Report - dayzilons.pw/api4

Report Overview

Visited public
2023-11-26 15:55:11
Tags
URL
dayzilons.pw/api4
Finishing URL
dayzilons.pw/api4
IP / ASN
104.21.4.133
#13335 CLOUDFLARENET
Title
Just a moment...

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dayzilons.pw	unknown	2023-11-09	2023-11-09 08:57:52	2023-11-26 15:16:21	1.6 kB	14 kB	104.21.4.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-26 15:54:55	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:55	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:55	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:55	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:55	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:55	high	Client IP	104.21.4.133	ThreatFox botnet C2 traffic (url - confidence level: 100%)
2023-11-26 15:54:55	low	Client IP	104.21.4.133	ET INFO HTTP Request to a *.pw domain
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	low	Client IP	104.21.4.133	ET INFO HTTP Request to a *.pw domain
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	low	Client IP	104.21.4.133	ET INFO HTTP Request to a *.pw domain
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	low	Client IP	104.21.4.133	ET INFO HTTP Request to a *.pw domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2023-11-17	medium	dayzilons.pw	Lumma Stealer
2023-11-17	medium	dayzilons.pw	Lumma Stealer
2023-11-17	medium	dayzilons.pw	Lumma Stealer
2023-11-17	medium	dayzilons.pw	Lumma Stealer

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	dayzilons.pw/api4	ScriptElement	3.9 kB	2024-08-20	2024-08-20
Pretty URL dayzilons.pw/api4 IP 104.21.4.133 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:50 Last Seen2024-08-20 17:50 Times Seen1 Hash efaec7a745a9efb13e7fd7e15d5f5172 c475c941face33419e8154ae64958ac3e106ec76 d8e5f453ff8f8975b46bb8c8e58d78f6e5d3c515031e96ad6339a811064e69da Loading...

HTTP Transactions (4)

URL IP Response Size

dayzilons.pw/api4

104.21.4.133

403 Forbidden

3.1 kB

URL User Request GET HTTP/1.1
dayzilons.pw/api4
IP
104.21.4.133:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4690), with no line terminators
Size
3.1 kB (3097 bytes)
Hash
45f5ae58bbc3166d08bce411088efa3c
ff08fd5eb9af6590536cd04503cc914dc25205b7
f9c0f8fbe92d7e817bcc17620baf32cef0a8f0f07d80bb2267d733c48bc5ecf6

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /api4 HTTP/1.1
Host: dayzilons.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sun, 26 Nov 2023 15:54:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sobo%2B9LGhOEGeshAtP7xNvOTPItBJYAGXc%2FXeJFRirftz5T5smPXy%2BVgA0R%2FDLHHjn8Y8Vf7OEFrPne%2Bd5mJ6LhSuNM3R9mA%2BqmDywCLd%2BJ1rFX%2FzJ0T2KWeXK70uaE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82c34ffe583eb4f1-OSL
Content-Encoding: gzip

dayzilons.pw/cdn-cgi/styles/challenges.css

104.21.4.133

200 OK

2.6 kB

URL GET HTTP/1.1
dayzilons.pw/cdn-cgi/styles/challenges.css
IP
104.21.4.133:80
ASN
#13335 CLOUDFLARENET

Requested by
http://dayzilons.pw/api4

File type
ASCII text, with very long lines (6600), with no line terminators
Size
2.6 kB (2624 bytes)
Hash
2c78b7f8fa496092bf41d5edd51611e7
8b0b1b276e8194b0a5497db478ec2ea9b4f83c42
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: dayzilons.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dayzilons.pw/api4
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 15:54:52 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Nov 2023 21:55:48 GMT
ETag: W/"65568fe4-19c8"
Server: cloudflare
CF-RAY: 82c350013f681bfa-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 26 Nov 2023 17:54:52 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip

dayzilons.pw/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82c34ffe583eb4f1

104.21.4.133

200 OK

1.9 kB

URL GET HTTP/1.1
dayzilons.pw/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82c34ffe583eb4f1
IP
104.21.4.133:80
ASN
#13335 CLOUDFLARENET

Requested by
http://dayzilons.pw/api4

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (394)
Size
1.9 kB (1940 bytes)
Hash
835fd9239322f9cc6861617fb97f89d0
08a4987adc489db7f37b14a826d2d1877b81473d
220fa9e5eca1a183d7135e5e2df47a26e77ab7b18afaffd3267ac7e03e1c407c

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82c34ffe583eb4f1 HTTP/1.1
Host: dayzilons.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dayzilons.pw/api4?__cf_chl_rt_tk=CIYHoeGoKPYZLdaijNSxaKYKi6.fPwniP15d3zSbXJk-1701014092-0-gaNycGzNBeU
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 15:54:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zXKKkdU6w5yqefFtXOG%2FI5uRdeUjUCoOlAX8Wc9i605YdP12y3PdyvkwDgaVOF0%2FWyZ8O%2FXG6dtD0N4kI81Kohc0ehDjSeIDJzQ8Tq6FoYYRovAhm%2FXjvmmzCtKsU4I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82c350018fcc1bfa-OSL
Content-Encoding: gzip

dayzilons.pw/favicon.ico

104.21.4.133

403 Forbidden

3.1 kB

URL GET HTTP/1.1
dayzilons.pw/favicon.ico
IP
104.21.4.133:80
ASN
#13335 CLOUDFLARENET

Requested by
http://dayzilons.pw/api4

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4724), with no line terminators
Size
3.1 kB (3112 bytes)
Hash
f7c4ea248217c48bea2d14e3e16ca07d
5cd0782ed308ae2d7a6954379379c16912ec0c01
2fd806027ace457ca47a5a180a59f8bcc871fe4ddecaebb369538060266aadab

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dayzilons.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dayzilons.pw/api4
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sun, 26 Nov 2023 15:54:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oz%2BnylLto0MHxtri5o%2Fc8n7CZSCVVOp66y3PtE1JZZiNFKa9lag84qisbmx3WThh00Nt0HBwY8KhSqhRLp%2B9JQXe5XYuJl1UevPC4Uk6gxnHtkam3VYCS0maGbX03bA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82c35001afe61bfa-OSL
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers