Report - cybe-monday.com/l/EArwvfhsxQdiksMYdzmf

Report Overview

Visited public
2023-11-30 10:17:51
Tags
URL
cybe-monday.com/l/EArwvfhsxQdiksMYdzmf
Finishing URL
about:certerror?e=nssBadCert&u=https%3A//www.a2ccecmtrk.com/cmp/6BD8LF8/2TBHNH/%3Fsource_id%3D26%26sub3%3Df7a7fc515cfa4428980933d4a964b29c&c=UTF-8&d=%20
IP / ASN
104.21.85.97
#13335 CLOUDFLARENET
Title
Warning: Potential Security Risk Ahead

Detections

urlquery

0

Network Intrusion Detection

1

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.henk3ks.com	unknown	2022-11-01	2022-11-11 12:13:56	2023-11-30 00:08:41	526 B	853 B	34.117.154.36
mitmdetection.services.mozilla.com	67826	1994-10-18	2019-07-22 10:39:59	2023-11-30 08:36:42	378 B	326 B	54.230.111.49
www.a2ccecmtrk.com	623855	2021-09-27	2021-09-27 21:59:53	2023-11-20 23:08:42	557 B	0 B	0.0.0.0
ocsp.starfieldtech.com	6616	2003-03-06	2012-06-22 20:08:50	2023-11-29 05:26:49	692 B	5.3 kB	192.124.249.41

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-30 10:17:38	medium	Client IP	Internal IP	ET INFO DNS Query for Suspicious .icu Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

	URL	IP	Response	Size
	ocsp.starfieldtech.com/	192.124.249.41		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.41:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2148 bytes) Hash 598cb2f1cd30f30a973dc47ce2da66d3 14a54186cd0257e494da6ba43021c7de171ff4f8 fde822f911dbcada9b7f77558f8e61e48639d9ce8f5e81afcaba9fdf37e14121 HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 75 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Thu, 30 Nov 2023 10:17:34 GMT Content-Type: application/ocsp-response Content-Length: 2148 Connection: keep-alive X-Sucuri-ID: 19041 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Thu, 30 Nov 2023 05:42:32 GMT Expires: Fri, 01 Dec 2023 05:42:32 GMT ETag: "14a54186cd0257e494da6ba43021c7de171ff4f8" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	www.henk3ks.com/262DXM/X67FKK/?sub1=wgcii57nfq08r2dt2hchrcao	34.117.154.36	302 Found	124 B
URL User Request GET HTTP/2 www.henk3ks.com/262DXM/X67FKK/?sub1=wgcii57nfq08r2dt2hchrcao IP 34.117.154.36:443 ASN #15169 GOOGLE Certificate IssuerStarfield Technologies, Inc. Subjecthenk3ks.com FingerprintEC:25:7D:55:06:C5:BE:02:7A:AA:9D:B7:19:64:1B:2B:91:FF:1D:23 ValiditySat, 02 Sep 2023 13:37:36 GMT - Thu, 03 Oct 2024 13:37:36 GMT File type HTML document, ASCII text Size 124 B (124 bytes) Hash 9a02d53fd35127b69ab3affc097ed4b4 944efa33096ce84132f1d4bf41f73f9797d991c7 e67d6c0461c259c7e74dbfe0dd34d706a59a0d4a8db31ea097ac519f5c801622 HTTP Headers GET /262DXM/X67FKK/?sub1=wgcii57nfq08r2dt2hchrcao HTTP/1.1 Host: www.henk3ks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: nginx date: Thu, 30 Nov 2023 10:17:34 GMT content-type: text/html; charset=utf-8 content-length: 124 accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model location: https://www.a2ccecmtrk.com/cmp/6BD8LF8/2TBHNH/?source_id=26&sub3=f7a7fc515cfa4428980933d4a964b29c set-cookie: uniqueClick_X67FKK=a5abdb78-fc62-461b-877e-9eebe0412d49:1701339454; Path=/; Expires=Fri, 01 Dec 2023 10:17:34 GMT; Secure; SameSite=None transaction_id=f7a7fc515cfa4428980933d4a964b29c; Path=/; Expires=Wed, 28 Feb 2024 10:17:34 GMT; Secure; SameSite=None vary: Origin x-eflow-request-id: 9d1fb759-cfc0-4342-b132-0879d0693b0c via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	mitmdetection.services.mozilla.com/	54.230.111.49		0 B
URL mitmdetection.services.mozilla.com/ IP 54.230.111.49:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `HEAD / HTTP/1.1 Host: mitmdetection.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 404 Not Found content-type: application/xml date: Thu, 30 Nov 2023 10:17:35 GMT server: AmazonS3 x-cache: Error from cloudfront via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 5NDB0DVxEf4qwsC9XZ1bQB-94gVHatpQx6BPrsqRAjioWn92yaRsOw== X-Firefox-Spdy: h2`

	ocsp.starfieldtech.com/	192.124.249.22		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.22:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2148 bytes) Hash 598cb2f1cd30f30a973dc47ce2da66d3 14a54186cd0257e494da6ba43021c7de171ff4f8 fde822f911dbcada9b7f77558f8e61e48639d9ce8f5e81afcaba9fdf37e14121 HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 75 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Thu, 30 Nov 2023 10:17:37 GMT Content-Type: application/ocsp-response Content-Length: 2148 Connection: keep-alive X-Sucuri-ID: 19022 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Thu, 30 Nov 2023 05:42:32 GMT Expires: Fri, 01 Dec 2023 05:42:32 GMT ETag: "14a54186cd0257e494da6ba43021c7de171ff4f8" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	www.a2ccecmtrk.com/cmp/6BD8LF8/2TBHNH/?source_id=26&sub3=f7a7fc515cfa4428980933d4a964b29c	0.0.0.0		0 B
URL User Request GET www.a2ccecmtrk.com/cmp/6BD8LF8/2TBHNH/?source_id=26&sub3=f7a7fc515cfa4428980933d4a964b29c IP 0.0.0.0:0 ASN #0 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /cmp/6BD8LF8/2TBHNH/?source_id=26&sub3=f7a7fc515cfa4428980933d4a964b29c HTTP/1.1 Host: www.a2ccecmtrk.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache