Report - terminalcashback.fun

Report Overview

Visitedpublic

2026-03-13 00:51:56

Tags

Submit Tags

URL

terminalcashback.fun

Finishing URL

terminalcashback.fun/

IP / ASN

172.67.155.21

#13335 CLOUDFLARENET

Title

Terminal | Rewards

Detections

urlquery

0

Network Intrusion Detection

7

Threat Detection Systems

9

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
fonts.googleapis.com	313	2005-01-25	2012-05-23	2026-03-08	514 B	8.7 kB	192.178.204.95
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2026-03-08	3.8 kB	214 kB	216.58.207.195
dns.google	158	2018-04-16	2018-10-26	2026-03-12	509 B	803 B	8.8.8.8
link-auth-5157.vercel.app	unknown	2020-01-28	2026-03-13	2026-03-13	2.3 kB	2.9 MB	216.198.79.195
terminalcashback.fun	unknown	2026-03-11	2026-03-13	2026-03-13	911 B	72 kB	104.21.40.170
pub-14c1504681d2427684ac1f489338d075.r2.dev	unknown	2022-08-23	2026-02-25	2026-03-12	3.9 kB	41 MB	104.18.50.34

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2026-03-13 00:51:33	low	Client IP	8.8.8.8	ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)
2026-03-13 00:51:36	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-13 00:51:36	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-13 00:51:36	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-13 00:51:36	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-13 00:51:36	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-13 00:51:36	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
DNS4EU	terminalcashback.fun	malicious	Sinkholed

JavaScript (4)

HTTP Transactions (23)

	URL	IP	Response	Size