Report - hoyx38mo.cc

Report Overview

Submitted URL
hoyx38mo.cc
IP
104.21.30.211
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-27 00:02:02
Access
public
Website Title
t33n leak 5-17 age
Final URL
hoyx38mo.cc/enter/register
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
b.yzcdn.cn	425969	2014-12-08	2015-07-08	2023-10-23	425 B	9.8 kB	154.85.69.54
hoxy62me.cc	unknown	unknown	No data	No data	570 B	595 B	104.21.93.213
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-25	1.3 kB	2.2 kB	162.159.129.233
hoyx38mo.cc	unknown	unknown	No data	No data	3.8 kB	1.2 MB	104.21.30.211

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-27	medium	hoyx38mo.cc	Sinkholed
2024-04-27	medium	hoyx38mo.cc	Sinkholed
2024-04-27	medium	hoyx38mo.cc	Sinkholed
2024-04-27	medium	hoyx38mo.cc	Sinkholed
2024-04-27	medium	hoyx38mo.cc	Sinkholed
2024-04-27	medium	hoyx38mo.cc	Sinkholed
2024-04-27	medium	hoyx38mo.cc	Sinkholed
2024-04-27	medium	hoyx38mo.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	hoyx38mo.cc/js/chunk-vendors.ea790e22.js	949 kB	2023-03-07	2024-05-08
Pretty URL hoyx38mo.cc/js/chunk-vendors.ea790e22.js IP 104.21.30.211 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:40 Last Seen2024-05-08 21:47:19 Times Seen2043 Hash 4fee178f809d1b2a829099a8bb91c56c 178b6322fdc40c08fcbda0c096c668855ad49b51 c3580c9951b9554639c1404a246b3f27f818a99240c728f04cb964cd9e50b73d Loading...

	hoyx38mo.cc/js/app.6c52e89b.js	178 kB	2024-04-27	2024-04-29
Pretty URL hoyx38mo.cc/js/app.6c52e89b.js IP 104.21.30.211 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 02:02:08 Last Seen2024-04-29 04:47:33 Times Seen4 Hash eca4587d76fef761e21ba74697ad9df1 4bc898f84ff83331049f67686a707de5d592948d 22482d3b7f4c8ee24f86b891709d66ae04aa76e968c243bf3aa9d21bacdb3428 Loading...

HTTP Transactions (12)

URL IP Response Size

cdn.discordapp.com/attachments/1232354173992042499/1232354189905231892/dfb23.mp4?ex=662926c6&is=6627d546&hm=e85c5087e9f114ac4a64adf377496bd346149fd5a115bf2ae69818e5a8335138&

162.159.129.233

36 B

URL
cdn.discordapp.com/attachments/1232354173992042499/1232354189905231892/dfb23.mp4?ex=662926c6&is=6627d546&hm=e85c5087e9f114ac4a64adf377496bd346149fd5a115bf2ae69818e5a8335138&
IP
162.159.129.233:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
a1ca4bebcd03fafbe2b06a46a694e29a
ffc88125007c23ff6711147a12f9bba9c3d197ed
c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

HTTP Headers

GET /attachments/1232354173992042499/1232354189905231892/dfb23.mp4?ex=662926c6&is=6627d546&hm=e85c5087e9f114ac4a64adf377496bd346149fd5a115bf2ae69818e5a8335138& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 27 Apr 2024 00:01:38 GMT
content-type: text/plain;charset=UTF-8
content-length: 36
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cMgwEqTONfcOkGVEgYIhYdF%2BZ8OoL00hayBPi5ZHQN%2BJy4qiWhwwcSno8aNGs35UCpHsBNzUeOP2JbRSZh9iP2WcAd7YG4DSLM%2B%2FGPpH3KgHtIDkuO5FtiMpd8juarDl33jCIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cf_bm=4YWZJvaRDJ5fUo76qo0QcQrYab8O50PaGgKMr1CEMlI-1714176098-1.0.1.1-2uU6I4sLdkXSRVjQ7Jp9Z96YeDSjS9OoC10pPG492xIdiLreZ6TtRkNX1m6ucg8DWyODwr3FKQX5sV72Lmd6iw; path=/; expires=Sat, 27-Apr-24 00:31:38 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=qChHH.exmr6d79nT6S0T3nW8aA8H_qyJUcAZzqpKzZQ-1714176098001-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87aa8a046fbfb4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

hoyx38mo.cc/css/chunk-vendors.c57533e1.css

104.21.30.211

200 OK

44 kB

URL GET HTTP/3
hoyx38mo.cc/css/chunk-vendors.c57533e1.css
IP
104.21.30.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecthoyx38mo.cc
FingerprintA9:20:97:28:E8:3C:C0:C9:33:53:B2:B0:FC:E2:D5:F0:C4:DD:BF:EA
ValidityWed, 17 Apr 2024 06:54:04 GMT - Tue, 16 Jul 2024 06:54:03 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (44535 bytes)
Hash
ebfffebc1f62c3be51082e6595a0a005
e278fbd6fd48150b3f366b50ed388983d934978c
f5ce9e73e1f7cea326eedd4f39d9b2d703ba4ccb31a6078cdc1fb16481298a32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-vendors.c57533e1.css HTTP/1.1
Host: hoyx38mo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 00:01:37 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 26 Apr 2024 15:57:06 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OcLRDvUaXuzV3WhvdiprgwPzw3gIj5VfCKgI82BBz2gQ%2BArH6ueRU29qkhJIXr2CE%2BJjmy2audHp4KuC0WIMwjRERfZbwsLuXQTOkObDgCT%2BcGpirQRRC7OO%2BAbTOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8a00acb20b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hoyx38mo.cc/img/icons/apple-touch-icon-152x152.png

104.21.30.211

200 OK

4.0 kB

URL GET HTTP/3
hoyx38mo.cc/img/icons/apple-touch-icon-152x152.png
IP
104.21.30.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecthoyx38mo.cc
FingerprintA9:20:97:28:E8:3C:C0:C9:33:53:B2:B0:FC:E2:D5:F0:C4:DD:BF:EA
ValidityWed, 17 Apr 2024 06:54:04 GMT - Tue, 16 Jul 2024 06:54:03 GMT

File type
PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced
Size
4.0 kB (4046 bytes)
Hash
1a034e64d80905128113e5272a5ab95e
92328e60f63d690f33cd4961b9934a539dc29b82
4d9685d610c4411caadd8d36ce94d3303cf5b05c8e04d67fc232c16a4469a135

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/apple-touch-icon-152x152.png HTTP/1.1
Host: hoyx38mo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 00:01:38 GMT
content-type: image/png
content-length: 4046
last-modified: Fri, 26 Apr 2024 15:57:08 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r9zLWWi76B0CfLvRCOiC7lCNoar9ZaSmrcONi0HaTs%2BhgCgrcYs15GswdPsXN%2FJBnSdvyppvSfEGRFA3GqzA1hOvLQxtjRu6O%2FMNYBhBYK5RF20Aats%2FhzhYMwxAbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8a05de3b0b51-OSL
alt-svc: h3=":443"; ma=86400

b.yzcdn.cn/vant/icon-demo-1126.png

154.85.69.54

200 OK

8.9 kB

URL GET HTTP/2
b.yzcdn.cn/vant/icon-demo-1126.png
IP
154.85.69.54:443
ASN
#139057 LEGEND DYNASTY PTE. LTD.

Requested by
https://hoyx38mo.cc/
Certificate
IssuersslTrus
Subject*.yzcdn.cn
Fingerprint6A:A8:BA:7C:D4:B4:86:0B:74:EB:E6:19:C8:69:2E:8B:13:6C:1E:1B
ValidityThu, 09 Nov 2023 00:00:00 GMT - Mon, 09 Dec 2024 23:59:59 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
8.9 kB (8886 bytes)
Hash
f87c46f346a5548224ccbe0b6bd75df5
8e8b8bd4ba3e6b6c8557d94a726061fdd62492fd
b6304eb9b754d38d3ad74d0acce42c156536840351368ed3e4895a6b50cd9370

HTTP Headers

GET /vant/icon-demo-1126.png HTTP/1.1
Host: b.yzcdn.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 00:01:38 GMT
content-type: image/png
content-length: 8886
server: openresty
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=2592000
content-disposition: inline; filename="icon-demo-1126.png"; filename*=utf-8''icon-demo-1126.png
content-md5: +HxG80alVIIkzL4La9dd9Q==
content-transfer-encoding: binary
etag: "Fo6Li9S6PmtshVfZSnJgYf3WJJL9"
last-modified: Mon, 26 Nov 2018 11:08:05 GMT
x-reqid: YyIAAAASg9geDiAX
x-svr: IO
x-qiniu-zone: 0
x-log: X-Log
x-ser: BC5_dx-lt-yd-zhejiang-huzhou-3-cache-7, BC165_lt-obgp-fujian-xiamen-33-cache-1, BC132_IT-Lombardia-Milan-1-cache-1, BC46_DE-Frankfurt-Frankfurt-11-cache-4
x-cache: HIT from BC46_DE-Frankfurt-Frankfurt-11-cache-4(baishan)
X-Firefox-Spdy: h2

hoyx38mo.cc/img/icons/favicon.svg

104.21.30.211

200 OK

12 kB

URL GET HTTP/3
hoyx38mo.cc/img/icons/favicon.svg
IP
104.21.30.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecthoyx38mo.cc
FingerprintA9:20:97:28:E8:3C:C0:C9:33:53:B2:B0:FC:E2:D5:F0:C4:DD:BF:EA
ValidityWed, 17 Apr 2024 06:54:04 GMT - Tue, 16 Jul 2024 06:54:03 GMT

File type
HTML document, ASCII text, with very long lines (2701), with no line terminators
Size
12 kB (12020 bytes)
Hash
7d22070f0ff829d29b0ca07fec977a15
b13f2574199d24c515ceb4f1521ec8240f477719
5110201ad35438dc1ec189583a3afdfd68c727794df4fa50aad3612385d1d831

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon.svg HTTP/1.1
Host: hoyx38mo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 00:01:38 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 18:51:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSEf5HtXo9uYpSqak6NlgTba5Swx5%2FmvTbzLLTOwIKnLf2h93GO9s3wtWFoIKdJfXKG4b1km7hbSTCXvL4DpvRBiifK3aQq5OQGWjTGVigl1XUsZE9xWMBo9jXF5xw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8a05de3c0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hoyx38mo.cc/

104.21.30.211

200 OK

2.7 kB

URL User Request GET HTTP/2
hoyx38mo.cc/
IP
104.21.30.211:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecthoyx38mo.cc
FingerprintA9:20:97:28:E8:3C:C0:C9:33:53:B2:B0:FC:E2:D5:F0:C4:DD:BF:EA
ValidityWed, 17 Apr 2024 06:54:04 GMT - Tue, 16 Jul 2024 06:54:03 GMT

File type
HTML document, ASCII text, with very long lines (2867), with no line terminators
Size
2.7 kB (2701 bytes)
Hash
c11f8c59ba27a49dd24be7044d05c075
aa16f81517ea5e6392f7507f0ddb19d7f42d8e74
669554d42a8276bf1d1aa3be2a01c87ba283bbcbb8cede4ec92ec6763e02c074

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: hoyx38mo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 00:01:37 GMT
content-type: text/html; charset=utf-8
last-modified: Fri, 26 Apr 2024 15:57:07 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rzs2JtLafJijQN7zgBrKUbeenqCbJjNbycVQxKAi8fbjg0zR9Ihn6EjswxtEPNvD%2F%2B1TJDO%2FWTONFxgnXqG43kpBHw9carNJDZmOZ1Qd4UERD1DDJMzlSEvKeGZpSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa89fddb2b56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

hoyx38mo.cc/js/chunk-vendors.ea790e22.js

104.21.30.211

200 OK

949 kB

URL GET HTTP/3
hoyx38mo.cc/js/chunk-vendors.ea790e22.js
IP
104.21.30.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecthoyx38mo.cc
FingerprintA9:20:97:28:E8:3C:C0:C9:33:53:B2:B0:FC:E2:D5:F0:C4:DD:BF:EA
ValidityWed, 17 Apr 2024 06:54:04 GMT - Tue, 16 Jul 2024 06:54:03 GMT

File type

Size
949 kB (949174 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.ea790e22.js HTTP/1.1
Host: hoyx38mo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 00:01:37 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 15:57:14 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTYpVYpVQ0gb7YvqVrk91m4QuUXMa32Ekr8AO%2FxVXcpF3L55PlE1PnqsBMWGBDRi4SMjpAxFKrxvEePxDz%2FS18aRNuZUM324NlPqWfysV0Yx4%2B6oAwsXu7Qd7jVHvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8a00acb00b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hoyx38mo.cc/css/app.2172c103.css

104.21.30.211

200 OK

16 kB

URL GET HTTP/3
hoyx38mo.cc/css/app.2172c103.css
IP
104.21.30.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecthoyx38mo.cc
FingerprintA9:20:97:28:E8:3C:C0:C9:33:53:B2:B0:FC:E2:D5:F0:C4:DD:BF:EA
ValidityWed, 17 Apr 2024 06:54:04 GMT - Tue, 16 Jul 2024 06:54:03 GMT

File type
ASCII text, with very long lines (15613), with no line terminators
Size
16 kB (15613 bytes)
Hash
eb7fa3149b7a8b78a934c5c2e47469ee
c54356de134f686a004bdc59434dff924145da02
98941054d0768f586959829bbe98b8143b61b01f85dc08ac483be8dbf12a2bab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.2172c103.css HTTP/1.1
Host: hoyx38mo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 00:01:37 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 26 Apr 2024 15:57:06 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8oisOespJs2js5OdssX%2BfThdluPTuZx5L3J1EJFaHCAHCkjXbhVt5F%2FE2z3m8aTfpY1IRRD74pJVXUqXE%2FqRDskD%2F1OfvL%2Bmt%2BzA8Edft4BmEgaOGeBMfqY3zYdDxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8a00acb40b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.discordapp.com/attachments/1232354173992042499/1232354189905231892/dfb23.mp4?ex=662926c6&is=6627d546&hm=e85c5087e9f114ac4a64adf377496bd346149fd5a115bf2ae69818e5a8335138&

162.159.129.233

404 Not Found

0 B

URL GET HTTP/2
cdn.discordapp.com/attachments/1232354173992042499/1232354189905231892/dfb23.mp4?ex=662926c6&is=6627d546&hm=e85c5087e9f114ac4a64adf377496bd346149fd5a115bf2ae69818e5a8335138&
IP
162.159.129.233:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /attachments/1232354173992042499/1232354189905231892/dfb23.mp4?ex=662926c6&is=6627d546&hm=e85c5087e9f114ac4a64adf377496bd346149fd5a115bf2ae69818e5a8335138& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 27 Apr 2024 00:01:38 GMT
content-type: text/plain;charset=UTF-8
content-length: 36
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cMgwEqTONfcOkGVEgYIhYdF%2BZ8OoL00hayBPi5ZHQN%2BJy4qiWhwwcSno8aNGs35UCpHsBNzUeOP2JbRSZh9iP2WcAd7YG4DSLM%2B%2FGPpH3KgHtIDkuO5FtiMpd8juarDl33jCIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cf_bm=4YWZJvaRDJ5fUo76qo0QcQrYab8O50PaGgKMr1CEMlI-1714176098-1.0.1.1-2uU6I4sLdkXSRVjQ7Jp9Z96YeDSjS9OoC10pPG492xIdiLreZ6TtRkNX1m6ucg8DWyODwr3FKQX5sV72Lmd6iw; path=/; expires=Sat, 27-Apr-24 00:31:38 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=qChHH.exmr6d79nT6S0T3nW8aA8H_qyJUcAZzqpKzZQ-1714176098001-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87aa8a046fbfb4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

hoyx38mo.cc/js/app.6c52e89b.js

104.21.30.211

200 OK

178 kB

URL GET HTTP/3
hoyx38mo.cc/js/app.6c52e89b.js
IP
104.21.30.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecthoyx38mo.cc
FingerprintA9:20:97:28:E8:3C:C0:C9:33:53:B2:B0:FC:E2:D5:F0:C4:DD:BF:EA
ValidityWed, 17 Apr 2024 06:54:04 GMT - Tue, 16 Jul 2024 06:54:03 GMT

File type

Size
178 kB (177713 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.6c52e89b.js HTTP/1.1
Host: hoyx38mo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 00:01:37 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 15:57:11 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g9vOdnyODcviNW6J5DrCbWit8R2R3iGX2mwltFpSNsiIe4eY5bz0s16VEpe0XJINEYX2kp6LAAgi9PN0gP1rVxTyii6jSGegHKfFN7PbAJ8pGS%2BzAvnmNMi8j1lScA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8a00acb10b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hoyx38mo.cc/getlog

104.21.30.211

200 OK

12 kB

URL GET HTTP/3
hoyx38mo.cc/getlog
IP
104.21.30.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecthoyx38mo.cc
FingerprintA9:20:97:28:E8:3C:C0:C9:33:53:B2:B0:FC:E2:D5:F0:C4:DD:BF:EA
ValidityWed, 17 Apr 2024 06:54:04 GMT - Tue, 16 Jul 2024 06:54:03 GMT

File type
JSON text data
Size
12 kB (11877 bytes)
Hash
cf865dd2382cf8678f2ffb29822c06c9
bb172b0a8c696679c6095409f3c689c955ac9499
31c540a67d938575deb3f79d1c5603ebebb4a497b24638ae6639c2b0564827b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /getlog HTTP/1.1
Host: hoyx38mo.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hoyx38mo.cc/enter/register
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 00:01:38 GMT
content-type: application/json; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=st2WD%2Fxnjpai6tPO8RAbHk%2FX%2FzL5x3T4ahLuaQL8nhR7GAHpBz1xgJHpvUG1AQqcjjWvLT85zJ3%2BNc6fysmtDiwwv%2FN1yrd2GntXktx9E6uNJvi7i1vdsMHIVpEzyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa8a040db00b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hoxy62me.cc/socket.io/?EIO=3&transport=websocket

104.21.93.213

101 Switching Protocols

0 B

URL GET HTTP/1.1
hoxy62me.cc/socket.io/?EIO=3&transport=websocket
IP
104.21.93.213:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hoyx38mo.cc/
Certificate
IssuerGoogle Trust Services LLC
Subjecthoxy62me.cc
Fingerprint3C:B3:F4:50:0D:CD:9E:94:BD:85:8A:9B:12:3F:B9:C3:3F:EB:36:77
ValidityFri, 26 Apr 2024 10:08:31 GMT - Thu, 25 Jul 2024 10:08:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: hoxy62me.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://hoyx38mo.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rUS/E1vUqw/KJW9OsjeLAA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sat, 27 Apr 2024 00:01:38 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ucw5txa0/ftKfgL9nPiONfgCSdI=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k5Y%2Beinp2o2HXcCtRcUVIWBFRrEJSnocXCDaYfZrtxo1e5Yf871b5WqrKVs6hTX66wxZbYi4VpQarjJIE4HhIX1EhuCsxiO8nQxtIZCTjwq2uQ%2BXO9ccxnssodNx%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa8a044a285696-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN