c64a98ce069e008bd61dbd64f87e
c8882647f2bc82bcb66752ed094dd4d9e5c6ec4c
7887bebae5fca7fb2139245ab9ae67b401da166c6737367a98097b73b7db8dda

HTTP Headers

GET /images/laptopfree.jpeg HTTP/1.1
Host: 563cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://laptop.cu8w6.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 22:15:40 GMT
content-type: image/jpeg
content-length: 90602
etag: "ad43c64a98ce069e008bd61dbd64f87e"
last-modified: Wed, 24 Jan 2024 01:59:12 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FPFWuPek9OPJSC3w8BiT5MTL0Fdi1XgwHKfzSe7zpWCR3zecYx4gU8IzFxSpVUGui7mlVol91XPqdUKDEFFIs9cb0HWCo6MGxV0%2F0g9X4ChJiQ%2BR%2Bvanuzd6f44"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799740e5e661c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tj.657g.xyz/api/event

172.67.156.164

202 Accepted

2 B

URL POST HTTP/3
tj.657g.xyz/api/event
IP
172.67.156.164:443
ASN
#13335 CLOUDFLARENET

Requested by
https://laptop.cu8w6.site/
Certificate
IssuerGoogle Trust Services LLC
Subject657g.xyz
Fingerprint50:D6:E0:11:AD:45:D4:13:FA:D4:11:BC:81:A3:03:88:0B:91:49:F4
ValidityTue, 05 Mar 2024 08:51:58 GMT - Mon, 03 Jun 2024 08:51:57 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

POST /api/event HTTP/1.1
Host: tj.657g.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 88
Origin: https://laptop.cu8w6.site
DNT: 1
Connection: keep-alive
Referer: https://laptop.cu8w6.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 202 Accepted
date: Wed, 24 Apr 2024 22:15:40 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: max-age=0, private, must-revalidate
x-request-id: F8lXQpCfGJIt-0EKYBHh
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CSNrdHqyxbIEC7KZz3zawabfXhPjOzr%2F6IxEk5uaxIRzZUYq8So12Uflo0xjTilhEapL5sFIy2bGTt1eQGEQwEXYG2DiokOyO8QSjdKZ8f6NCR7ko8u1HcKDWUMWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799740f6cbd5699-OSL
alt-svc: h3=":443"; ma=86400

hm.baidu.com/hm.js?b455b34c8fc89e7c3c83de5ab7844adb

183.240.98.228

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?b455b34c8fc89e7c3c83de5ab7844adb
IP
183.240.98.228:443
ASN
#56040 China Mobile communications corporation

Requested by
https://laptop.cu8w6.site/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (619)
Size
11 kB (11257 bytes)
Hash
13771e6fb9befd0c146464c2b05bdb14
a8bf2ded19cdd6dd724295eb9ed4f205fc9d6f68
8e5b467b0a3b07978936e040cda36ce061d11d3f35c419763c8ee18ef27d10cc

HTTP Headers

GET /hm.js?b455b34c8fc89e7c3c83de5ab7844adb HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://laptop.cu8w6.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11257
Content-Type: application/javascript
Date: Wed, 24 Apr 2024 22:15:41 GMT
Etag: 4262233ebcaf80610d1a948579b33608
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=75A5CD8A30738D45; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1517738737&si=b455b34c8fc89e7c3c83de5ab7844adb&v=1.3.0&lv=1&sn=60087&r=0&ww=1280&u=https%3A%2F%2Flaptop.cu8w6.site%2F%231713996940655&tt=PMYP%20Prime%20Minister%20Laptop%20Scheme%202024%20%E2%80%93%20Apply%20Online

183.240.98.228

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1517738737&si=b455b34c8fc89e7c3c83de5ab7844adb&v=1.3.0&lv=1&sn=60087&r=0&ww=1280&u=https%3A%2F%2Flaptop.cu8w6.site%2F%231713996940655&tt=PMYP%20Prime%20Minister%20Laptop%20Scheme%202024%20%E2%80%93%20Apply%20Online
IP
183.240.98.228:443
ASN
#56040 China Mobile communications corporation

Requested by
https://laptop.cu8w6.site/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1517738737&si=b455b34c8fc89e7c3c83de5ab7844adb&v=1.3.0&lv=1&sn=60087&r=0&ww=1280&u=https%3A%2F%2Flaptop.cu8w6.site%2F%231713996940655&tt=PMYP%20Prime%20Minister%20Laptop%20Scheme%202024%20%E2%80%93%20Apply%20Online HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://laptop.cu8w6.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 24 Apr 2024 22:15:42 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=E8BBED280BAC3F22; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

laptop.cu8w6.site/

172.67.168.48

200 OK

18 kB

URL User Request GET HTTP/2
laptop.cu8w6.site/
IP
172.67.168.48:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcu8w6.site
FingerprintD4:BD:D3:BB:26:FD:22:29:DF:14:99:24:0D:BA:B4:D6:5F:DB:75:A4
ValidityWed, 06 Mar 2024 06:52:37 GMT - Tue, 04 Jun 2024 06:52:36 GMT

File type

Size
18 kB (17886 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: laptop.cu8w6.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 22:15:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: loclang=en; expires=Thu, 25-Apr-2024 22:15:40 GMT; Max-Age=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHpR4T%2Fjezj9rRXpoxfbkZdRXm3bF2qkKuR2U8OtubytdleXaNRLON49Dlf%2BsaK4dpnO6fVtypLLRQ%2BUH4ElDQp70K0dHbe1Il2rmycZ9rsEjZen9KNv0pC%2FYpBt%2BdRK3Dldng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799740a185856cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tj.657g.xyz/js/script.js

172.67.156.164

200 OK

1.3 kB

URL GET HTTP/2
tj.657g.xyz/js/script.js
IP
172.67.156.164:443
ASN
#13335 CLOUDFLARENET

Requested by
https://laptop.cu8w6.site/
Certificate
IssuerGoogle Trust Services LLC
Subject657g.xyz
Fingerprint50:D6:E0:11:AD:45:D4:13:FA:D4:11:BC:81:A3:03:88:0B:91:49:F4
ValidityTue, 05 Mar 2024 08:51:58 GMT - Mon, 03 Jun 2024 08:51:57 GMT

File type
ASCII text, with very long lines (1384), with no line terminators
Size
1.3 kB (1346 bytes)
Hash
16cfd1982a40489c41a52add24d36b85
344f1896d895c5d0a7c4caecafcf1942603cd026
72073aacecd145e525b16c4c845c07bff5798e813eeed702dff748a18b6186ce

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /js/script.js HTTP/1.1
Host: tj.657g.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://laptop.cu8w6.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 22:15:40 GMT
content-type: application/javascript
cf-bgj: minify
expires: Thu, 25 Apr 2024 03:05:14 GMT
vary: Accept-Encoding
x-cache: HIT
access-control-allow-origin: *
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 25962
last-modified: Wed, 24 Apr 2024 15:02:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8nToLymmXn7LbXjx8X5%2FeGvxwvOX93YYFrLwkSsEc25X3XnkaMQt%2FDuVC7WXJu081KljkrOYwcQ7BnGRDxPDwH3gYKPSaw1ckKZX%2FSV9xQIJc93lhyY1Q3U7pV5NBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799740e99ff56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

laptop.cu8w6.site/favicon.ico

172.67.168.48

404 Not Found

146 B

URL GET HTTP/3
laptop.cu8w6.site/favicon.ico
IP
172.67.168.48:443
ASN
#13335 CLOUDFLARENET

Requested by
https://laptop.cu8w6.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectcu8w6.site
FingerprintD4:BD:D3:BB:26:FD:22:29:DF:14:99:24:0D:BA:B4:D6:5F:DB:75:A4
ValidityWed, 06 Mar 2024 06:52:37 GMT - Tue, 04 Jun 2024 06:52:36 GMT

File type
HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: laptop.cu8w6.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://laptop.cu8w6.site/
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 24 Apr 2024 22:15:41 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pfZwiuBEcE9CtKtZOQaDpuqcsyHhHkS8LBwYS5FewL%2FJ6JBeJjvdkXDC0oET0WOt3zXck9ayn2TMWVDm0P5qoHKYqH5sRoPRVmY7eLntl7yZbKFqR%2BH%2FF%2BGGf19qMjm0a7AC9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879974116fe57128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash