Report - boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc

Report Overview

Visited public
2025-03-16 00:56:12
Tags
URL
boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Finishing URL
boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
IP / ASN
172.67.222.121
#13335 CLOUDFLARENET
Title
boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
boxauth.ru	unknown	2024-05-23	2024-06-07	2025-03-15	6.3 kB	43 kB	104.21.70.94

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-16	medium	boxauth.ru	Sinkholed
2025-03-16	medium	boxauth.ru	Sinkholed
2025-03-16	medium	boxauth.ru	Sinkholed
2025-03-16	medium	boxauth.ru	Sinkholed
2025-03-16	medium	boxauth.ru	Sinkholed
2025-03-16	medium	boxauth.ru	Sinkholed
2025-03-16	medium	boxauth.ru	Sinkholed
2025-03-16	medium	boxauth.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc	ScriptElement	5.9 kB	2025-03-16	2025-03-16
Pretty URL boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc IP 104.21.70.94 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-16 00:56 Last Seen2025-03-16 00:56 Times Seen1 Hash be02f2a506a8143caad39e7b5a7c931f d50444873e697aaa6be2df028fc211eae25d9493 162329cc41d4a83be029dc24963e08d163f42a4fd255d8fb9a0ba932dae68824 Loading...

	about:blank	ScriptElement	236 B	2025-03-16	2025-03-16
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-16 00:56 Last Seen2025-03-16 00:56 Times Seen1 Hash 7c884007ef0b18e49c9c375e068e86a7 0cbd459de4c380e93a74617d27c179074267030a a640bb3a4f92f24854c6fde53a1919115ff10909b51a49c8b0651031072fe84a Loading...

	boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc	ScriptElement	921 B	2025-03-16	2025-03-16
Pretty URL boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc IP 104.21.70.94 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-16 00:56 Last Seen2025-03-16 00:56 Times Seen1 Hash a3a68c30d39a319fcbe8096f1ce69b0a e0e7aa3faf153e457fe4d223ef5a7812a6fb20e9 ae1570a8e750d2eed148fd96845a8c224515cef2078bb01ff81c2c9636a384b9 Loading...

	boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc	Eval	4.4 kB	2025-03-16	2025-03-16
Pretty URL boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc IP 104.21.70.94 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-16 00:56 Last Seen2025-03-16 00:56 Times Seen1 Hash 1ba8cb312928a8cc5cafe0459e7a9345 cf3b8a8e68668ac56dd2386237a99eb79cb871b2 0d81e254104c7a05664c34f1897a3ce6e214bb7ec1991c48e5b8055f999dced0 Loading...

HTTP Transactions (8)

URL IP Response Size

boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc

104.21.70.94

301 Moved Permanently

7.5 kB

URL User Request GET
boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
IP
104.21.70.94:80
ASN
#13335 CLOUDFLARENET

File type

Size
7.5 kB (7453 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc HTTP/1.1
Host: boxauth.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; yisKXwN7pdQIwF5YommINmhrjVc=1742172949; V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 16 Mar 2025 00:55:51 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 16 Mar 2025 01:55:51 GMT
Location: https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Da8uS8v%2FsHcgup%2FmwNGTs4nuyzcEOmd1nYRBnQcGjL7KHABNchsQeNJarer%2B7vtFjuk3plrb2lTS1Lzm93TRGDsLIdrQAHK0dbS43i6Nu%2FlWChMxzWFk3OtYrHA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 92104991698a712e-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=53085&min_rtt=53085&rtt_var=26542&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=645&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc

172.67.222.121

503 Service Unavailable

7.5 kB

URL User Request GET
boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
IP
172.67.222.121:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectboxauth.ru
Fingerprint88:3B:9B:84:96:DE:D2:D3:4B:F3:9D:EE:0F:0F:AA:98:D0:61:AB:90
ValiditySat, 15 Mar 2025 23:48:30 GMT - Sat, 14 Jun 2025 00:47:11 GMT

File type
HTML document, ASCII text, with very long lines (7497), with no line terminators
Size
7.5 kB (7453 bytes)
Hash
ab363a4d1b35eda076d04b47ae76034e
3508b91f7b7ac43f19805623191f9688efc3010a
8ab6e4d58fd2080d9b02ab6cb983cad2e91565608f1288de3e62e59fafc855f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc HTTP/1.1
Host: boxauth.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; yisKXwN7pdQIwF5YommINmhrjVc=1742172949; V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 503 Service Unavailable
date: Sun, 16 Mar 2025 00:55:51 GMT
content-type: text/html; charset=utf-8
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
set-cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; path=/; expires=Mon, 17-Mar-25 00:55:49 GMT; Max-Age=86400;
LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; path=/; expires=Mon, 17-Mar-25 00:55:49 GMT; Max-Age=86400;
yisKXwN7pdQIwF5YommINmhrjVc=1742172949; path=/; expires=Mon, 17-Mar-25 00:55:49 GMT; Max-Age=86400;
V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s; path=/; expires=Mon, 17-Mar-25 00:55:49 GMT; Max-Age=86400;
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q0%2FhwyVQYFQRVl72oee2s1KVQ6etdUixd2tJMPqm4YQInEbeBWB%2FtztsXgDV2eP9IMoA2gDz35%2FwIgYEtRCCfbup1JnxkE8n3PLTeFTHMKJTEAs1%2FCgzOtsNoPHB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921049927b0156c7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=54496&min_rtt=52661&rtt_var=1528&sent=32&recv=24&lost=0&retrans=0&sent_bytes=23998&recv_bytes=1540&delivery_rate=315280&cwnd=257&unsent_bytes=0&cid=1ac6131792688d2a&ts=738&x=0"
X-Firefox-Spdy: h2

boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc

172.67.222.121

204 No Content

0 B

URL POST
boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
IP
172.67.222.121:443
ASN
#13335 CLOUDFLARENET

Requested by
https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Certificate
IssuerGoogle Trust Services
Subjectboxauth.ru
Fingerprint88:3B:9B:84:96:DE:D2:D3:4B:F3:9D:EE:0F:0F:AA:98:D0:61:AB:90
ValiditySat, 15 Mar 2025 23:48:30 GMT - Sat, 14 Jun 2025 00:47:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc HTTP/1.1
Host: boxauth.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
jQtoXI2wjxfgpBDjbt6nLrw2RWA: 35282340
X-Requested-with: XMLHttpRequest
X-Requested-TimeStamp: 
X-Requested-TimeStamp-Expire: 
X-Requested-TimeStamp-Combination: 
X-Requested-Type: GET
X-Requested-Type-Combination: GET
Content-type: application/x-www-form-urlencoded
Content-Length: 22
Origin: https://boxauth.ru
DNT: 1
Connection: keep-alive
Referer: https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; yisKXwN7pdQIwF5YommINmhrjVc=1742172949; V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s; -6NcicaH_xbdf46XrbvPmUw9b2w=NGTcTP58Zt9HXLATWcDWYvxLhDQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 16 Mar 2025 00:55:51 GMT
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
set-cookie: -6NcicaH_xbdf46XrbvPmUw9b2w=NGTcTP58Zt9HXLATWcDWYvxLhDQ; path=/; expires=Mon, 17-Mar-25 00:55:50 GMT; Max-Age=86400;
0S-1ZnQNBL6H63ftj1S9i1FVvTg=1742086550; path=/; expires=Mon, 17-Mar-25 00:55:50 GMT; Max-Age=86400;
2SIQyNQQ6BfudcJryxvY4f54RIA=1742172950; path=/; expires=Mon, 17-Mar-25 00:55:50 GMT; Max-Age=86400;
7Kh4esJbqzcsKF5nE5JDTpzWapc=hLtz6PgWrqGVlgu19AzzFcvBrCk; path=/; expires=Mon, 17-Mar-25 00:55:50 GMT; Max-Age=86400;
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
x-server-powered-by: Engintron
x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gNVcgu3T0GMTT8HUKwmgztfIZb8%2F50dtNDHOy%2BgEu9zqX%2FD%2FW2i3qpnMoNPMPYs%2Bho5LYZydFoteuIkvIL8V%2B91r28W1JmAt6DsVQfWLShulqFwpRNOVOykFm5iA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921049956cc156c7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=53800&min_rtt=52661&rtt_var=1005&sent=44&recv=33&lost=0&retrans=0&sent_bytes=32607&recv_bytes=2158&delivery_rate=315280&cwnd=257&unsent_bytes=0&cid=1ac6131792688d2a&ts=1213&x=0"
X-Firefox-Spdy: h2

boxauth.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.222.121

302 Found

0 B

URL GET
boxauth.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.222.121:443
ASN
#13335 CLOUDFLARENET

Requested by
https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Certificate
IssuerGoogle Trust Services
Subjectboxauth.ru
Fingerprint88:3B:9B:84:96:DE:D2:D3:4B:F3:9D:EE:0F:0F:AA:98:D0:61:AB:90
ValiditySat, 15 Mar 2025 23:48:30 GMT - Sat, 14 Jun 2025 00:47:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: boxauth.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; yisKXwN7pdQIwF5YommINmhrjVc=1742172949; V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s; -6NcicaH_xbdf46XrbvPmUw9b2w=NGTcTP58Zt9HXLATWcDWYvxLhDQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 16 Mar 2025 00:55:51 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ioS%2B1JifZrqVqBkfW237hI6rlYmKvpMH8BSKljWfvLP%2BHa4hR4YPKPnd%2FGFQ9gf0NnRvvmBU0y0YEr27B6dd4pHZMl3ObExAn3g3FTrKQ4qMg88PY%2FQlwXRA09mV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 921049956cc556c7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=53800&min_rtt=52661&rtt_var=1005&sent=43&recv=33&lost=0&retrans=0&sent_bytes=32070&recv_bytes=2158&delivery_rate=315280&cwnd=257&unsent_bytes=0&cid=1ac6131792688d2a&ts=1190&x=0"
X-Firefox-Spdy: h2

boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc

172.67.222.121

403 Forbidden

0 B

URL User Request GET
boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
IP
172.67.222.121:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectboxauth.ru
Fingerprint88:3B:9B:84:96:DE:D2:D3:4B:F3:9D:EE:0F:0F:AA:98:D0:61:AB:90
ValiditySat, 15 Mar 2025 23:48:30 GMT - Sat, 14 Jun 2025 00:47:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc HTTP/1.1
Host: boxauth.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; yisKXwN7pdQIwF5YommINmhrjVc=1742172949; V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s; -6NcicaH_xbdf46XrbvPmUw9b2w=NGTcTP58Zt9HXLATWcDWYvxLhDQ; 0S-1ZnQNBL6H63ftj1S9i1FVvTg=1742086550; 2SIQyNQQ6BfudcJryxvY4f54RIA=1742172950; 7Kh4esJbqzcsKF5nE5JDTpzWapc=hLtz6PgWrqGVlgu19AzzFcvBrCk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sun, 16 Mar 2025 00:55:52 GMT
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
set-cookie: PHPSESSID=514654d3a7b790db41e7653d3b6741a0; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vi3ll4%2FZLp1Z4OIxPpMvO7cYcJjjJmPlBarC4qcfaoG9ptMTfty3Rw6M2%2BB4qCgyv0qcY3omrEwjfHSIPL4%2B5vF6EzzIn7f7%2BTd3T%2BL6D6PdMmCVC9Z2Aclr9STF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921049965d4a56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=53554&min_rtt=52553&rtt_var=965&sent=47&recv=38&lost=0&retrans=0&sent_bytes=33421&recv_bytes=2520&delivery_rate=315280&cwnd=257&unsent_bytes=0&cid=1ac6131792688d2a&ts=1964&x=0"
X-Firefox-Spdy: h2

boxauth.ru/favicon.ico

172.67.222.121

404 Not Found

315 B

URL GET
boxauth.ru/favicon.ico
IP
172.67.222.121:443
ASN
#13335 CLOUDFLARENET

Requested by
https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Certificate
IssuerGoogle Trust Services
Subjectboxauth.ru
Fingerprint88:3B:9B:84:96:DE:D2:D3:4B:F3:9D:EE:0F:0F:AA:98:D0:61:AB:90
ValiditySat, 15 Mar 2025 23:48:30 GMT - Sat, 14 Jun 2025 00:47:11 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: boxauth.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; yisKXwN7pdQIwF5YommINmhrjVc=1742172949; V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s; -6NcicaH_xbdf46XrbvPmUw9b2w=NGTcTP58Zt9HXLATWcDWYvxLhDQ; 0S-1ZnQNBL6H63ftj1S9i1FVvTg=1742086550; 2SIQyNQQ6BfudcJryxvY4f54RIA=1742172950; 7Kh4esJbqzcsKF5nE5JDTpzWapc=hLtz6PgWrqGVlgu19AzzFcvBrCk; PHPSESSID=514654d3a7b790db41e7653d3b6741a0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 16 Mar 2025 00:55:53 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
pragma: public
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g94NCDzWh5eXQaQvp4wDmRdUD8sGFzflI2aJpZag1fQLT6JZSV0j5FjwHaIbQmHiHn8mIkfymQTPhhNa%2F1HLmn684bZCNlaKGi85kJ3mgnnm7agQDyr8Ibe2VY9N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9210499c184656c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=53590&min_rtt=52553&rtt_var=797&sent=50&recv=40&lost=0&retrans=0&sent_bytes=34223&recv_bytes=2638&delivery_rate=315280&cwnd=257&unsent_bytes=0&cid=1ac6131792688d2a&ts=2283&x=0"
X-Firefox-Spdy: h2

boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc

172.67.222.121

503 Service Unavailable

19 kB

URL User Request GET
boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
IP
172.67.222.121:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectboxauth.ru
Fingerprint88:3B:9B:84:96:DE:D2:D3:4B:F3:9D:EE:0F:0F:AA:98:D0:61:AB:90
ValiditySat, 15 Mar 2025 23:48:30 GMT - Sat, 14 Jun 2025 00:47:11 GMT

File type
HTML document, ASCII text, with very long lines (17769)
Size
19 kB (19203 bytes)
Hash
cb2d638ca9f3de67f8c785513a8778b5
e938184a85643183237a6b8d9b7c162fe4e1be7e
47ac665cc2465be7bd3b0227b2ffccb94d22762f20678fd1d69e271631df736d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc HTTP/1.1
Host: boxauth.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 503 Service Unavailable
date: Sun, 16 Mar 2025 00:55:50 GMT
content-type: text/html; charset=utf-8
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
set-cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; path=/; expires=Mon, 17-Mar-25 00:55:49 GMT; Max-Age=86400;
LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; path=/; expires=Mon, 17-Mar-25 00:55:49 GMT; Max-Age=86400;
yisKXwN7pdQIwF5YommINmhrjVc=1742172949; path=/; expires=Mon, 17-Mar-25 00:55:49 GMT; Max-Age=86400;
V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s; path=/; expires=Mon, 17-Mar-25 00:55:49 GMT; Max-Age=86400;
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2qvjIcR9F4mhGLJb1aLaE7rsaws2lFCBcMVjYo1A8Qs4CsPiJ6%2F4B63q0yuiB7JJFnUkY7K9gpb%2FI86FaUfp%2BvLPuflLw5YhWNB0pVXvqDg0Vn%2Fn9ckZqV%2BY2fPo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9210498e78d156c7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=52823&min_rtt=52661&rtt_var=15095&sent=8&recv=8&lost=0&retrans=0&sent_bytes=3268&recv_bytes=1280&delivery_rate=70218&cwnd=253&unsent_bytes=0&cid=1ac6131792688d2a&ts=137&x=0"
X-Firefox-Spdy: h2

boxauth.ru/favicon.ico

0.0.0.0

0 B

URL GET
boxauth.ru/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Certificate
IssuerGoogle Trust Services
Subjectboxauth.ru
Fingerprint88:3B:9B:84:96:DE:D2:D3:4B:F3:9D:EE:0F:0F:AA:98:D0:61:AB:90
ValiditySat, 15 Mar 2025 23:48:30 GMT - Sat, 14 Jun 2025 00:47:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: boxauth.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://boxauth.ru/mix/verifyacc.php?auth=&apitoken=pvns4cf4p9etodc
Cookie: PdCt7XQiK01B8COjyx-AAU7yxio=AV0BNC_g42z7um4nFul9PDicJ6k; LjduGgMBzHXmr6jZmRBz6wM_YZw=1742086549; yisKXwN7pdQIwF5YommINmhrjVc=1742172949; V0NMPlC9bf91k2AF7o1r8ANao-Q=bjx-nETXssNzHeHTQ1OgmMmzC2s; -6NcicaH_xbdf46XrbvPmUw9b2w=NGTcTP58Zt9HXLATWcDWYvxLhDQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP