Report - 8x6899.com/

Report Overview

Submitted URL
8x6899.com/
IP
18.167.89.221
ASN
#16509 AMAZON-02
Submitted
2024-04-25 07:33:33
Access
public
Website Title
8Xbet - Official Betting Partner of Manchester City FC
Final URL
8x6899.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vd001-tiger-restrictions.hgfhog.8xojdfudud.com	unknown	2023-09-17	2024-02-05	2024-02-05	3.2 kB	214 kB	143.204.55.113
fe-source.hgfhog.8xojdfudud.com	unknown	2023-09-17	2024-04-08	2024-04-08	947 B	189 kB	143.204.55.113
vd001-fxh9-api.hgfhog.8xojdfudud.com	unknown	2023-09-17	2024-03-02	2024-03-02	932 B	2.9 kB	143.204.55.94
8x6899.com	unknown	2024-04-06	2024-04-12	2024-04-12	467 B	19 kB	18.167.89.221

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed
2024-04-24	medium	8xojdfudud.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	8x6899.com/	18 kB	2024-04-25	2024-04-25
Pretty URL 8x6899.com/ IP 18.167.89.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 09:33:35 Last Seen2024-04-25 09:33:35 Times Seen1 Hash ba61c1ae476db57ddca1d464f871b641 ae771b661a924abaec09504e629a0efed1bb1e59 4ace705c4e016b17360a369cfd95d2ffeab6a03739d23fa4277472606730f079 Loading...

	vd001-tiger-restrictions.hgfhog.8xojdfudud.com/build/bundle.js	66 kB	2024-04-24	2024-04-25
Pretty URL vd001-tiger-restrictions.hgfhog.8xojdfudud.com/build/bundle.js IP 143.204.55.113 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 08:25:55 Last Seen2024-04-25 09:33:35 Times Seen4 Hash 1a9ae9a58a1e9efd00aad0de2f979398 c0c104bce63812f87b640b519d8747de415d02ba 917042d4db9ee2f6c4fb679fa3c71a9abff7ae35131a4bf487d6a5df127ae35e Loading...

HTTP Transactions (12)

URL IP Response Size

vd001-tiger-restrictions.hgfhog.8xojdfudud.com/global.css

143.204.55.113

200 OK

905 B

URL GET HTTP/2
vd001-tiger-restrictions.hgfhog.8xojdfudud.com/global.css
IP
143.204.55.113:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
Unicode text, UTF-8 text
Size
905 B (905 bytes)
Hash
616346cbb102c779adde7abfa328655d
81f40c4121c48395d2d7c001a07fa415a87eae71
b03fb2ebcadf4ef2c46e7f89ed275b154c81a698e79181880aaff05cd5b6576f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /global.css HTTP/1.1
Host: vd001-tiger-restrictions.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8x6899.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 905
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:11 GMT
last-modified: Wed, 24 Apr 2024 05:14:38 GMT
access-control-allow-origin: *
etag: "616346cbb102c779adde7abfa328655d"
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qDq6ialnx2jWEW1FfY3EEiJWtA_evggkSY31HtwOzcJfvCVMqhYXcw==
X-Firefox-Spdy: h2

vd001-tiger-restrictions.hgfhog.8xojdfudud.com/

143.204.55.113

200 OK

478 B

URL GET HTTP/2
vd001-tiger-restrictions.hgfhog.8xojdfudud.com/
IP
143.204.55.113:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
HTML document, ASCII text
Size
478 B (478 bytes)
Hash
1ba740e0d2a2a280bbac2e026cd8575e
fc2140fd08a6f5b49a0606e295c49b1372110c64
c4c759a620393fb964391c42deb29ec94f5f10093299f2ce1172f2198d3ebaa6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: vd001-tiger-restrictions.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8x6899.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 478
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:11 GMT
cache-control: max-age=0
last-modified: Wed, 24 Apr 2024 05:14:39 GMT
access-control-allow-origin: *
etag: "1ba740e0d2a2a280bbac2e026cd8575e"
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Afu8gI8JOX2clpCMDQLRnIvvlU596z7JzOVTrOFVP2y4Vo7WAP-B2g==
X-Firefox-Spdy: h2

fe-source.hgfhog.8xojdfudud.com/frontend/prod/fe-images/vd001/logo/primary_logo.png

143.204.55.113

200 OK

8.2 kB

URL GET HTTP/2
fe-source.hgfhog.8xojdfudud.com/frontend/prod/fe-images/vd001/logo/primary_logo.png
IP
143.204.55.113:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
PNG image data, 276 x 64, 8-bit/color RGBA, non-interlaced
Size
8.2 kB (8174 bytes)
Hash
4d393031bf35176af1683667bf120842
edd2470edd6209fbc0c3d8dcd20df72dbbf20f14
ba8e83b21b5ee236511191d58252930ff622e8aeb8485fca515ac486f5e0db56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /frontend/prod/fe-images/vd001/logo/primary_logo.png HTTP/1.1
Host: fe-source.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8x6899.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 8174
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:12 GMT
last-modified: Wed, 24 Apr 2024 04:52:41 GMT
access-control-allow-origin: *
etag: "4d393031bf35176af1683667bf120842"
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0UCH0sgYQzouUr8dFM5f6VuFJD19qwvxuVQktxFHw6ME22PdUgZ0Vw==
X-Firefox-Spdy: h2

vd001-tiger-restrictions.hgfhog.8xojdfudud.com/images/vd001/favicon.ico

143.204.55.113

200 OK

15 kB

URL GET HTTP/2
vd001-tiger-restrictions.hgfhog.8xojdfudud.com/images/vd001/favicon.ico
IP
143.204.55.113:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
e99394e28cc030ec6a9fba59f1d6b6c4
2302f950165add3df24fe352e4cc4f0afd12006d
362e0797eeccdabc55a1eea0413e75fa677ccd2ecc816b7074dccd09bab463f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/vd001/favicon.ico HTTP/1.1
Host: vd001-tiger-restrictions.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8x6899.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 15406
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:13 GMT
last-modified: Wed, 24 Apr 2024 05:14:38 GMT
access-control-allow-origin: *
etag: "e99394e28cc030ec6a9fba59f1d6b6c4"
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 80wqzfgn6DdJ8_CqL00nSQZHITGbOUTJCjKLq8lDaoH3MvJ_E7ryHA==
X-Firefox-Spdy: h2

vd001-tiger-restrictions.hgfhog.8xojdfudud.com/images/vd001/ipBlock.png

143.204.55.113

200 OK

117 kB

URL GET HTTP/2
vd001-tiger-restrictions.hgfhog.8xojdfudud.com/images/vd001/ipBlock.png
IP
143.204.55.113:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
PNG image data, 750 x 750, 8-bit/color RGBA, non-interlaced
Size
117 kB (117273 bytes)
Hash
5e78e406a8faf40f4e8ff65e8635f75c
faa9b2397c1de81364e49ef9a417adbecd87d045
bb62ce1e42487411bdef915d87497fa02b7ed8a0749e37949a4d68d699bd5428

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/vd001/ipBlock.png HTTP/1.1
Host: vd001-tiger-restrictions.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8x6899.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 117273
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:12 GMT
last-modified: Wed, 24 Apr 2024 05:14:38 GMT
access-control-allow-origin: *
etag: "5e78e406a8faf40f4e8ff65e8635f75c"
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: z3AEv1ptJR3VOb0_EqAE1BWswuwu106mGs-Gkn0r0iqGyKyeJlkW0A==
X-Firefox-Spdy: h2

vd001-tiger-restrictions.hgfhog.8xojdfudud.com/build/bundle.css

143.204.55.113

200 OK

7.5 kB

URL GET HTTP/2
vd001-tiger-restrictions.hgfhog.8xojdfudud.com/build/bundle.css
IP
143.204.55.113:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
gzip compressed data, from Unix
Size
7.5 kB (7487 bytes)
Hash
cd15080d145a6545ee70b41633e2a8d3
ac63081ded2065ad82b1bcc9847cae5ce96b2b28
3c55a3050f8cc3e7ac0ef6b54b23b1d7a6d7b4442e6e754238f56ca6dbe98f92

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/bundle.css HTTP/1.1
Host: vd001-tiger-restrictions.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8x6899.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:11 GMT
last-modified: Wed, 24 Apr 2024 05:14:38 GMT
etag: W/"15dc792694463fcdbc69762d262951bd"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tPSDTslU1Cp21GVHQLuhfSSPPRSJP4AFl-kIybNVe133mxAW6ijmKQ==
X-Firefox-Spdy: h2

vd001-fxh9-api.hgfhog.8xojdfudud.com/platform/user/merchantSetting

143.204.55.94

200 OK

1.8 kB

URL GET HTTP/2
vd001-fxh9-api.hgfhog.8xojdfudud.com/platform/user/merchantSetting
IP
143.204.55.94:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1961), with no line terminators
Size
1.8 kB (1757 bytes)
Hash
ae06cd00277bc822f544c0de941b71e3
0bf764b8c38f1e23a32586beefbbee3cb5d1c8a8
18cb32f8e4277cf379d34c798cff0f19244037ea6d8038458a84e47e28543806

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /platform/user/merchantSetting HTTP/1.1
Host: vd001-fxh9-api.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8x6899.com/
Origin: https://8x6899.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json;charset=UTF-8
date: Thu, 25 Apr 2024 07:33:12 GMT
x-envoy-upstream-service-time: 37
server: istio-envoy
access-control-allow-origin: https://8x6899.com
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XtqaML2hu5VU3amS_2BHstEUkcAtq4r9-cQ5mzOKy2Q622EzPZlCGg==
X-Firefox-Spdy: h2

8x6899.com/

18.167.89.221

200 OK

19 kB

URL User Request GET HTTP/2
8x6899.com/
IP
18.167.89.221:443
ASN
#16509 AMAZON-02

Certificate
IssuerGoDaddy.com, Inc.
Subject8x1256.com
Fingerprint3B:E8:99:99:1E:C4:F5:FE:E2:91:92:78:07:D9:7E:2E:A3:BA:FF:61
ValiditySat, 06 Apr 2024 08:30:47 GMT - Sun, 06 Apr 2025 08:30:47 GMT

File type

Size
19 kB (18613 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: 8x6899.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:33:09 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
etag: W/"48b5-m8ZqrkUP//zHlMT332eVLM62Y6I"
x-envoy-upstream-service-time: 269
content-encoding: gzip
X-Firefox-Spdy: h2

vd001-tiger-restrictions.hgfhog.8xojdfudud.com/build/bundle.js

143.204.55.113

200 OK

66 kB

URL GET HTTP/2
vd001-tiger-restrictions.hgfhog.8xojdfudud.com/build/bundle.js
IP
143.204.55.113:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type

Size
66 kB (65987 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/bundle.js HTTP/1.1
Host: vd001-tiger-restrictions.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8x6899.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:11 GMT
last-modified: Wed, 24 Apr 2024 05:14:37 GMT
access-control-allow-origin: *
content-encoding: gzip
etag: W/"1a9ae9a58a1e9efd00aad0de2f979398"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mrcdKT-EhFtEmBHFC4JFypjiY_iDCdrDuxxaYfo6_HbzpDsAzxD8Hw==
X-Firefox-Spdy: h2

vd001-fxh9-api.hgfhog.8xojdfudud.com/platform/sysmaintenance/customerService

143.204.55.94

200 OK

238 B

URL GET HTTP/2
vd001-fxh9-api.hgfhog.8xojdfudud.com/platform/sysmaintenance/customerService
IP
143.204.55.94:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
238 B (238 bytes)
Hash
039979025e89d84766795bd924bf8151
9e13c252c2ace679cafb1c0fa1d6ae4baba1b637
6f31b6a037c96ba4352c2467eb280685c1b12b34538e338655694f2ff8889273

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /platform/sysmaintenance/customerService HTTP/1.1
Host: vd001-fxh9-api.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8x6899.com/
Origin: https://8x6899.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json;charset=UTF-8
date: Thu, 25 Apr 2024 07:33:12 GMT
x-envoy-upstream-service-time: 30
server: istio-envoy
access-control-allow-origin: https://8x6899.com
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nVIQD0OGXSth3y7QBWo8TPgXw6vXfHU_PB7veIB-EkzDqCj_nYr6jA==
X-Firefox-Spdy: h2

fe-source.hgfhog.8xojdfudud.com/app/CountryList/country-list.json

143.204.55.61

200 OK

180 kB

URL GET HTTP/2
fe-source.hgfhog.8xojdfudud.com/app/CountryList/country-list.json
IP
143.204.55.61:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type

Size
180 kB (179587 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /app/CountryList/country-list.json HTTP/1.1
Host: fe-source.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://8x6899.com/
Origin: https://8x6899.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:12 GMT
last-modified: Wed, 20 Jul 2022 03:05:19 GMT
access-control-allow-origin: *
content-encoding: gzip
etag: W/"9d17676cfae2cc43fcd89a0f90b30e84"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KW3CDlQyOCU7tVK1SfRSAu-7PQbplX57HyNhUxMeT-k-Gu-z3l824Q==
X-Firefox-Spdy: h2

vd001-tiger-restrictions.hgfhog.8xojdfudud.com/images/vd001/service.svg

143.204.55.113

200 OK

3.4 kB

URL GET HTTP/2
vd001-tiger-restrictions.hgfhog.8xojdfudud.com/images/vd001/service.svg
IP
143.204.55.113:443
ASN
#16509 AMAZON-02

Requested by
https://8x6899.com/
Certificate
IssuerLet's Encrypt
Subjecthgfhog.8xojdfudud.com
Fingerprint28:F8:16:9D:4D:1E:A5:3C:1E:07:DC:31:01:48:48:23:EE:04:BE:C5
ValidityFri, 05 Apr 2024 16:48:38 GMT - Thu, 04 Jul 2024 16:48:37 GMT

File type
SVG Scalable Vector Graphics image
Size
3.4 kB (3399 bytes)
Hash
7b7d846ee75ed105c829d05aacc8fcad
32ab8a92fba25efcf7da7cb90956aa7a02c00b82
e6ec5c6f286f3e3fd21c96d34cc997c69e89f7f16d512aa8209a6d49d5b338ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/vd001/service.svg HTTP/1.1
Host: vd001-tiger-restrictions.hgfhog.8xojdfudud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8x6899.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:33:12 GMT
last-modified: Wed, 24 Apr 2024 05:14:38 GMT
access-control-allow-origin: *
content-encoding: gzip
etag: W/"3af446670f3ea28982c82376e327d071"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FEyb1TTtgaGShHlyU25K1gQjaRqjyqjOPouTp8W2MLEpSPRJ3-TSYA==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections