urlquery - report: ebae.monster/rd/c20245uCzgW888787riqL52wpK2550zRlI613

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
ebae.monster (2)	0	No data	No data	924	699	85.93.28.224
ocsp.sectigo.com (1)	487	2019-11-29 12:50:24	2023-05-25 19:07:25	330	964	104.18.14.101
www.therealbestcap.com (1)	0	2022-11-30 10:37:18	2023-05-18 19:52:01	569	188	146.59.116.128

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	ebae.monster/rd/c20245uCzgW888787riqL52wpK2550zRlI613	Spam
2023-05-26	medium	ebae.monster/track/c20245uCzgW888787riqL52wpK2550zRlI613	Spam

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	therealbestcap.com	Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-05-26 05:43:12 UTC	0 - 0 - 3	ebae.monster/rd/c20245uCzgW888787riqL52wpK255 (...)	85.93.28.224

Date	UQ / IDS / BL	URL	IP
2023-05-31 16:51:08 UTC	0 - 0 - 5	www.xn-av.com/auth/login.php?c=DtXI&replaceCu (...)	5.230.57.34
2023-05-27 08:26:07 UTC	0 - 2 - 40	ntc-pk.org/	5.230.72.173
2023-05-26 05:43:12 UTC	0 - 0 - 3	ebae.monster/rd/c20245uCzgW888787riqL52wpK255 (...)	85.93.28.224
2023-05-23 10:40:00 UTC	0 - 1 - 14	sentianly.com	89.144.62.41
2023-05-22 11:11:51 UTC	0 - 2 - 14	sentianly.com	89.144.62.41

Date	UQ / IDS / BL	URL	IP
2023-05-26 05:43:12 UTC	0 - 0 - 3	ebae.monster/rd/c20245uCzgW888787riqL52wpK255 (...)	85.93.28.224

Date	UQ / IDS / BL	URL	IP
2023-06-06 05:45:53 UTC	0 - 0 - 2	66.248.204.53/	66.248.204.53
2023-06-06 05:45:20 UTC	0 - 14 - 0	ikido-kenshukai.co.cc/	175.126.123.219
2023-06-06 05:45:12 UTC	0 - 1 - 0	ennaouris.blogspot.com/	172.217.21.161
2023-06-06 05:44:25 UTC	0 - 0 - 2	peachywaspish.com/pixel/purst?dl=0&th=0&sc=0& (...)	192.243.61.227
2023-06-06 05:39:51 UTC	0 - 2 - 0	www.pepasport.cz/sekce/clanky/grand-prix-pepa (...)	213.155.226.252

Request	Response
GET /rd/c20245uCzgW888787riqL52wpK2550zRlI613 HTTP/1.1 Host: ebae.monster User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache	85.93.28.224 HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Date: Fri, 26 May 2023 05:42:53 GMT Content-Length: 243 --- Additional Info --- Magic: HTML document, ASCII text Size: 243 Md5: 45e3305389edc4d26f20f3ed270de653 Sha1: 7adeb5558d16808f2b60fee7258382fb86cd2d79 Sha256: ced6411122f104b7f8adbbe3cdf5f3d8cba7649a9576e292e77379214d51dd4b Blocklists: - fortinet: Spam
GET /track/c20245uCzgW888787riqL52wpK2550zRlI613 HTTP/1.1 Host: ebae.monster User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://ebae.monster/rd/c20245uCzgW888787riqL52wpK2550zRlI613 DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache	85.93.28.224 HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Location: https://www.therealbestcap.com/5XZ46ZL/23N2JSPB/?sub1=9&sub2=613-20245&sub3=888787-52-2550 Date: Fri, 26 May 2023 05:42:58 GMT Content-Length: 121 --- Additional Info --- Magic: HTML document, ASCII text Size: 121 Md5: 5adc83fb376240fda0c2261de47612a9 Sha1: 947f2c708d6ed93d9ba4abcf099a94ca6ad2997c Sha256: 4b22af1349039752b237082b4629400f3e77b2749128ba7de547923e087ac64d Blocklists: - fortinet: Spam
POST / HTTP/1.1 Host: ocsp.sectigo.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	104.18.14.101 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 26 May 2023 05:42:58 GMT Content-Length: 472 Connection: keep-alive Last-Modified: Tue, 23 May 2023 19:08:04 GMT Expires: Tue, 30 May 2023 19:08:03 GMT Etag: "19b07bf155f7829d059102d894eca0a983e71678" Cache-Control: max-age=393304,s-maxage=1800,public,no-transform,must-revalidate X-CCACDN-Proxy-ID: mcdpinlb5 X-Frame-Options: SAMEORIGIN CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7cd3b2a609a41c12-OSL --- Additional Info --- Magic: data Size: 472 Md5: a4bb46a06b6c7dc7fa27483abc2f0854 Sha1: 19b07bf155f7829d059102d894eca0a983e71678 Sha256: 5203552fa0444473a132e329dc305d961e602cf6a27166b36fd1375a38d62516
GET /5XZ46ZL/23N2JSPB/?sub1=9&sub2=613-20245&sub3=888787-52-2550 HTTP/1.1 Host: www.therealbestcap.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://ebae.monster/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	146.59.116.128 HTTP/1.1 204 No Content Server: nginx Date: Fri, 26 May 2023 05:42:58 GMT Accept-Ch: Sec-Ch-Ua-Platform-Version Vary: Origin X-Eflow-Request-Id: 4c21b50e-d14a-4a3e-aed5-aa2ed2549f80 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Blocklists: - quad9: Sinkholed

                                        
                                            GET /rd/c20245uCzgW888787riqL52wpK2550zRlI613 HTTP/1.1 

                                        
                                            
Host: ebae.monster

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             85.93.28.224

                                            
                                                HTTP/1.1 200 OK 

                                            
                                                
Content-Type: text/html; charset=utf-8

                                            

                                            
                                                
Date: Fri, 26 May 2023 05:42:53 GMT 

                                            
                                                
Content-Length: 243 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document, ASCII text

                                                Size:   243

                                                Md5:    45e3305389edc4d26f20f3ed270de653

                                                Sha1:   7adeb5558d16808f2b60fee7258382fb86cd2d79

                                                Sha256: ced6411122f104b7f8adbbe3cdf5f3d8cba7649a9576e292e77379214d51dd4b

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Spam

                                        
                                            GET /track/c20245uCzgW888787riqL52wpK2550zRlI613 HTTP/1.1 

                                        
                                            
Host: ebae.monster

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Referer: http://ebae.monster/rd/c20245uCzgW888787riqL52wpK2550zRlI613 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             85.93.28.224

                                            
                                                HTTP/1.1 302 Found 

                                            
                                                
Content-Type: text/html; charset=utf-8

                                            

                                            
                                                
Location: https://www.therealbestcap.com/5XZ46ZL/23N2JSPB/?sub1=9&sub2=613-20245&sub3=888787-52-2550 

                                            
                                                
Date: Fri, 26 May 2023 05:42:58 GMT 

                                            
                                                
Content-Length: 121 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  HTML document, ASCII text

                                                Size:   121

                                                Md5:    5adc83fb376240fda0c2261de47612a9

                                                Sha1:   947f2c708d6ed93d9ba4abcf099a94ca6ad2997c

                                                Sha256: 4b22af1349039752b237082b4629400f3e77b2749128ba7de547923e087ac64d

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Spam

                                        
                                            GET /5XZ46ZL/23N2JSPB/?sub1=9&sub2=613-20245&sub3=888787-52-2550 HTTP/1.1 

                                        
                                            
Host: www.therealbestcap.com

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
Referer: http://ebae.monster/ 

                                        
                                            
DNT: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             146.59.116.128

                                            
                                                HTTP/1.1 204 No Content

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Fri, 26 May 2023 05:42:58 GMT 

                                            
                                                
Accept-Ch: Sec-Ch-Ua-Platform-Version 

                                            
                                                
Vary: Origin 

                                            
                                                
X-Eflow-Request-Id: 4c21b50e-d14a-4a3e-aed5-aa2ed2549f80 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        

                                        
                                            

                                            

                                            
                                                Blocklists:

                                                
                                                      - quad9: Sinkholed

URL	ebae.monster/rd/c20245uCzgW888787riqL52wpK2550zRlI613
IP	85.93.28.224 (Germany)
ASN	#12586 GHOSTnet GmbH
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 05:43:12 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	3
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (3)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 85.93.28.224

Last 5 reports on ASN: GHOSTnet GmbH

Last 1 reports on domain: ebae.monster

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (4)

Overview

Domain Summary (3)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 85.93.28.224

Last 5 reports on ASN: GHOSTnet GmbH

Last 1 reports on domain: ebae.monster

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (4)

Network Intrusion Detection Systems