Report - ynnm-hook.com/redirect.php?u=j875AzuVyQ7/l4wVtA/06Qfka

Report Overview

Visited public
2025-06-06 16:58:48
Tags
URL
ynnm-hook.com/redirect.php?u=j875AzuVyQ7/l4wVtA/06Qfka
Finishing URL
tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372
IP / ASN
104.21.16.1
#13335 CLOUDFLARENET
Title
★

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
yjdri-vvfde.com	unknown	2025-04-10	2025-05-28	2025-05-28	487 B	6.2 kB	104.21.33.24
tggb-rvee.com	unknown	2025-05-22	2025-06-03	2025-06-03	1.0 kB	6.0 kB	103.15.197.5
kingdomlpyk09.com	unknown	2023-12-17	2024-01-09	2025-05-11	774 B	631 B	103.15.197.5
savedomail10.com	unknown	unknown	2022-07-09	2025-05-11	361 B	0 B	0.0.0.0
ynnm-hook.com	unknown	unknown	No data	No data	522 B	6.0 kB	104.21.112.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-06	medium	savedomail10.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

GET ynnm-hook.com/redirect.php?u=j875AzuVyQ7/l4wVtA/06Qfka

104.21.112.1

302 Found

5.2 kB

URL User Request GET
ynnm-hook.com/redirect.php?u=j875AzuVyQ7/l4wVtA/06Qfka
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectynnm-hook.com
Fingerprint96:C6:FF:8B:82:05:8D:55:D2:F4:AA:AD:09:15:DA:11:E9:57:2D:74
ValidityThu, 22 May 2025 11:38:59 GMT - Wed, 20 Aug 2025 12:33:22 GMT

File type

Size
5.2 kB (5210 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.php?u=j875AzuVyQ7/l4wVtA/06Qfka HTTP/1.1
Host: ynnm-hook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 06 Jun 2025 16:58:27 GMT
content-type: text/html; charset=UTF-8
location: http://yjdri-vvfde.com/pc/member/sendMail.php?direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372
server: cloudflare
x-powered-by: PHP/5.3.3
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Inh67qZy0aQarojAN9LMoO9ERb2y7wn64DzPpJrEdkIbTepRg37z6oGdKSHsD4GlTDJaF8JxdPUBvu9qs1UXmOnpBTvUG8WyTb3k"}]}
cf-ray: 94b9745ecae856c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET yjdri-vvfde.com/pc/member/sendMail.php?direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372

104.21.33.24

302 Found

5.2 kB

URL User Request GET
yjdri-vvfde.com/pc/member/sendMail.php?direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372
IP
104.21.33.24:80
ASN
#13335 CLOUDFLARENET

File type

Size
5.2 kB (5210 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pc/member/sendMail.php?direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372 HTTP/1.1
Host: yjdri-vvfde.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 06 Jun 2025 16:58:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Cf-Cache-Status: DYNAMIC
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=c7e1CP7FIukY2el5Y6KdrIWxRm3WIJuRUbzogWZAMn8YNhcTrgIk6x2YxYBKVlQfMuWmU8IB3y8K2nWEePHJnepmF6SoHhCUxZj5CHM%3D"}]}
Set-Cookie: PHPSESSID=9aklap05ovsalmgiinel5fcn36; Path=/
PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5; Path=/
CF-RAY: 94b974624af4568a-OSL
alt-svc: h2=":443"; ma=60

GET tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372

103.15.197.5

200 OK

5.2 kB

URL User Request GET
tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372
IP
103.15.197.5:80
ASN
#23881 UDomain Web Hosting Company Ltd

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
5.2 kB (5210 bytes)
Hash
35a44cff883ecd7b89eeba13a74d209e
2d5f350edcaf7cb013d8c5d220a3de03f0a51c19
2ad3548bc9b8b16eaf55d1d969795b946b25805ae9ae77ce694846d9d0d899a8

HTTP Headers

GET /member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372 HTTP/1.1
Host: tggb-rvee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 06 Jun 2025 16:58:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 5210
Connection: close
Content-Type: text/html; charset=UTF-8

GET kingdomlpyk09.com/lib/HTML_Emoji/emoji_images/images/f977.gif

103.15.197.5

200 OK

76 B

URL GET
kingdomlpyk09.com/lib/HTML_Emoji/emoji_images/images/f977.gif
IP
103.15.197.5:80
ASN
#23881 UDomain Web Hosting Company Ltd

Requested by
http://tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372

File type
GIF image data, version 89a, 12 x 12
Size
76 B (76 bytes)
Hash
cb795e5c40dc5e9941c199aceb14215b
8a9a0ec535f06e9042ef861a31477b4ba91e25db
decdbfa456bd33607376211f914bcecd863b7b1527bd6bc7475d48e698c1b24b

HTTP Headers

GET /lib/HTML_Emoji/emoji_images/images/f977.gif HTTP/1.1
Host: kingdomlpyk09.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tggb-rvee.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 06 Jun 2025 16:58:29 GMT
Server: Apache
Last-Modified: Sat, 25 Jan 2014 04:17:04 GMT
ETag: "3562ddb-4c-4f0c3bf343000"
Accept-Ranges: bytes
Content-Length: 76
Connection: close
Content-Type: image/gif

GET savedomail10.com/images/page/96.jpg

0.0.0.0

0 B

URL GET
savedomail10.com/images/page/96.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
http://tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/page/96.jpg HTTP/1.1
Host: savedomail10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tggb-rvee.com/
Pragma: no-cache
Cache-Control: no-cache

GET kingdomlpyk09.com/lib/HTML_Emoji/emoji_images/images/f8e2.gif

103.15.197.5

200 OK

79 B

URL GET
kingdomlpyk09.com/lib/HTML_Emoji/emoji_images/images/f8e2.gif
IP
103.15.197.5:80
ASN
#23881 UDomain Web Hosting Company Ltd

Requested by
http://tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372

File type
GIF image data, version 89a, 12 x 12
Size
79 B (79 bytes)
Hash
2477582979652cd8c910dedc9f3a6052
8994f52c19aa1a3ead8e038504ad09f0e594f5ad
b481ebb0bb1fda1ae1ec3d555e5361cabe7be36b7fd50783c7dc3ecfb487b7e3

HTTP Headers

GET /lib/HTML_Emoji/emoji_images/images/f8e2.gif HTTP/1.1
Host: kingdomlpyk09.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tggb-rvee.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 06 Jun 2025 16:58:29 GMT
Server: Apache
Last-Modified: Sat, 25 Jan 2014 04:17:04 GMT
ETag: "356308d-4f-4f0c3bf343000"
Accept-Ranges: bytes
Content-Length: 79
Connection: close
Content-Type: image/gif

GET tggb-rvee.com/favicon.ico

103.15.197.5

200 OK

198 B

URL GET
tggb-rvee.com/favicon.ico
IP
103.15.197.5:80
ASN
#23881 UDomain Web Hosting Company Ltd

Requested by
http://tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors
Size
198 B (198 bytes)
Hash
d25665c8be0011f1b879fadd7aee2366
335b3202f8054a26ebdcc099ce11e354c8b19241
fc6bf8c20627d4c92bc20b2b37a67fb010b1fe1a8e5a4df37442671c719cccdc

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tggb-rvee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://tggb-rvee.com/member/sendMail.php?PHPSESSID=l4cv0lnka50rtpn1lmp8u6ist5&guid=ON&direct_user_cd=11928698&direct_password=7469&M_MAIL_SEQ=78442372
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 06 Jun 2025 16:58:29 GMT
Server: Apache
Last-Modified: Sat, 25 Jan 2014 04:17:04 GMT
ETag: "3542bee-c6-4f0c3bf343000"
Accept-Ranges: bytes
Content-Length: 198
Connection: close
Content-Type: image/vnd.microsoft.icon

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (7)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers