Report - lightrider.su/

Report Overview

Submitted URL
lightrider.su/
IP
104.21.7.124
ASN
#13335 CLOUDFLARENET
Submitted
2023-05-04 21:08:23
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
12
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
lightrider.su	unknown	2023-03-07	2023-04-27	2023-05-04	709 B	2.2 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-04 21:08:18	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-05-04 21:08:18	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-05-04 21:08:18	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-05-04 21:08:18	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-05-04 21:08:19	medium	Client IP	188.114.97.1	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-05-04 21:08:19	medium	Client IP	188.114.97.1	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-05-04 21:08:19	low	188.114.97.1	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-05-04 21:08:19	low	188.114.97.1	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-05-04 21:08:19	low	188.114.97.1	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-05-04 21:08:19	low	188.114.97.1	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-05-04 21:08:19	medium	Client IP	188.114.97.1	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-05-04 21:08:19	medium	Client IP	188.114.97.1	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	lightrider.su/	1.2 kB	2023-05-04	2023-05-09
Pretty URL lightrider.su/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-04 23:08:24 Last Seen2023-05-09 04:07:11 Times Seen3 Hash d5840d137316b9350c4e48cfdf5d5249 f77b7f92802a3fe3aae69afb3544b5b68283da4e b5dc29d03b1d6c7a669cd91161932a3bd91086d076f21d6e6d58d4001f4fb5df Loading...

HTTP Transactions (2)

URL IP Response Size

lightrider.su/

188.114.97.1

200 OK

595 B

URL User Request GET HTTP/1.1
lightrider.su/
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1180), with CRLF, LF line terminators
Size
595 B (595 bytes)
Hash
dac584fe712cf30526efe34d08a1958c
278d62f0d402af29060066a089842404b86f2377
f31c71fa5179494de3d577b314591162c59fc4b330be627e8817219b4f3dbbe4

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET / HTTP/1.1
Host: lightrider.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 04 May 2023 21:08:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://lightrider.su/?jobeba=vipulobusucanudu
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DqO53dZOvUZLNsMiroCqMkC2x5LVdJBM5uK%2B1d17UrL9LjG4sQjoCsO3jL0FIabqwNwPPG3z%2FXQqR2EOb1nw3u1S%2FXQX94yBkxZdma9wXsqYfb94u7CiY7W27cHCd%2Fbv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7c23b7989995b50b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

lightrider.su/favicon.ico

188.114.97.1

404 Not Found

229 B

URL GET HTTP/1.1
lightrider.su/favicon.ico
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://lightrider.su/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
229 B (229 bytes)
Hash
f0f8dfc4a958c575ce7578ac9f053442
225148e65a8b8a8567c7c8c29783d24d0c4aa93a
a3acd5e02de142b1ac04ad2a487796d106d84cc686bbc578751acc4240631b06

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lightrider.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lightrider.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 04 May 2023 21:08:07 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELfa36UJ7i8LbZEk0esejJvV7CsNhJt4d4C9lTdcLeroBglawyF90P0ezcpMX4QWndB%2FK92d%2BBNlPTl3GoTMT6w%2BQ9xNY3G5ERuur%2FxsfINC3xtTfO61xAu3urumQNlU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c23b79b6cf6b50b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers