Report - goo.su/IoUXNk

Report Overview

Visited public
2024-06-30 12:46:48
Tags
Submit Tags
URL
goo.su/IoUXNk
Finishing URL
lucky109.com/?ch=11111
IP / ASN
104.21.38.221
#13335 CLOUDFLARENET
Title
Lucky97

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
login.jiewtyevtebibewtyi.com	unknown	unknown	No data	No data	476 B	7.0 kB	172.67.152.135
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-29 18:13:04	2.0 kB	5.3 kB	2.23.172.201
lucky109.com	unknown	unknown	No data	No data	4.0 kB	1.6 MB	104.21.26.131
goo.su	377451	2019-06-14	2017-05-12 21:35:59	2024-06-20 20:18:49	467 B	176 kB	104.21.38.221

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-06-30 12:46:22	low	Client IP	104.21.38.221	ET INFO Observed URL Shortener Service Domain (goo .su in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-30	medium	jiewtyevtebibewtyi.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	lucky109.com/myJavascript.js	ScriptElement	4.0 kB	2024-06-30	2024-08-19
Pretty URL lucky109.com/myJavascript.js IP 104.21.26.131 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-30 14:46 Last Seen2024-08-19 18:43 Times Seen5 Hash c71bd33cd40d3436671b72c269f24b15 e8003b0a88b969df4050ac1906fe213fa1606405 3f905558a7e4e7a5a39cd2051dca1db9760d196645b2e9dd50e907b32fb6e6d6 Loading...

	lucky109.com/?ch=11111	ScriptElement	0 B	0001-01-01	2025-06-29
Pretty URL lucky109.com/?ch=11111 IP 104.21.26.131 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-29 05:34 Times Seen5189927 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (17)

URL IP Response Size

r10.o.lencr.org/

2.23.172.201

504 B

URL
r10.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
11d12f1fba8aca9d9418e9d8dc4952bf
815abf5c4b5eb6f908e3c9aa829ee2e6ccdcc449
97f30de1fa8e41bf859ba482af92cec319429e14f4f81a9c675977b672ed7b9a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "97F30DE1FA8E41BF859BA482AF92CEC319429E14F4F81A9C675977B672ED7B9A"
Last-Modified: Fri, 28 Jun 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13424
Expires: Sun, 30 Jun 2024 16:30:06 GMT
Date: Sun, 30 Jun 2024 12:46:22 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.201

504 B

URL
r10.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f6d043d7b5e98906db1fe2695e98859c
154db889ef567d2839bb7eaa15818cd546495b4f
f4fcc79261acda8e1cb81b9fc6524ee560b60740b0cf8107308dc82750dc079a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F4FCC79261ACDA8E1CB81B9FC6524EE560B60740B0CF8107308DC82750DC079A"
Last-Modified: Sat, 29 Jun 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18482
Expires: Sun, 30 Jun 2024 17:54:24 GMT
Date: Sun, 30 Jun 2024 12:46:22 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.201

504 B

URL
r10.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d7cd114e209a6a2072fa2672372a02f1
3e872420829976f523c9a9b28225e81ad877bfc9
5d0241d467ad619637837f9894f8011e62a08a39bd81dd072cad8091dd58a588

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D0241D467AD619637837F9894F8011E62A08A39BD81DD072CAD8091DD58A588"
Last-Modified: Sat, 29 Jun 2024 16:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14060
Expires: Sun, 30 Jun 2024 16:40:42 GMT
Date: Sun, 30 Jun 2024 12:46:22 GMT
Connection: keep-alive

GET lucky109.com/myJavascript.js

104.21.26.131

200 OK

1.4 kB

URL GET HTTP/3
lucky109.com/myJavascript.js
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
ASCII text, with CRLF line terminators
Size
1.4 kB (1417 bytes)
Hash
c71bd33cd40d3436671b72c269f24b15
e8003b0a88b969df4050ac1906fe213fa1606405
3f905558a7e4e7a5a39cd2051dca1db9760d196645b2e9dd50e907b32fb6e6d6

HTTP Headers

GET /myJavascript.js HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lucky109.com/?ch=11111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 30 Jun 2024 12:46:24 GMT
content-type: application/javascript
content-length: 1417
content-encoding: gzip
last-modified: Fri, 14 Jun 2024 09:58:37 GMT
etag: "80c4e56c41beda1:0"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EJTrYL1I1O2drMVjYGHBjWC5tCdBRR6lZx8tnljVwdGSYeJnIg8HrmIovm%2FZsyirHLXvxBdtA4mnCbzRSJVY2tkuW3QUAHkZINPzmvJ1NugWGn6ISKU5D%2BWjPu82CTM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89be42481f1592d9-CPH
alt-svc: h3=":443"; ma=86400

GET lucky109.com/css/index.css

104.21.26.131

200 OK

840 B

URL GET HTTP/3
lucky109.com/css/index.css
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
ASCII text, with CRLF line terminators
Size
840 B (840 bytes)
Hash
bd03bd5fa21e2838ec1b044730938556
158f5a2c36a369d4c4bc2729853de2a6d6664428
53ab16932aa61c1c4445e2e3e3126adc00680ce91a3e6fa6081400b33e6504ba

HTTP Headers

GET /css/index.css HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lucky109.com/?ch=11111
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 30 Jun 2024 12:46:24 GMT
content-type: text/css
content-length: 840
content-encoding: gzip
last-modified: Fri, 14 Jun 2024 10:06:22 GMT
etag: "023f8242beda1:0"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8c%2BWLNiWnPK0lmFgeTgB7b8tgOYVt31%2BBw34mzBPOT5uOmu%2FHi7Z7R300zqXmtUAuXSLD%2BhVdsdaguwm3gvmtnA38wN3Fi152iiHuJlYDQO%2BmmdqFPf%2BCIKmLIaW6AA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89be42482f2f92d9-CPH
alt-svc: h3=":443"; ma=86400

GET lucky109.com/css/normalize.css

104.21.26.131

200 OK

2.5 kB

URL GET HTTP/3
lucky109.com/css/normalize.css
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
ASCII text
Size
2.5 kB (2453 bytes)
Hash
be7f3425b44480dcf3aab3408f632f37
9b97b57947a4d320c0aea1653fafba7c8e83f242
b87bb63007752ef08e544021bcc95de0ba498bb754192ec6573bc6ff9077865a

HTTP Headers

GET /css/normalize.css HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lucky109.com/?ch=11111
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 30 Jun 2024 12:46:24 GMT
content-type: text/css
last-modified: Thu, 27 Aug 2020 02:13:30 GMT
etag: W/"04114a8177cd61:0"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aKoPRwFTV1Y7viiBI6gevTuFL1jtKYG8psGQyUGLlp7oa9gxxE5I3%2FBXBwKtZ%2FmNlOVoO7Uwv54WmLOp7bF6n3lhZMkDYYJbSfcj4r%2BF2cfCQlkWoQMA8hg%2BDFId5hc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89be42481f2592d9-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET goo.su/IoUXNk

104.21.38.221

301 Moved Permanently

174 kB

URL User Request GET HTTP/2
goo.su/IoUXNk
IP
104.21.38.221:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectgoo.su
Fingerprint35:A9:5F:5A:99:3C:55:1C:8C:86:36:89:59:A4:1B:A2:37:F5:2B:79
ValidityThu, 30 May 2024 09:49:16 GMT - Wed, 28 Aug 2024 09:49:15 GMT

File type
data
Size
174 kB (174087 bytes)
Hash
84b055eb8d21c245f0c7b6e8bc06f9f8
03263a8d8499e491f788d2e4ed172c500f274970
b82510da46eb699816ea2363407800ee6281c9dbb3d9b5d45c969be0e30602af

HTTP Headers

GET /IoUXNk HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 30 Jun 2024 12:46:22 GMT
content-type: text/html; charset=UTF-8
location: https://lucky109.com?ch=11111
x-powered-by: PHP/8.2.13
set-cookie: XSRF-TOKEN=eyJpdiI6IkZpeisrdFMyQ3hvcGVCSDBKdUpBSEE9PSIsInZhbHVlIjoiR09weDN0WXYySGdQcDBzVzVSWWVmYlZWVE9ZRmYxNnFFbkg5ZVBaTGZqRkZDQ3g3QkFlYzNTQ3VOK1NoVjZZMlFUcEdSam5YZlNIbDd0dkRtQ2sxS2FVY0gvdENDR1gyZUxVTUp6RHdvS3lMRGFHV2JTOXZUMXVLU20rdWxpNmoiLCJtYWMiOiIwOTFlMTQ4NzE4NzllOTY2NDdlMDRmODYyYTdjOTgyMzMxMDk5N2Y1NTY2ZTExZTIxOGQ4NWZhMDQxODNmNjYwIiwidGFnIjoiIn0%3D; expires=Mon, 01 Jul 2024 07:26:22 GMT; Max-Age=67200; path=/; secure; samesite=lax
goosu_session=eyJpdiI6ImY0MWNFMW1LUmJPQUxnaHYyTDcwSXc9PSIsInZhbHVlIjoiWGY5blpkMHBiTVlzdmhtWVlCWkRDbFN1aG9kZzliWC81SHkzM1ZrZ0tVQW5iSUFBeStyMGdSMHd6czJidVprTUlhSXEvN0k0cTgwM0NLYUZPeVI4TTQydEpmUVB6Ky95ZWo3Zk50N0o2UmNuaVllSWNpazZaaGVwV0xEK25BZ1kiLCJtYWMiOiJkYjUyZTY2YTZkNzgyODQyMGU1NTgzODRiN2IwZGI0ZjdlOWE1YWQzZTQ2ZTRlNDNhNGUwZDhhNGRlMmZjZDYzIiwidGFnIjoiIn0%3D; expires=Mon, 01 Jul 2024 07:26:22 GMT; Max-Age=67200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tn8nfKSQpDes%2Fpyo4oO3ftC3R9cCu%2F5T92yhqg3iY9Ywg0MHc3LtaGK9cl6Yv5MacwJ%2F4S%2Btd9Cif9NypDSLA6YR9rgJ6VBCL62CgSqz4wnuWFG5ILkkYTM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89be42411ccb92b8-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET lucky109.com/imgs/btn_down1.png

104.21.26.131

200 OK

62 kB

URL GET HTTP/3
lucky109.com/imgs/btn_down1.png
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
PNG image data, 560 x 208, 8-bit/color RGBA, non-interlaced
Size
62 kB (61468 bytes)
Hash
6c77eac596661d8fe0d7514ba95fd854
b255bccfaade83a281e17f22f3c7babdfcc799fb
53c16631c80317cbbe178cde526367b4b35918aa9789339b4a3b6f5b53871ea3

HTTP Headers

GET /imgs/btn_down1.png HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lucky109.com/?ch=11111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 30 Jun 2024 12:46:24 GMT
content-type: image/png
content-length: 61468
last-modified: Fri, 10 Feb 2023 01:39:56 GMT
etag: "0fe2d94f03cd91:0"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ocR4UDAWLjzZJ%2Bn8rC8zljuxcnRc1zbR9hZEJJzTzrjOMvzJ8Qqhsb%2Fp3cZDdv09Gb2tKbAoYaGrodAUQ%2B%2FvPnDblQSGOH1TukHstwGPB24NDjojFj%2BRQyjFD8wBcds%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89be42482f3992d9-CPH
alt-svc: h3=":443"; ma=86400

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8280
Expires: Sun, 30 Jun 2024 15:04:24 GMT
Date: Sun, 30 Jun 2024 12:46:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8280
Expires: Sun, 30 Jun 2024 15:04:24 GMT
Date: Sun, 30 Jun 2024 12:46:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8280
Expires: Sun, 30 Jun 2024 15:04:24 GMT
Date: Sun, 30 Jun 2024 12:46:24 GMT
Connection: keep-alive

GET lucky109.com/imgs/btn_down2.png

104.21.26.131

200 OK

4.3 kB

URL GET HTTP/3
lucky109.com/imgs/btn_down2.png
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
PNG image data, 316 x 128, 8-bit/color RGBA, non-interlaced
Size
4.3 kB (4308 bytes)
Hash
acaaaae2b8ef60c660597974ef3cded6
643cbfaaabc715c2f474f9969e2ebc3b470be4cf
1664f70d956682de3365d09b462ce86c148713147d7d9ab1681d6211c0c92d14

HTTP Headers

GET /imgs/btn_down2.png HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lucky109.com/css/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 30 Jun 2024 12:46:24 GMT
content-type: image/png
content-length: 4308
last-modified: Mon, 28 Mar 2022 08:21:38 GMT
etag: "01551d87c42d81:0"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9j5BukaIis%2BorYf9C1GmgdcUPXg14e1%2BkG5fcX9UCbYUejZLilPGzSWwlFrAJZSpbxmk9J%2Flhf7u3M9%2F4ET9Xh3e%2B0MT8JQlMhqjCPb2xdkG%2BeE5dqap4ZVowjs5hT8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89be424a8b7492d9-CPH
alt-svc: h3=":443"; ma=86400

GET lucky109.com/imgs/bg.png

104.21.26.131

200 OK

1.3 MB

URL GET HTTP/3
lucky109.com/imgs/bg.png
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
PNG image data, 640 x 1280, 8-bit/color RGB, non-interlaced
Size
1.3 MB (1311733 bytes)
Hash
df47c5a558a594d72d26e5d98bfb0fcf
45edddf3be1bdba16647a37a906a31b787c88119
0460a633fbf7a3b196f7ec4cdfb077d610648f427674838fe788b1c12dae51a6

HTTP Headers

GET /imgs/bg.png HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lucky109.com/css/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 30 Jun 2024 12:46:24 GMT
content-type: image/png
content-length: 1311733
last-modified: Fri, 14 Jun 2024 09:52:49 GMT
etag: "bb8bf59d40beda1:0"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=byYfEZstTRH%2Bilk8CxvB7Rx%2F%2F2n6CnheaeCtiiSr6D3oxXtYojNe%2BCa5bEG%2F1Iao5XLLEkxVioO%2Bu0rIJMwGakvjISELkNZ8nSfdUfJ8bu6gjsyRafuSb6VBS3BYee4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89be424a8b7192d9-CPH
alt-svc: h3=":443"; ma=86400

POST login.jiewtyevtebibewtyi.com/fb

172.67.152.135

200 OK

6.5 kB

URL POST HTTP/2
login.jiewtyevtebibewtyi.com/fb
IP
172.67.152.135:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerLet's Encrypt
Subjectjiewtyevtebibewtyi.com
Fingerprint7E:A1:4E:1F:6F:F2:C8:7E:EE:82:2C:CE:6D:B9:E7:16:AA:1C:6E:7D
ValidityThu, 13 Jun 2024 12:00:42 GMT - Wed, 11 Sep 2024 12:00:41 GMT

File type
data
Size
6.5 kB (6478 bytes)
Hash
a54e290a0b921b508c09a722c7e820c2
19659f93648fd1dad926c898ddf38a3cf555a242
9dfb59dcf9494991f9c405c6ec8ff942a4449df442fd99ff90d41b8e5ec04b2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fb HTTP/1.1
Host: login.jiewtyevtebibewtyi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lucky109.com/
Content-Type: text/plain
Content-Length: 197
Origin: https://lucky109.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 30 Jun 2024 12:46:24 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2FfvUqfshGefbmS7G2527iR%2FgGPXlNg8EBwynTPecG3vHnGF2P966OLEIoP6PTteLijC8w0bD68ljcedA8jILvs201Nal%2FxSlkcAAeDjGRkj6PMVh38v3c1zQsHDxqXQjKHthm3jDw2g6j7HnLFS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89be424b7f0aabda-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET lucky109.com/imgs/icon.jpg

104.21.26.131

200 OK

174 kB

URL GET HTTP/3
lucky109.com/imgs/icon.jpg
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, progressive, precision 8, 1024x1024, components 3
Size
174 kB (173774 bytes)
Hash
54216f85d38621e96d2de317b6ba058e
3dfdfd5b7c21172121f7188e6b337b85774d7c2c
bca69a81f665f19d7741c164a5183c5bf4cd5097aedb1742fcf6b14b536486a5

HTTP Headers

GET /imgs/icon.jpg HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lucky109.com/?ch=11111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 30 Jun 2024 12:46:24 GMT
content-type: image/jpeg
content-length: 173774
last-modified: Thu, 13 Jun 2024 05:00:17 GMT
etag: "3c234f954ebdda1:0"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cJMD7SDWfxM0d8f0ldiOO3PMc3lxK9w59Ob54m7m%2F8qMvq0b30rqQAGQZBCP95FDp94D2%2BeE8yTxnC5HvXvvXG4kVU8keH8ugh2xY954xPvlFVhzCrX%2ByqJoNoZUCr4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89be42482f3692d9-CPH
alt-svc: h3=":443"; ma=86400

GET lucky109.com/favicon.ico

104.21.26.131

404 Not Found

1.2 kB

URL GET HTTP/3
lucky109.com/favicon.ico
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lucky109.com/?ch=11111
Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
HTML document, ASCII text, with very long lines (1323), with no line terminators
Size
1.2 kB (1245 bytes)
Hash
f5064cd10293c25f15ab1c0a2aeade6b
b54330652c047a485de5304d6418ea3d5d552d85
e38cefce8d4330e6ee50a34f59229388ea75af218645c21cbffbe9a027ab3f22

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lucky109.com/?ch=11111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sun, 30 Jun 2024 12:46:25 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NT0%2BhWeusmDBy728%2FiaUGXgZC82hFKBPMH5nqUZNvVF%2BcHArw6YBLntRPg7yOCnvrPeWJ%2BQPnAeAT0ZC5YnYXcbW7uiXiZJ%2FZb0qZ63mC9SvOsywUTHYHlyBwR%2FUFik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89be424dea4292d9-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET lucky109.com/?ch=11111

104.21.26.131

200 OK

2.2 kB

URL User Request GET HTTP/2
lucky109.com/?ch=11111
IP
104.21.26.131:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlucky109.com
FingerprintB2:3B:AA:0D:86:FC:CB:D4:A6:72:FC:99:40:90:05:76:25:00:67:61
ValidityThu, 13 Jun 2024 11:56:24 GMT - Wed, 11 Sep 2024 11:56:23 GMT

File type
HTML document, ASCII text, with very long lines (2447), with no line terminators
Size
2.2 kB (2209 bytes)
Hash
1c2699265f9c98f58926c72c253a242f
08e998aa92a579cf55d33df56d4f93fa8dda45bd
da03a02830695ab8f6100bf3cd3bf027e165ca5937463f3e8114a8104719d14e

HTTP Headers

GET /?ch=11111 HTTP/1.1
Host: lucky109.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 30 Jun 2024 12:46:23 GMT
content-type: text/html
last-modified: Sat, 22 Jun 2024 03:52:51 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FLE7DksiBPToBsoA7%2B8gRBYYw2PY8wsfmk98pHLUDTsnQEKW%2BdnpvHUNTWXBVm6bGQG0xItmB6gDTmWMnCvHldKiID5%2BOhLIQ6ivux81GxdMtl%2BLlZYJ7H2ivvpvfMM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89be424349fb6dee-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate