Report Overview
URL
lofty-wz7eqcharm.ssvzv.ru/mcBQ5LXmvLfwsoIg!/$lroemersberger@slurpmail.net
Finishing URL
lofty-wz7eqcharm.ssvzv.ru/fz74wb102rv?986f552222cd400d13-e8fa314a5708a4d76c529353c/
IP / ASN
104.21.80.1
Title
Phishing - Microsoft
Phishing - Tycoon Phishing Kit
Detections
urlquery
3
Network Intrusion Detection
1
Threat Detection Systems
2
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
challenges.cloudflare.com | 11393 | 2009-02-17 | 2021-10-20 | 2025-09-10 | 7.2 kB | 581 kB | 104.18.95.41 |  |
release-assets.githubusercontent.com | 67648 | 2014-02-06 | 2025-05-11 | 2025-09-10 | 1.3 kB | 11 kB |  185.199.108.133 |    |
get.geojs.io | 99948 | 2017-02-18 | 2017-03-30 | 2025-09-11 | 1.0 kB | 2.4 kB | 104.26.0.100 | |
cdnjs.cloudflare.com | 1222 | 2009-02-17 | 2012-05-23 | 2025-09-10 | 922 B | 124 kB | 104.17.25.14 | |
lofty-wz7eqcharm.ssvzv.ru 87 alert(s) on this Domain | unknown | 2025-08-04 | 2025-09-16 | 2025-09-16 | 42 kB | 899 kB | 104.21.64.1 |  |
github.com | 40 | 2007-10-09 | 2016-07-13 | 2025-09-10 | 464 B | 15 kB |  140.82.121.4 |    |
ywd4.zeniosti.live 1 alert(s) on this Domain | unknown | 2025-08-31 | 2025-09-16 | 2025-09-16 | 471 B | 578 B | 188.114.96.1 | |
code.jquery.com | 4915 | 2005-12-10 | 2012-05-21 | 2025-09-10 | 1.3 kB | 270 kB | 151.101.194.137 |  |
wmzee0cianfdfnm4drq2sj2uwuu0ayrwzr4esjscejjvdow6sam5sro3pwjf.shijeashu.sa.com 2 alert(s) on this Domain | unknown | 2025-08-31 | 2025-09-16 | 2025-09-16 | 691 B | 1.3 kB | 172.67.164.139 | |
logincdn.msftauth.net | 23294 | 2018-10-25 | 2020-04-23 | 2025-09-10 | 494 B | 12 kB |  2.22.225.32 | |
ok4static.oktacdn.com | 150296 | 2014-11-11 | 2018-06-15 | 2025-09-11 | 2.1 kB | 268 kB | 3.167.2.112 |  |
Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Varnish (Caching)
Varnish is a reverse caching proxy.Microsoft HTTPAPI:2.0 (Web servers)
Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.Azure (PaaS)
Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.jQuery:3.6.0 (JavaScript libraries)
jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.jQuery CDN (CDN)
jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.Amazon S3 (CDN)
Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.Amazon Web Services (PaaS)
Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.GitHub Pages (PaaS)
GitHub Pages is a static site hosting service.Nginx (Web servers, Reverse proxies)
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.Amazon CloudFront (CDN)
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| medium | Client IP | 104.26.0.100 | ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| Quad9 DNS | lofty-wz7eqcharm.ssvzv.ru | malicious | Sinkholed |
| Quad9 DNS | wmzee0cianfdfnm4drq2sj2uwuu0ayrwzr4esjscejjvdow6sam5sro3pwjf.shijeashu.sa.com | malicious | Sinkholed |
JavaScript (89)
| HASH | FROM | Size | First Seen | Last Seen | |
|---|---|---|---|---|---|
| 086707e4369f60afedcafb16050a7618 | DocumentWrite | 39 B | 2023-03-07 | 2025-09-16 | |
Introduced by DocumentWrite First Seen 2023-03-07 Last Seen 2025-09-16 Times Seen 164916 Size 39 B (39 bytes) MD5 086707e4369f60afedcafb16050a7618 SHA1 8216b0cc6876cbd44f01c158e7dff3833ceccd41 Loading... | |||||
| 7f7c3287100c078b0dd6c15300034a18 | DocumentWrite | 47 kB | 2025-09-16 | 2025-09-16 | |
Introduced by DocumentWrite First Seen 2025-09-16 Last Seen 2025-09-16 Times Seen 1 Size 47 kB (47310 bytes) MD5 7f7c3287100c078b0dd6c15300034a18 SHA1 d59e95c8923350661c1e55ef2c2ea80a9817d50a Loading... | |||||
| 24a6e74736f3312221b76123c9d9f738 | DocumentWrite | 4.6 kB | 2025-09-16 | 2025-09-16 | |
Introduced by DocumentWrite First Seen 2025-09-16 Last Seen 2025-09-16 Times Seen 1 Size 4.6 kB (4644 bytes) MD5 24a6e74736f3312221b76123c9d9f738 SHA1 ebe11bb2a29e0757a4cdf69ad9304244ea68252d Loading... | |||||
| 20b1e9aeb7feb926545d3cbba408d5bf | DocumentWrite | 128 kB | 2025-09-16 | 2025-09-16 | |
Introduced by DocumentWrite First Seen 2025-09-16 Last Seen 2025-09-16 Times Seen 1 Size 128 kB (128517 bytes) MD5 20b1e9aeb7feb926545d3cbba408d5bf SHA1 3030b43a4d06b447e6b4f2cd51f6a540bffb9478 Loading... | |||||
| 9967fb0198b34ece1746fdd3673630f1 | DocumentWrite | 65 kB | 2025-09-16 | 2025-09-16 | |
Introduced by DocumentWrite First Seen 2025-09-16 Last Seen 2025-09-16 Times Seen 1 Size 65 kB (64676 bytes) MD5 9967fb0198b34ece1746fdd3673630f1 SHA1 5a9017061664b2c75037e05abf6e7e0e5cc9935f Loading... | |||||
HTTP Transactions (59)
| URL | IP | Response | Size |
|---|