Report - ezstat.ru/2Xkz85.zip

Report Overview

Visited public
2024-07-08 02:35:08
Tags
URL
ezstat.ru/2Xkz85.zip
Finishing URL
ezstat.ru/2Xkz85.zip
IP / ASN
172.67.180.69
#13335 CLOUDFLARENET
Title
Branded Short Domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-07 18:12:32	2.3 kB	6.2 kB	23.33.119.57
cdn.iplogger.org	unknown	2011-04-03	2018-06-30 10:28:52	2024-05-11 13:51:35	859 B	26 kB	104.21.4.208
ezstat.ru	545450	2011-01-13	2013-01-07 09:54:12	2024-01-09 21:30:27	476 B	11 kB	104.21.51.124

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-08 02:34:43	high	Client IP	104.21.4.208	ET POLICY IP Check Domain (iplogger .org in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	ezstat.ru/2Xkz85.zip	ScriptElement	0 B	0001-01-01	2025-05-17
Pretty URL ezstat.ru/2Xkz85.zip IP 104.21.51.124 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-17 06:31 Times Seen4704476 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ezstat.ru/2Xkz85.zip	ScriptElement	0 B	0001-01-01	2025-05-17
Pretty URL ezstat.ru/2Xkz85.zip IP 104.21.51.124 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-17 06:31 Times Seen4704476 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ezstat.ru/2Xkz85.zip	ScriptElement	0 B	0001-01-01	2025-05-17
Pretty URL ezstat.ru/2Xkz85.zip IP 104.21.51.124 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-17 06:31 Times Seen4704476 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (10)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash f63e8d9e64abf0e5b2784ca051160e84 d15d17504ed5c584ba42145060cf745fdb41c1d0 652ee033c72bc8eadcf29c25a5387bc303bf86e6c57f262c576117f659f15eab HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "652EE033C72BC8EADCF29C25A5387BC303BF86E6C57F262C576117F659F15EAB" Last-Modified: Fri, 05 Jul 2024 13:53:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7406 Expires: Mon, 08 Jul 2024 04:38:08 GMT Date: Mon, 08 Jul 2024 02:34:42 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 2e4f22ff50349b865eca4c1585ad6712 6186a14999dc2525e4584a6a12d0edff2fdafcac a1afcf9ca90cdddb7f7ddd29a0f8c7a5fa7b012dcc030d2d004c70c84010fd86 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "A1AFCF9CA90CDDDB7F7DDD29A0F8C7A5FA7B012DCC030D2D004C70C84010FD86" Last-Modified: Sun, 07 Jul 2024 03:28:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13971 Expires: Mon, 08 Jul 2024 06:27:33 GMT Date: Mon, 08 Jul 2024 02:34:42 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 41036a4c62e61466443bce27a927e029 39a2a8a258c5feaf020246696135700b0c30740d e38b3080a1752122f5a174604bd307c54be31c02e0cdb8e2d9354e2a04e1b50f HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "E38B3080A1752122F5A174604BD307C54BE31C02E0CDB8E2D9354E2A04E1B50F" Last-Modified: Sun, 07 Jul 2024 11:47:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5599 Expires: Mon, 08 Jul 2024 04:08:01 GMT Date: Mon, 08 Jul 2024 02:34:42 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c1f3573a71cfe2a8f30b3fbc7d2d3453 101371f5030c41e4dad4e1e6ac102342db020318 74180138e5609f4047b5a20bc58bfd360dea9bba200acf14fd43fc2d6b5da34b HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "74180138E5609F4047B5A20BC58BFD360DEA9BBA200ACF14FD43FC2D6B5DA34B" Last-Modified: Sun, 07 Jul 2024 04:18:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5792 Expires: Mon, 08 Jul 2024 04:11:15 GMT Date: Mon, 08 Jul 2024 02:34:43 GMT Connection: keep-alive`

	cdn.iplogger.org/redirect/handshake.png	104.21.4.208	200 OK	17 kB
URL GET HTTP/2 cdn.iplogger.org/redirect/handshake.png IP 104.21.4.208:443 ASN #13335 CLOUDFLARENET Requested by https://ezstat.ru/2Xkz85.zip Certificate IssuerLet's Encrypt Subjectiplogger.org FingerprintD8:EC:FC:E7:1F:4D:3A:FD:89:EF:F1:F1:1A:93:1B:94:DB:B5:87:EC ValidityFri, 10 May 2024 03:05:43 GMT - Thu, 08 Aug 2024 03:05:42 GMT File type PNG image data, 130 x 130, 8-bit/color RGBA, non-interlaced Size 17 kB (16682 bytes) Hash 87e1d1a5abac5ec0bdb4cd5278faa55a 5235aff0eb56f9e3237b703ef505b39a8e99e727 dde3686db4f76101069b04248550eafbf3310af048ea52f4449e0f7b90d6b818 HTTP Headers `GET /redirect/handshake.png HTTP/1.1 Host: cdn.iplogger.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://ezstat.ru/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Mon, 08 Jul 2024 02:34:43 GMT content-type: image/png content-length: 16682 last-modified: Wed, 02 Mar 2022 10:02:53 GMT etag: "621f40cd-412a" expires: Sat, 05 Jul 2025 10:39:43 GMT cache-control: public, max-age=31536000 pragma: public access-control-allow-origin: * x-static: 1 cf-cache-status: HIT age: 230100 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vu2fGw%2By%2BoSc%2FRDjgZcCVZPw07fsHGAjw8b6E9N810RwgogKKfJrptANT%2FCOapIzxrq%2F4fZVu%2FoZeLbfuJTCZyqzr4x875Cb80dTs3jGkcBULCMKLaOXE4ThOH%2FBBCEY9ny"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 89fcad46d99bb4f4-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 861cce1bf441610f1dfbb14264d55122 1596b2c44fcdb5f7a49c73da766e4ab48b6bd064 f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2" Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7738 Expires: Mon, 08 Jul 2024 04:43:43 GMT Date: Mon, 08 Jul 2024 02:34:45 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 861cce1bf441610f1dfbb14264d55122 1596b2c44fcdb5f7a49c73da766e4ab48b6bd064 f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2" Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7738 Expires: Mon, 08 Jul 2024 04:43:43 GMT Date: Mon, 08 Jul 2024 02:34:45 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 861cce1bf441610f1dfbb14264d55122 1596b2c44fcdb5f7a49c73da766e4ab48b6bd064 f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2" Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8568 Expires: Mon, 08 Jul 2024 04:57:33 GMT Date: Mon, 08 Jul 2024 02:34:45 GMT Connection: keep-alive`

	cdn.iplogger.org/favicon.ico	104.21.4.208		7.3 kB
URL GET cdn.iplogger.org/favicon.ico IP 104.21.4.208:0 ASN #13335 CLOUDFLARENET Requested by https://ezstat.ru/2Xkz85.zip Certificate IssuerLet's Encrypt Subjectiplogger.org FingerprintD8:EC:FC:E7:1F:4D:3A:FD:89:EF:F1:F1:1A:93:1B:94:DB:B5:87:EC ValidityFri, 10 May 2024 03:05:43 GMT - Thu, 08 Aug 2024 03:05:42 GMT File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced Size 7.3 kB (7255 bytes) Hash 18c023bc439b446f91bf942270882422 768d59e3085976dba252232a65a4af562675f782 e0e71acef1efbfab69a1a60cd8fadded948d0e47a0a27c59a0be7033f6a84482 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: cdn.iplogger.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://ezstat.ru/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Mon, 08 Jul 2024 02:34:43 GMT content-type: image/x-icon last-modified: Tue, 07 Jun 2022 11:44:38 GMT etag: W/"629f3a26-b11" strict-transport-security: max-age=31536000 x-frame-options: SAMEORIGIN cache-control: max-age=14400 cf-cache-status: REVALIDATED report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rdqPiQ1UhMAVKaWSPmF%2FLah0G4Qor7qmIhn27OMhRxUaj7tHnvB%2Bjv%2FPpTjC3r234Ovjh1%2BOzOJDYV%2Bd6NifUDjnEYjHoIYar9PWIe6uPPGGzXo1YfvsKpM59i75C4jjauIP"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 89fcad476e305699-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	ezstat.ru/2Xkz85.zip	104.21.51.124	200 OK	9.9 kB
URL User Request GET HTTP/2 ezstat.ru/2Xkz85.zip IP 104.21.51.124:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectezstat.ru Fingerprint71:AB:ED:89:CB:F3:F0:96:14:01:A8:12:D3:46:26:62:E1:1E:DD:8D ValidityWed, 03 Jul 2024 16:29:49 GMT - Tue, 01 Oct 2024 16:29:48 GMT File type HTML document, Unicode text, UTF-8 text, with very long lines (10448), with no line terminators Size 9.9 kB (9900 bytes) Hash 64dd938db89e13dd7c8438afea66ed14 d5fcd410dbd89187ce0fa0db5d161bd1c66041f8 c5c52e4526df84144bc1b2e3f6a88b5a7dc8f4a123b84f5a4aeea191d7a4b1ce HTTP Headers `GET /2Xkz85.zip HTTP/1.1 Host: ezstat.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Mon, 08 Jul 2024 02:34:43 GMT content-type: text/html; charset=UTF-8 memory: 0.42193603515625 expires: Mon, 08 Jul 2024 02:34:43 +0000 strict-transport-security: max-age=604800 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN cf-cache-status: BYPASS set-cookie: 546946141532635802=3; expires=Tue, 08 Jul 2025 02:34:43 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict unikey=unikey_265a74b40ff8eb2c3df7b21a95b386c5af19b23723f97e219997798138baf4c8; path=/; secure; HttpOnly; SameSite=Strict report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x0BoydWDTKXBZ1N%2FeGFW2a1hAWNe32blTx57HZXR61cyURz%2BAJz12WpUWTYdtBwcSNyqtBsxfMM2FU9el6fT1KLvs%2FAD8FGJfoJGi4ChEjGrapPuyWdZkkJQniA%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 89fcad42b876b52d-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL