Report - dayzilons.pw/apif

Report Overview

Visited public
2023-11-26 15:55:11
Tags
URL
dayzilons.pw/apif
Finishing URL
dayzilons.pw/apif
IP / ASN
104.21.4.133
#13335 CLOUDFLARENET
Title
Just a moment...

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dayzilons.pw	unknown	2023-11-09	2023-11-09 08:57:52	2023-11-26 15:16:21	1.7 kB	14 kB	172.67.132.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	high	Client IP	172.67.132.29	ThreatFox botnet C2 traffic (url - confidence level: 100%)
2023-11-26 15:54:56	low	Client IP	172.67.132.29	ET INFO HTTP Request to a *.pw domain
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:56	low	Client IP	104.21.4.133	ET INFO HTTP Request to a *.pw domain
2023-11-26 15:54:56	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:57	low	Client IP	104.21.4.133	ET INFO HTTP Request to a *.pw domain
2023-11-26 15:54:57	medium	Client IP	Internal IP	ET DNS Query to a *.pw domain - Likely Hostile
2023-11-26 15:54:57	low	Client IP	104.21.4.133	ET INFO HTTP Request to a *.pw domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed
2023-11-26	medium	dayzilons.pw	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2023-11-17	medium	dayzilons.pw	Lumma Stealer
2023-11-17	medium	dayzilons.pw	Lumma Stealer
2023-11-17	medium	dayzilons.pw	Lumma Stealer
2023-11-17	medium	dayzilons.pw	Lumma Stealer

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	dayzilons.pw/apif	ScriptElement	3.9 kB	2024-08-20	2024-08-20
Pretty URL dayzilons.pw/apif IP 172.67.132.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:50 Last Seen2024-08-20 17:50 Times Seen1 Hash 4af34c6ea2b74b0406daa2f43e18542d 5f5ff377908f53ef14c0e1cbc616a9c0f4761ccd a35f297fb3bc64b6492d1aba34d7695d329259eb6d00ce7178d6440b07978e6d Loading...

HTTP Transactions (4)

URL IP Response Size

dayzilons.pw/apif

172.67.132.29

403 Forbidden

3.1 kB

URL User Request GET HTTP/1.1
dayzilons.pw/apif
IP
172.67.132.29:80
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix\012- data
Size
3.1 kB (3101 bytes)
Hash
41db553d2263f39184ed1105aa76c2be
5cdd41c6d304c66b8b8bfa475cdf8aa91ff9e5ab
536602cd002a3c436c4031ec0ce03be5340e0cd845320d7d2afaeffd7b768922

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /apif HTTP/1.1
Host: dayzilons.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 26 Nov 2023 15:54:52 GMT
location: http://dayzilons.pw/apif
cache-control: max-age=3600
expires: Sun, 26 Nov 2023 16:54:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUi65OwgKMt2tVSunmNn12XOHhNn1yFYJcOSqYf4ezlGzy0nWV2JOb1OQthsZSw2QKI9XWxpPdgwZkf9QxZlTu4PTAi2%2F0Cb4pntemMqBm0Qbhac0nktnWJgUhZAv3c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82c350013824712a-OSL
X-Firefox-Spdy: h2

dayzilons.pw/cdn-cgi/styles/challenges.css

104.21.4.133

200 OK

2.6 kB

URL GET HTTP/1.1
dayzilons.pw/cdn-cgi/styles/challenges.css
IP
104.21.4.133:80
ASN
#13335 CLOUDFLARENET

Requested by
http://dayzilons.pw/apif

File type
ASCII text, with very long lines (6600), with no line terminators
Size
2.6 kB (2624 bytes)
Hash
2c78b7f8fa496092bf41d5edd51611e7
8b0b1b276e8194b0a5497db478ec2ea9b4f83c42
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: dayzilons.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dayzilons.pw/apif
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 15:54:53 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Nov 2023 21:55:48 GMT
ETag: W/"65568fe4-19c8"
Server: cloudflare
CF-RAY: 82c350046cd2712d-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 26 Nov 2023 17:54:53 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip

dayzilons.pw/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82c350015a9356bf

104.21.4.133

200 OK

1.9 kB

URL GET HTTP/1.1
dayzilons.pw/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82c350015a9356bf
IP
104.21.4.133:80
ASN
#13335 CLOUDFLARENET

Requested by
http://dayzilons.pw/apif

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (394)
Size
1.9 kB (1943 bytes)
Hash
57cd223387307fbd8c822c58470839d9
2d439a7443cb8b47f59406e863826dc180d40661
36101986bb8af4dff3576710b98c70e10940bdfbdb750f729a414c5d0c4d6604

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82c350015a9356bf HTTP/1.1
Host: dayzilons.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dayzilons.pw/apif?__cf_chl_rt_tk=jP4KCSvNoq1RZ9dzsNryq5pczdHvzcZnhkCdb6jZYNQ-1701014093-0-gaNycGzNBeU
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 26 Nov 2023 15:54:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vsy1A6J%2B3hdwk%2F%2BP0%2BJMcmS%2F4qAaMoCI4lHOO9TPhibSIvolA3FxoiRluhLw6ed4SrYu%2Bm%2FBlGNXeQowa4TkfNgfEHsP%2FM2GmFt3guqnNIGoz7h4NWzvq0jX5PfcnGI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82c35004ed67712d-OSL
Content-Encoding: gzip

dayzilons.pw/favicon.ico

104.21.4.133

403 Forbidden

3.1 kB

URL GET HTTP/1.1
dayzilons.pw/favicon.ico
IP
104.21.4.133:80
ASN
#13335 CLOUDFLARENET

Requested by
http://dayzilons.pw/apif

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4724), with no line terminators
Size
3.1 kB (3117 bytes)
Hash
473e7ef0f959e6ad3756897368f90830
dff5688fc22067998dfc47810446051931955a5c
2f2c7157a668bec1eac6585c12850e72c76bc62003cd0881d6e72965cc9a45aa

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.pw domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dayzilons.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dayzilons.pw/apif
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sun, 26 Nov 2023 15:54:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2DR20EqDVio3OTBGCh723J0e32MKh06sZWOpMn3gAPqbTjrP0UCH%2FDiRY7REFrslwK9sJk3FW9sg%2FOLjGuKtEez%2FNjM56kf4yJiGDmJ8U0Aus09FBVVS038bdM4afrI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82c350053dbb712d-OSL
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers