Report - mkrep.ru/bitrix/redirect.php?event1=&event2=&event3=&goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread

Report Overview

Visited public
2023-09-19 05:24:32
Tags
Submit Tags
URL
mkrep.ru/bitrix/redirect.php?event1=&event2=&event3=&goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread
Finishing URL
snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread
IP / ASN
178.250.157.102
#29182 JSC IOT
Title
Illusional Love BBS

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mkrep.ru	unknown	2015-07-04	2015-07-05 12:08:01	2023-09-19 07:24:07	1.2 kB	37 kB	178.250.157.102
snow-drop-tales.sakura.ne.jp	unknown	2017-07-21	2018-02-19 06:56:33	2023-09-19 07:24:15	1.7 kB	38 kB	219.94.129.101
affiliate.dtiserv.com	456046	1996-09-30	2012-07-05 16:22:33	2023-09-09 21:30:50	760 B	17 kB	140.174.2.195

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-19 05:24:19	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-09-19 05:24:19	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-09-19 05:24:20	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .world TLD
2023-09-19 05:24:20	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .world TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread	ScriptElement	120 B	2023-03-25	2025-03-08
Pretty URL snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread IP 219.94.129.101 ASN #9371 SAKURA Internet Inc. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-25 23:11 Last Seen2025-03-08 09:36 Times Seen7 Hash c630408726027b228179c9c0873d2269 e070cec778d17fde0640d07a10443491f7fbf536 d228f4ec4900d1f28b4027e955dbba1247647f384ac8abfb23671978b5b9835e Loading...

HTTP Transactions (8)

	URL	IP	Response	Size
	mkrep.ru/bitrix/redirect.php?event1=&event2=&event3=&goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread	178.250.157.102		0 B
URL mkrep.ru/bitrix/redirect.php?event1=&event2=&event3=&goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread IP 178.250.157.102:0 ASN #29182 JSC IOT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /bitrix/redirect.php?event1=&event2=&event3=&goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread HTTP/1.1 Host: mkrep.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: nginx date: Tue, 19 Sep 2023 05:24:15 GMT content-type: text/html; charset=UTF-8 content-length: 0 vary: HTTPS p3p: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA" x-powered-cms: Bitrix Site Manager (1d59a9e9a41e2e5da70d3c33f6f83c9a) expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache location: http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread set-cookie: PHPSESSID=k6GkwQ346HavhRB5XZ7dKEISkF7Zf1oG; path=/; HttpOnly BITRIX_SM_GUEST_ID=3487410; expires=Fri, 13-Sep-2024 05:24:15 GMT; Max-Age=31104000; path=/ BITRIX_SM_LAST_VISIT=19.09.2023%2008%3A24%3A15; expires=Fri, 13-Sep-2024 05:24:15 GMT; Max-Age=31104000; path=/ x-content-type-options: nosniff x-frame-options: SAMEORIGIN X-Firefox-Spdy: h2

	GET snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread	219.94.129.101	200 OK	35 kB
URL User Request GET HTTP/1.1 snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread IP 219.94.129.101:80 ASN #9371 SAKURA Internet Inc. File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (17455) Size 35 kB (34814 bytes) Hash 73f79c56db0cdc034c69e01843eb88d9 ff03145c034a4fcfcf7ac5286a7113323880c3ba 77ff680e357a4182d2251d7c3bdb1b0602be6b5444526d65dc52bf79f12b9ba3 HTTP Headers `GET /s/yybbs63/yybbs.cgi?list=thread HTTP/1.1 Host: snow-drop-tales.sakura.ne.jp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Tue, 19 Sep 2023 05:24:16 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive`

	GET affiliate.dtiserv.com/image/eroanime/124-468-06.gif	140.174.2.195	404 Not Found	603 B
URL GET HTTP/1.1 affiliate.dtiserv.com/image/eroanime/124-468-06.gif IP 140.174.2.195:80 ASN #30212 HYPERMEDIA-SYSTEMS Requested by http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text Size 603 B (603 bytes) Hash ec66ea85f6cdd590ccc24b6d956aa1f2 303caf6690376a242aefc9ec513a29f3b3679c8d e9fa33abf2ec52fb1f46f77c773ca400421e6a363568f9919f245fb4cf7e26f1 HTTP Headers `GET /image/eroanime/124-468-06.gif HTTP/1.1 Host: affiliate.dtiserv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://snow-drop-tales.sakura.ne.jp/ Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 404 Not Found Date: Tue, 19 Sep 2023 05:24:17 GMT Content-Type: text/html Content-Length: 603 Connection: keep-alive ETag: "60bfc381-25b" X-Sh: 107`

	GET affiliate.dtiserv.com/image/netcomic/122-400-04.gif	140.174.2.195	200 OK	16 kB
URL GET HTTP/1.1 affiliate.dtiserv.com/image/netcomic/122-400-04.gif IP 140.174.2.195:80 ASN #30212 HYPERMEDIA-SYSTEMS Requested by http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread File type GIF image data, version 89a, 400 x 60\012- data Size 16 kB (16014 bytes) Hash bb2385117362cb3c101121607b49f912 28c990c94a0f3a46acd11a9204b8e8a747f0afa1 96dbed549bdd8bfe4bf75ec90d5080849b77306d4e341f9a83c9a45491cb43db HTTP Headers `GET /image/netcomic/122-400-04.gif HTTP/1.1 Host: affiliate.dtiserv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://snow-drop-tales.sakura.ne.jp/ Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Tue, 19 Sep 2023 05:24:17 GMT Content-Type: image/gif Content-Length: 16014 Last-Modified: Mon, 14 Jul 2008 19:57:30 GMT Connection: keep-alive ETag: "487bafaa-3e8e" X-Sh: 103 Strict-Transport-Security: max-age=31536000 X-Requested-Domain: affiliate.dtiserv.com Accept-Ranges: bytes`

	GET snow-drop-tales.sakura.ne.jp/s/yybbs63/img/home.gif	219.94.129.101	200 OK	1.7 kB
URL GET HTTP/1.1 snow-drop-tales.sakura.ne.jp/s/yybbs63/img/home.gif IP 219.94.129.101:80 ASN #9371 SAKURA Internet Inc. Requested by http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread File type GIF image data, version 89a, 16 x 20\012- data Size 1.7 kB (1699 bytes) Hash 53151703af319044a4bdaa73080a3dab 4a47137bf235f1eae62c415fcada58505a2006c3 3f10936d2df16604505064e2de7b80c6b0aeb213a9aecfe0d0f58e8b15c3dad4 HTTP Headers `GET /s/yybbs63/img/home.gif HTTP/1.1 Host: snow-drop-tales.sakura.ne.jp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Tue, 19 Sep 2023 05:24:17 GMT Content-Type: image/gif Content-Length: 1699 Connection: keep-alive Last-Modified: Wed, 15 Sep 2010 01:53:36 GMT ETag: "6a3-4904299000800" Accept-Ranges: bytes`

	GET snow-drop-tales.sakura.ne.jp/favicon.ico	219.94.129.101	404 Not Found	196 B
URL GET HTTP/1.1 snow-drop-tales.sakura.ne.jp/favicon.ico IP 219.94.129.101:80 ASN #9371 SAKURA Internet Inc. Requested by http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size 196 B (196 bytes) Hash 62962daa1b19bbcc2db10b7bfd531ea6 d64bae91091eda6a7532ebec06aa70893b79e1f8 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: snow-drop-tales.sakura.ne.jp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 404 Not Found Server: nginx Date: Tue, 19 Sep 2023 05:24:17 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: keep-alive`

	GET snow-drop-tales.sakura.ne.jp/s/yybbs63/registkey.cgi?w1sO9SOWjwSCDlCOF5w5.	219.94.129.101	200 OK	185 B
URL GET HTTP/1.1 snow-drop-tales.sakura.ne.jp/s/yybbs63/registkey.cgi?w1sO9SOWjwSCDlCOF5w5. IP 219.94.129.101:80 ASN #9371 SAKURA Internet Inc. Requested by http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread File type GIF image data, version 89a, 32 x 18\012- data Size 185 B (185 bytes) Hash 417f00d3f2967631464f85129ef95ab0 31ffa88d0c0901d33048ea2695d766387432a384 3e49c132eb59a985d32c690e4549be4d73d0b7e1d51ba53e436b06660734aa60 HTTP Headers `GET /s/yybbs63/registkey.cgi?w1sO9SOWjwSCDlCOF5w5. HTTP/1.1 Host: snow-drop-tales.sakura.ne.jp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://snow-drop-tales.sakura.ne.jp/s/yybbs63/yybbs.cgi?list=thread Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Tue, 19 Sep 2023 05:24:18 GMT Content-Type: image/gif Transfer-Encoding: chunked Connection: keep-alive`

	GET mkrep.ru/bitrix/redirect.php?event1=&event2=&event3=&goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread	178.250.157.102	302 Found	35 kB
URL User Request GET HTTP/2 mkrep.ru/bitrix/redirect.php?event1=&event2=&event3=&goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread IP 178.250.157.102:443 ASN #29182 JSC IOT Certificate IssuerLet's Encrypt Subjectmkrep.ru Fingerprint07:8F:A4:75:14:1D:29:58:D0:55:B3:98:29:6F:0B:09:B3:35:E2:19 ValidityFri, 18 Aug 2023 22:00:23 GMT - Thu, 16 Nov 2023 22:00:22 GMT File type Size 35 kB (34814 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /bitrix/redirect.php?event1=&event2=&event3=&goto=http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread HTTP/1.1 Host: mkrep.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: nginx date: Tue, 19 Sep 2023 05:24:15 GMT content-type: text/html; charset=UTF-8 content-length: 0 vary: HTTPS p3p: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA" x-powered-cms: Bitrix Site Manager (1d59a9e9a41e2e5da70d3c33f6f83c9a) expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache location: http://Snow-Drop-Tales.Sakura.Ne.jp/s/yybbs63/yybbs.cgi?list=thread set-cookie: PHPSESSID=k6GkwQ346HavhRB5XZ7dKEISkF7Zf1oG; path=/; HttpOnly BITRIX_SM_GUEST_ID=3487410; expires=Fri, 13-Sep-2024 05:24:15 GMT; Max-Age=31104000; path=/ BITRIX_SM_LAST_VISIT=19.09.2023%2008%3A24%3A15; expires=Fri, 13-Sep-2024 05:24:15 GMT; Max-Age=31104000; path=/ x-content-type-options: nosniff x-frame-options: SAMEORIGIN X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type