Report - distorted-allocations.xyz/

Report Overview

Visitedpublic

2026-03-15 04:50:57

Tags

Submit Tags

URL

distorted-allocations.xyz/

Finishing URL

distorted-allocations.xyz/

IP / ASN

104.21.27.180

#13335 CLOUDFLARENET

Title

$DISTORTED DISTRIBUTION

Detections

urlquery

0

Network Intrusion Detection

7

Threat Detection Systems

11

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
distorted-allocations.xyz	unknown	unknown	No data	No data	3.7 kB	220 kB	188.114.96.1
secure-auth-6185.vercel.app	unknown	unknown	2026-03-15	2026-03-15	2.3 kB	2.9 MB	216.198.79.131
pub-14c1504681d2427684ac1f489338d075.r2.dev	unknown	2022-08-23	2026-02-25	2026-03-12	3.9 kB	41 MB	104.18.50.34
dns.google	158	2018-04-16	2018-10-26	2026-03-12	519 B	806 B	8.8.4.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2026-03-15 04:50:28	low	Client IP	8.8.4.4	ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)
2026-03-15 04:50:32	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-15 04:50:32	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-15 04:50:32	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-15 04:50:32	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-15 04:50:32	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI
2026-03-15 04:50:32	low	Client IP	104.18.50.34	ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
Private YARA rules	secure-auth-6185.vercel.app/demo.php?id=69addbedacd7bd42deda01da&parent_url=distorted-allocations.xyz%2F	audit	Hunting_JS_WebAssembly
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Nextron YARA rules	pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif	malware	Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type
Hagezi Threat Feed	distorted-allocations.xyz	malicious	Sinkholed
DNS4EU	distorted-allocations.xyz	malicious	Sinkholed

JavaScript (8)

HTTP Transactions (21)

	URL	IP	Response	Size