Report - revivalsecularas.pw/api

Report Overview

Visited public
2023-11-23 18:55:01
Tags
URL
revivalsecularas.pw/api
Finishing URL
revivalsecularas.pw/api
IP / ASN
172.67.160.244
#13335 CLOUDFLARENET
Title
revivalsecularas.pw/api

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
revivalsecularas.pw	unknown	2023-11-13	2023-11-13 21:46:16	2023-11-19 18:51:09	826 B	5.6 kB	104.21.9.180

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-23 18:54:46	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-23 18:54:46	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-23 18:54:46	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-23 18:54:46	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-23 18:54:47	high	Client IP	104.21.9.180	ThreatFox botnet C2 traffic (url - confidence level: 100%)
2023-11-23 18:54:47	low	Client IP	104.21.9.180	ET INFO HTTP Request to a *.pw domain
2023-11-23 18:54:48	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-23 18:54:48	low	Client IP	104.21.9.180	ET INFO HTTP Request to a *.pw domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-11-23	medium	revivalsecularas.pw	Sinkholed
2023-11-23	medium	revivalsecularas.pw	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-23	medium	revivalsecularas.pw	Sinkholed
2023-11-23	medium	revivalsecularas.pw	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	revivalsecularas.pw/api	Lumma Stealer
2023-11-21	medium	revivalsecularas.pw	Lumma Stealer

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

revivalsecularas.pw/api

104.21.9.180

200 OK

55 B

URL User Request GET HTTP/1.1
revivalsecularas.pw/api
IP
104.21.9.180:80
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
55 B (55 bytes)
Hash
27639e106011169d8b2212e7bcd6c577
de98d5aaff430b30053ba3beffed2f5f95948b9d
2054eceebe9f4eecd30d1148bfd092d21490abfb72b5c0f8c6bab8842420df00

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /api HTTP/1.1
Host: revivalsecularas.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 23 Nov 2023 18:54:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=dn11mk75rvjm2thft9075t7c3a; expires=Mon, 18 Mar 2024 12:41:24 GMT; Max-Age=9999999; path=/
xdober_setting_show_country=1; expires=Mon, 22 Jan 2024 18:54:45 GMT; Max-Age=5184000; path=/
xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRT%2BsWOZFFuyAH%2BQ1%2FQ5jwCAlhaQLtO%2B7uW%2FH%2BQv5e%2FGI3iT9tljBg27eiA0TzYdrV5CFWzeHAPSeavyFP3Tl2WuF%2F3s7j7DrVZ%2FEqNZblAte5SHc6joo%2BaX0ps%2FxhvwT77kLYu5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82ab9f532f0a5691-OSL
Content-Encoding: gzip

revivalsecularas.pw/favicon.ico

104.21.9.180

403 Forbidden

3.2 kB

URL GET HTTP/1.1
revivalsecularas.pw/favicon.ico
IP
104.21.9.180:80
ASN
#13335 CLOUDFLARENET

Requested by
http://revivalsecularas.pw/api

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4813), with no line terminators
Size
3.2 kB (3194 bytes)
Hash
6ecf9ee63f72f1a1d368d64953449783
229ac2090c85e38eb3bd73747995db15eba6a022
3b778008664633069aa3e8009b43a82411864c14d18b65a88e075cdb88fc6a41

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: revivalsecularas.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://revivalsecularas.pw/api
Cookie: PHPSESSID=dn11mk75rvjm2thft9075t7c3a; xdober_setting_show_country=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 23 Nov 2023 18:54:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=adStJ20I6UKIV7bWxHSrzXiNSOJusLin15drBuK2MLEjRqkqU9EX1rQu5lZbHM3%2FfdsoRuin3TJJco6vmkxXa5yyFgmKyWJdVghAxTP14TglYPGA2uCBAtVQ6TB%2FZJF1qt%2BrRtSN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82ab9f5e1f5c5691-OSL
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers