Report - xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t

Report Overview

Visited public
2024-11-06 23:28:00
Tags
URL
xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t
Finishing URL
xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t
IP / ASN
192.254.236.4
#46606 UNIFIEDLAYER-AS-1
Title
Verify Human

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xodaywfaxt.agbeautythailand.com	unknown	2019-09-07	2024-11-06	2024-11-06	1.7 kB	7.0 kB	192.254.236.4
1337.pk	unknown	unknown	2022-08-27	2024-11-06	1.3 kB	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-11-06	medium	1337.pk	Sinkholed
2024-11-06	medium	1337.pk	Sinkholed
2024-11-06	medium	1337.pk	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t	85 B	2024-11-06 23:28	2024-11-06 23:28
Pretty URL xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t IP 192.254.236.4 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-06 23:28 Last Seen2024-11-06 23:28 Times Seen1 Hash caa45f3e66e5678dcdbf8dee50fc137d 793b5c6a36b6b4773ca04aa76ff37d86fbfe22b2 d1a52fd9ca1b253a48f4d05e230d13afe4c5fae30c4d25ccdf7cb47d36294ecf Loading...

	xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t	0 B	0001-01-01 00:00	2024-11-07 01:26
Pretty URL xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t IP 192.254.236.4 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2024-11-07 01:26 Times Seen3342316 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (6)

URL IP Response Size

xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t

192.254.236.4

200 OK

877 B

URL User Request GET HTTP/2
xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t
IP
192.254.236.4:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectwww.new.agbeautythailand.com
Fingerprint58:FA:16:14:FA:5D:C5:9F:C7:73:54:57:86:AD:E4:DC:D2:F2:92:C9
ValidityFri, 20 Sep 2024 10:13:45 GMT - Thu, 19 Dec 2024 10:13:44 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
877 B (877 bytes)
Hash
0e4e8db1b2704f7e7100fa23f88087db
1e7b00f3be42c937d3d58e84b09c4dfca1be67d7
d1476bc095e1550a99d6d9da079c5701b374a0c23c769d61aeed914175e17ad7

HTTP Headers

GET /xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t HTTP/1.1
Host: xodaywfaxt.agbeautythailand.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=35cb287e063c71b954757c15301578cf; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 877
content-type: text/html; charset=UTF-8
date: Wed, 06 Nov 2024 23:27:36 GMT
server: Apache
X-Firefox-Spdy: h2

xodaywfaxt.agbeautythailand.com/xwogrpczcb/index.php?captcha=generate&rand=1975683687

192.254.236.4

200 OK

4.3 kB

URL GET HTTP/2
xodaywfaxt.agbeautythailand.com/xwogrpczcb/index.php?captcha=generate&rand=1975683687
IP
192.254.236.4:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t
Certificate
IssuerLet's Encrypt
Subjectwww.new.agbeautythailand.com
Fingerprint58:FA:16:14:FA:5D:C5:9F:C7:73:54:57:86:AD:E4:DC:D2:F2:92:C9
ValidityFri, 20 Sep 2024 10:13:45 GMT - Thu, 19 Dec 2024 10:13:44 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 130x50, components 3
Size
4.3 kB (4300 bytes)
Hash
16d45b482a7eb3b22c8252cf1074d9bd
524b26ba0e46a9b70eefe68bbf65b034a27b7ac4
da719dfd4263804e70eef930c5445cee08b7e36b01ddf2bc7cbe434589e0634f

HTTP Headers

GET /xwogrpczcb/index.php?captcha=generate&rand=1975683687 HTTP/1.1
Host: xodaywfaxt.agbeautythailand.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t
Cookie: PHPSESSID=35cb287e063c71b954757c15301578cf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
content-length: 4300
content-type: image/jpeg
date: Wed, 06 Nov 2024 23:27:36 GMT
server: Apache
X-Firefox-Spdy: h2

xodaywfaxt.agbeautythailand.com/favicon.ico

192.254.236.4

200 OK

842 B

URL GET HTTP/2
xodaywfaxt.agbeautythailand.com/favicon.ico
IP
192.254.236.4:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t
Certificate
IssuerLet's Encrypt
Subjectwww.new.agbeautythailand.com
Fingerprint58:FA:16:14:FA:5D:C5:9F:C7:73:54:57:86:AD:E4:DC:D2:F2:92:C9
ValidityFri, 20 Sep 2024 10:13:45 GMT - Thu, 19 Dec 2024 10:13:44 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
842 B (842 bytes)
Hash
43655df9054719b0ab137b156b88adf8
41241338615c3bad7084c06fa0722be4bd8c4b69
54cd0043840036c6ed4f324f61340f4ed11047f2d18654d44fd2f8aadab78f80

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xodaywfaxt.agbeautythailand.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t
Cookie: PHPSESSID=35cb287e063c71b954757c15301578cf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
content-length: 842
content-type: text/html; charset=UTF-8
date: Wed, 06 Nov 2024 23:27:36 GMT
server: Apache
X-Firefox-Spdy: h2

1337.pk/off/style.css?v=10

0.0.0.0

0 B

URL GET
1337.pk/off/style.css?v=10
IP
0.0.0.0:0
ASN
#0

Requested by
https://xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /off/style.css?v=10 HTTP/1.1
Host: 1337.pk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xodaywfaxt.agbeautythailand.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1337.pk/off/new_logo.png

0.0.0.0

0 B

URL GET
1337.pk/off/new_logo.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /off/new_logo.png HTTP/1.1
Host: 1337.pk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xodaywfaxt.agbeautythailand.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1337.pk/off/type.png

0.0.0.0

0 B

URL GET
1337.pk/off/type.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://xodaywfaxt.agbeautythailand.com/xwogrpczcb/c2hhbm5haC5zdHVhcnRAaW5zdXJpY2EuY29t

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /off/type.png HTTP/1.1
Host: 1337.pk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xodaywfaxt.agbeautythailand.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections