Report - rb.gy/0qdxg4

Report Overview

Visited public
2023-12-10 05:36:13
Tags
URL
rb.gy/0qdxg4
Finishing URL
publicity-preservation-sean-valium.trycloudflare.com/login.html.php
IP / ASN
44.207.55.129
#14618 AMAZON-AES
Title
Pinterest

Detections

urlquery

0

Network Intrusion Detection

4

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
publicity-preservation-sean-valium.trycloudflare.com	unknown	unknown	No data	No data	608 B	2.5 MB	104.17.123.55
rb.gy	103780	2019-09-17	2019-10-11 21:55:07	2023-12-09 05:28:23	478 B	313 B	44.207.55.129
s.pinimg.com	732	2010-05-29	2017-01-13 23:40:08	2023-12-09 18:14:12	508 B	3.0 kB	23.38.200.197

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-10 05:35:53	low	44.207.55.129	Client IP	ET INFO Observed URL Shortening Service SSL/TLS Cert (rb.gy)
2023-12-10 05:35:53	medium	Client IP	Internal IP	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
2023-12-10 05:35:53	medium	Client IP	Internal IP	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)
2023-12-10 05:35:54	medium	Client IP	Internal IP	ET POLICY Observed DNS Query to Commonly Abused Cloudflare Domain (trycloudflare .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	publicity-preservation-sean-valium.trycloudflare.com/login.html.php	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL publicity-preservation-sean-valium.trycloudflare.com/login.html.php IP 104.17.123.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 19:07 Times Seen4656716 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (3)

	URL	IP	Response	Size
	rb.gy/0qdxg4	44.207.55.129		0 B
URL rb.gy/0qdxg4 IP 44.207.55.129:0 ASN #14618 AMAZON-AES File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /0qdxg4 HTTP/1.1 Host: rb.gy User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 301 Moved Permanently date: Sun, 10 Dec 2023 05:35:46 GMT content-length: 0 location: https://publicity-preservation-sean-valium.trycloudflare.com/ cache-control: no-cache, no-store expires: -1 engine: Rebrandly.redirect, version 2.1 strict-transport-security: max-age=15552000 X-Firefox-Spdy: h2`

	s.pinimg.com/webapp/style/images/logo_trans_144x144-642179a1.png	23.38.200.197	200 OK	2.6 kB
URL GET HTTP/2 s.pinimg.com/webapp/style/images/logo_trans_144x144-642179a1.png IP 23.38.200.197:443 ASN #16625 AKAMAI-AS Requested by https://publicity-preservation-sean-valium.trycloudflare.com/login.html.php Certificate IssuerDigiCert Inc Subject.pinterest.com Fingerprint8E:D1:BC:9A:53:E5:51:57:5E:48:5E:22:82:8C:60:F8:74:F0:08:AC ValidityMon, 07 Aug 2023 00:00:00 GMT - Wed, 07 Aug 2024 23:59:59 GMT File type PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced - data Size 2.6 kB (2624 bytes) Hash 642179a17f962b246dc2a32c1725b320 eae40c186bad4a414220a65ffa8e5996ae2bba34 47ee705fb56b5bca8c3c2ef438381141c1bb43db03b9844eaa3ce6a5e3148b40 HTTP Headers `GET /webapp/style/images/logo_trans_144x144-642179a1.png HTTP/1.1 Host: s.pinimg.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://publicity-preservation-sean-valium.trycloudflare.com/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK etag: "642179a17f962b246dc2a32c1725b320" accept-ranges: bytes content-type: image/png content-length: 2624 cache-control: max-age=1209600 alt-svc: h3=":443"; ma=600 vary: Accept-Encoding, Origin akamai-x-true-ttl: 1209600 x-cdn: akamai access-control-max-age: 86400 access-control-expose-headers: X-CDN access-control-allow-methods: GET access-control-allow-origin: * X-Firefox-Spdy: h2`

	publicity-preservation-sean-valium.trycloudflare.com/login.html.php	104.17.123.55	200 OK	2.5 MB
URL User Request GET HTTP/2 publicity-preservation-sean-valium.trycloudflare.com/login.html.php IP 104.17.123.55:443 ASN #13335 CLOUDFLARENET Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint5B:5C:6A:21:34:82:E0:1C:17:E9:A0:BF:53:9F:27:0F:21:40:02:B7 ValidityFri, 28 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT File type Size 2.5 MB (2469256 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /login.html.php HTTP/1.1 Host: publicity-preservation-sean-valium.trycloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://publicity-preservation-sean-valium.trycloudflare.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Sun, 10 Dec 2023 05:35:56 GMT content-type: text/html; charset=UTF-8 cf-ray: 8333205fa811b4eb-OSL cf-cache-status: DYNAMIC x-powered-by: PHP/8.2.7 vary: Accept-Encoding server: cloudflare content-encoding: gzip X-Firefox-Spdy: h2`