Report - maskdefi.info/cdn-cgi/phish-bypass?atok=tGRW2e_B.fwV2pcLVfum60ubEyRaOGosMwO.bXSGLvQ-1747414866.7732058-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3DKM_DLRvZDXStZNl138Ap8oVgNFEOILkRJd5jayS6Xpg-1747259483.871904-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253Dkhy.p2vucqH9NqS01WgzklE8jtxAE63QX0PnhA74A0E-1747215390.0918763-0.0.1.1-%25252Fcdn-cgi%25252Fphish-bypass%25253Fatok%25253DsQ8Wh7p1wGnTJFdwez8kpdlKOg1hoRYtzjBf7FD77Eg-1747125962.514128-0.0.1.1-%2525252F%252526cf-turnstile-response%25253D%2526cf-turnstile-response%253D%26cf-turnstile-response%3D&cf-turnstile-response=

Report Overview

Visitedpublic

2025-05-17 15:57:27

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
maskdefi.info	unknown	2025-05-02	2025-05-13	2025-05-13	2.9 kB	12 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-17	medium	maskdefi.info	Sinkholed
2025-05-17	medium	maskdefi.info	Sinkholed
2025-05-17	medium	maskdefi.info	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

GET maskdefi.info/cdn-cgi/phish-bypass?atok=tGRW2e_B.fwV2pcLVfum60ubEyRaOGosMwO.bXSGLvQ-1747414866.7732058-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3DKM_DLRvZDXStZNl138Ap8oVgNFEOILkRJd5jayS6Xpg-1747259483.871904-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253Dkhy.p2vucqH9NqS01WgzklE8jtxAE63QX0PnhA74A0E-1747215390.0918763-0.0.1.1-%25252Fcdn-cgi%25252Fphish-bypass%25253Fatok%25253DsQ8Wh7p1wGnTJFdwez8kpdlKOg1hoRYtzjBf7FD77Eg-1747125962.514128-0.0.1.1-%2525252F%252526cf-turnstile-response%25253D%2526cf-turnstile-response%253D%26cf-turnstile-response%3D&cf-turnstile-response=

188.114.96.1

403 Forbidden

5.5 kB

URL

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (694)

First Seen2025-05-17

Last Seen2025-05-17

Times Seen1

Size5.5 kB (5482 bytes)

MD519666f48c3cc40db8d65f76a2d9dac3c

SHA11bb550a02de2a999463d8a20975b101425612590

SHA2560012884a967a6ac1e877bd157d3e7edf4d0bdd07b09dd5fd05128dabad39ac1a

Certificate Info

IssuerGoogle Trust Services

Subjectmaskdefi.info

Fingerprint07:56:3A:E7:8F:10:DA:5B:36:F3:81:9F:ED:F7:69:18:0B:1E:EF:CA

ValidityFri, 02 May 2025 00:28:57 GMT - Thu, 31 Jul 2025 01:26:22 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/phish-bypass?atok=tGRW2e_B.fwV2pcLVfum60ubEyRaOGosMwO.bXSGLvQ-1747414866.7732058-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3DKM_DLRvZDXStZNl138Ap8oVgNFEOILkRJd5jayS6Xpg-1747259483.871904-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253Dkhy.p2vucqH9NqS01WgzklE8jtxAE63QX0PnhA74A0E-1747215390.0918763-0.0.1.1-%25252Fcdn-cgi%25252Fphish-bypass%25253Fatok%25253DsQ8Wh7p1wGnTJFdwez8kpdlKOg1hoRYtzjBf7FD77Eg-1747125962.514128-0.0.1.1-%2525252F%252526cf-turnstile-response%25253D%2526cf-turnstile-response%253D%26cf-turnstile-response%3D&cf-turnstile-response= HTTP/1.1
Host: maskdefi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sat, 17 May 2025 15:57:06 GMT
content-type: text/html; charset=utf-8
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=nNMwVfFXJGLT5JRpW9JGUI%2BAkM%2Fts9kJ7tAOVqHbH%2Bfy4cf6ukjboLwkyHud%2F3Wvl8zXuHATKgiUmtYQBs7baPK8RPWAPg35J6ZG"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 94144f00cb20b517-OSL
X-Firefox-Spdy: h2

188.114.96.1

403 Forbidden

151 B

URL

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-14

Last Seen2025-07-31

Times Seen113171

Size151 B (151 bytes)

MD5c371fa8374a06a3c0535fc341d454236

SHA1441671eacb9398792d435443beaddd3fc5fa1910

SHA256eed0b81a2fbdd1c5a9f80705885fc5bbf346ba428a79ff7a13ec8491c6a8e96c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/phish-bypass?atok=tGRW2e_B.fwV2pcLVfum60ubEyRaOGosMwO.bXSGLvQ-1747414866.7732058-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3DKM_DLRvZDXStZNl138Ap8oVgNFEOILkRJd5jayS6Xpg-1747259483.871904-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253Dkhy.p2vucqH9NqS01WgzklE8jtxAE63QX0PnhA74A0E-1747215390.0918763-0.0.1.1-%25252Fcdn-cgi%25252Fphish-bypass%25253Fatok%25253DsQ8Wh7p1wGnTJFdwez8kpdlKOg1hoRYtzjBf7FD77Eg-1747125962.514128-0.0.1.1-%2525252F%252526cf-turnstile-response%25253D%2526cf-turnstile-response%253D%26cf-turnstile-response%3D&cf-turnstile-response= HTTP/1.1
Host: maskdefi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 17 May 2025 15:57:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
CF-RAY: 94144f01a9615691-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Encoding: gzip

GET maskdefi.info/favicon.ico

188.114.96.1

403 Forbidden

4.6 kB

URL

maskdefi.info/favicon.ico

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttp://maskdefi.info/cdn-cgi/phish-bypass?atok=tGRW2e_B.fwV2pcLVfum60ubEyRaOGosMwO.bXSGLvQ-1747414866.7732058-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3DKM_DLRvZDXStZNl138Ap8oVgNFEOILkRJd5jayS6Xpg-1747259483.871904-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253Dkhy.p2vucqH9NqS01WgzklE8jtxAE63QX0PnhA74A0E-1747215390.0918763-0.0.1.1-%25252Fcdn-cgi%25252Fphish-bypass%25253Fatok%25253DsQ8Wh7p1wGnTJFdwez8kpdlKOg1hoRYtzjBf7FD77Eg-1747125962.514128-0.0.1.1-%2525252F%252526cf-turnstile-response%25253D%2526cf-turnstile-response%253D%26cf-turnstile-response%3D&cf-turnstile-response=

Resource Info

File typeHTML document, ASCII text, with very long lines (394)

First Seen2025-05-17

Last Seen2025-05-17

Times Seen1

Size4.6 kB (4556 bytes)

MD52c7355048ac3962b2e62e9cca5bc7479

SHA1a692099f8be51ea82163b311f9c1a3a7142bb753

SHA256f1872e27838aeca61bb0755245c5c16f84a064bac5650c6b2edb07f32dc8b1b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: maskdefi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://maskdefi.info/cdn-cgi/phish-bypass?atok=tGRW2e_B.fwV2pcLVfum60ubEyRaOGosMwO.bXSGLvQ-1747414866.7732058-0.0.1.1-%2Fcdn-cgi%2Fphish-bypass%3Fatok%3DKM_DLRvZDXStZNl138Ap8oVgNFEOILkRJd5jayS6Xpg-1747259483.871904-0.0.1.1-%252Fcdn-cgi%252Fphish-bypass%253Fatok%253Dkhy.p2vucqH9NqS01WgzklE8jtxAE63QX0PnhA74A0E-1747215390.0918763-0.0.1.1-%25252Fcdn-cgi%25252Fphish-bypass%25253Fatok%25253DsQ8Wh7p1wGnTJFdwez8kpdlKOg1hoRYtzjBf7FD77Eg-1747125962.514128-0.0.1.1-%2525252F%252526cf-turnstile-response%25253D%2526cf-turnstile-response%253D%26cf-turnstile-response%3D&cf-turnstile-response=
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 17 May 2025 15:57:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XG6lB8sfJHCmZtcZthyw7%2F8Hvd4IODvU7GdMRtaaebWZnQz%2ByKYUs%2FyJPHtPu9bZlR1QKoPRaAKhw9FwTZP1hhuQJbvyZPMgZWnsvT92H54xAochXvCja31%2F1nheDlxl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 94144f029bcf5691-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60