Report - ttxxttt.eirc.eu.org/

Report Overview

Visited public
2025-04-20 11:59:25
Tags
URL
ttxxttt.eirc.eu.org/
Finishing URL
ttxxttt.eirc.eu.org/
IP / ASN
104.21.33.162
#13335 CLOUDFLARENET
Title
ttxxttt.eirc.eu.org/

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ttxxttt.eirc.eu.org	unknown	unknown	2025-04-20	2025-04-20	2.4 kB	27 kB	104.21.33.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-19	medium	ttxxttt.eirc.eu.org/	NetEase
2025-04-19	medium	ttxxttt.eirc.eu.org/	NetEase
2025-04-19	medium	ttxxttt.eirc.eu.org/	NetEase
2025-04-19	medium	ttxxttt.eirc.eu.org/	NetEase

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	ttxxttt.eirc.eu.org/	ScriptElement	40 B	2025-04-20	2025-04-20
Pretty URL ttxxttt.eirc.eu.org/ IP 104.21.33.162 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-20 11:59 Last Seen2025-04-20 11:59 Times Seen1 Hash bf2fc64ffb06db055c22fca0883b10a4 3645d8786e782e092e0fe31eded27f34fe6e8e37 fa7ebb661fdf089903acef788b5757cc94c2c132291b750e6df74a889aa34213 Loading...

HTTP Transactions (5)

URL IP Response Size

ttxxttt.eirc.eu.org/

104.21.33.162

530 No Reason Phrase

6.2 kB

URL User Request GET
ttxxttt.eirc.eu.org/
IP
104.21.33.162:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectttxxttt.eirc.eu.org
Fingerprint18:77:E1:19:BE:2A:28:A4:9A:0B:EE:51:A4:82:FD:B6:DA:0F:C6:33
ValiditySun, 02 Mar 2025 13:09:29 GMT - Sat, 31 May 2025 14:09:22 GMT

File type
HTML document, ASCII text, with very long lines (501)
Size
6.2 kB (6193 bytes)
Hash
ea11bbac8ada86b47bc1b32954439b87
ca256ee8b5a8675f0647e751ebd28e97018d9f05
b41774ab69648cac60d2ed02ad0dac3a40ddda28e6472b9fd67e28e01744d46c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	NetEase

HTTP Headers

GET / HTTP/1.1
Host: ttxxttt.eirc.eu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 530 No Reason Phrase
date: Sun, 20 Apr 2025 11:59:05 GMT
content-type: text/html; charset=UTF-8
cf-ray: 933479393c59b4ff-OSL
server: cloudflare
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TVkaBUBcB7nyAQRkHVC9CDT19lhIRpMwuKwQMMpZabec8oaX5x2fxe362DFO4BPjEsIHwlR4s%2FiBH5WQW0QV9RJSOe%2FzFOaH9K0UAz791WaJQNnlz7ZoONyxR1W0r%2BqCyPGkB0uW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6067&min_rtt=524&rtt_var=11063&sent=7&recv=11&lost=0&retrans=0&sent_bytes=2914&recv_bytes=1120&delivery_rate=4663446&cwnd=253&unsent_bytes=0&cid=2123044d2d108697&ts=368&x=0"
X-Firefox-Spdy: h2

ttxxttt.eirc.eu.org/

104.21.33.162

301 Moved Permanently

209 B

URL User Request GET
ttxxttt.eirc.eu.org/
IP
104.21.33.162:80
ASN
#13335 CLOUDFLARENET

File type

Size
209 B (209 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	NetEase

HTTP Headers

GET / HTTP/1.1
Host: ttxxttt.eirc.eu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Apr 2025 11:59:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 20 Apr 2025 12:59:05 GMT
Location: https://ttxxttt.eirc.eu.org/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B6CtcxHjNpAt6I5s5nTbFzprXJtbE74nS8R%2BoBYpXxAZvbfMlfdFuYamU%2Bb9qBGE2Gl7CoBVONcp23Z4WONDL%2BZdDUyoZ7sCVgEMS2ScR%2BJAHG0EfDzagnhKyAIHTyYnx3coiNFB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 9334793b3cb2b521-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=495&min_rtt=495&rtt_var=247&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=392&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

ttxxttt.eirc.eu.org/

104.21.33.162

202 Accepted

209 B

URL User Request GET
ttxxttt.eirc.eu.org/
IP
104.21.33.162:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectttxxttt.eirc.eu.org
Fingerprint18:77:E1:19:BE:2A:28:A4:9A:0B:EE:51:A4:82:FD:B6:DA:0F:C6:33
ValiditySun, 02 Mar 2025 13:09:29 GMT - Sat, 31 May 2025 14:09:22 GMT

File type
HTML document, ASCII text
Size
209 B (209 bytes)
Hash
48277726f0acdb15baabf1b1dfc485ed
e5519b8e4354643926c4d3e40b9489e341f9a6b6
cb7851e716fe40aab682229a1b10530262264f2f958ef12d13a662ca2d198aa7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	NetEase

HTTP Headers

GET / HTTP/1.1
Host: ttxxttt.eirc.eu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 202 Accepted
date: Sun, 20 Apr 2025 11:59:06 GMT
content-type: text/html; charset=utf-8
server: cloudflare
cf-cache-status: DYNAMIC
cache-control: no-store
cf-ray: 9334793b986db4ff-OSL
pragma: no-cache
eo-cache-status: MISS
eo-log-uuid: 2203705750919829251
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ygHG6Sij1AV7S%2B%2Fei2EDvBZgLkkyE4OoBQqs0aaJ602CIyCBMKAZMwi5oB0dDLq1SXk7TqJBhUGWrpNN9KgX5%2B6VsR1u5hp4ZuDbjEuTlYCNUHd1PIsK0HtuNu3qUmTtuRFBWpVD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: x-waf-captcha-referer=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dedtunnel; Path=/; Max-Age=60
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2772&min_rtt=516&rtt_var=4320&sent=15&recv=19&lost=0&retrans=0&sent_bytes=9996&recv_bytes=1187&delivery_rate=11717919&cwnd=257&unsent_bytes=0&cid=2123044d2d108697&ts=1705&x=0"
X-Firefox-Spdy: h2

ttxxttt.eirc.eu.org/C2WF946J0/probe.js?v=vc1jasc

104.21.33.162

403 Forbidden

43 B

URL GET
ttxxttt.eirc.eu.org/C2WF946J0/probe.js?v=vc1jasc
IP
104.21.33.162:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ttxxttt.eirc.eu.org/
Certificate
IssuerGoogle Trust Services
Subjectttxxttt.eirc.eu.org
Fingerprint18:77:E1:19:BE:2A:28:A4:9A:0B:EE:51:A4:82:FD:B6:DA:0F:C6:33
ValiditySun, 02 Mar 2025 13:09:29 GMT - Sat, 31 May 2025 14:09:22 GMT

File type
ASCII text, with no line terminators
Size
43 B (43 bytes)
Hash
56e6853b09bcbe2fb2d3584b44a18de8
19a667204b93d7fcaa2a0e1bad872cecb6062d12
b97d69bb0d401fd967281e924037b2152570bf3a521f890cdce63b18ad166732

HTTP Headers

GET /C2WF946J0/probe.js?v=vc1jasc HTTP/1.1
Host: ttxxttt.eirc.eu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ttxxttt.eirc.eu.org/
Cookie: x-waf-captcha-referer=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dedtunnel
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sun, 20 Apr 2025 11:59:08 GMT
content-type: text/plain;charset=UTF-8
cf-ray: 933479435d14b4ff-OSL
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7iN62ofcDSJH1qsWb5A0zlNN4iPt3iMO1YeqfZdQrWI%2BqaWzWjM36SDRUaoMBwv21dO0Iop5xx2rpr6%2BT5IFlbFvMzjLWqVHQH%2BOqI5ScqtwFhVX68dfi7JV5CQ20uKBT3njzFRU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: BYPASS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=2013&min_rtt=410&rtt_var=2970&sent=19&recv=23&lost=0&retrans=0&sent_bytes=10871&recv_bytes=1380&delivery_rate=11717919&cwnd=257&unsent_bytes=0&cid=2123044d2d108697&ts=3570&x=0"
X-Firefox-Spdy: h2

ttxxttt.eirc.eu.org/favicon.ico

104.21.33.162

200 OK

15 kB

URL GET
ttxxttt.eirc.eu.org/favicon.ico
IP
104.21.33.162:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ttxxttt.eirc.eu.org/
Certificate
IssuerGoogle Trust Services
Subjectttxxttt.eirc.eu.org
Fingerprint18:77:E1:19:BE:2A:28:A4:9A:0B:EE:51:A4:82:FD:B6:DA:0F:C6:33
ValiditySun, 02 Mar 2025 13:09:29 GMT - Sat, 31 May 2025 14:09:22 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
36901548345ffbc054d06e63abb3c08a
83896f098aba5fe822bb773a4842b4ecd83ab488
f5b03e2d8e09b423315d2700a47327be8464747c01cb2d6014afa87cfe86d893

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	NetEase

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ttxxttt.eirc.eu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ttxxttt.eirc.eu.org/
Cookie: x-waf-captcha-referer=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dedtunnel
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 11:59:12 GMT
content-type: image/x-icon
cf-cache-status: MISS
server: cloudflare
etag: W/"67fccb18-3aee"
last-modified: Mon, 14 Apr 2025 08:45:12 GMT
vary: Accept-Encoding
via: CHN-SNxian-AREACT4-CACHE58[10],CHN-SNxian-AREACT4-CACHE11[0,TCP_HIT,1],CHN-TJ-GLOBAL1-CACHE106[3],CHN-TJ-GLOBAL1-CACHE11[0,TCP_HIT,1]
nginx-hit: 1
x-ccdn-cachettl: 2592000
x-ccdn-expires: 2062588
x-ccdn-req-id-46b1: 35bf5195ade2805139e0fb412db8cb16
x-hcs-proxy-type: 1
cf-ray: 9334794e19935687-OSL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jfXQ8asBQgcvl%2FgcHZmRMxw6adk1AEHsGEbWUcDukmEXZ2CTGZeLShCAwZhxErYDiySB7BubWUOu88cliITIqnVWXAZYTjBg%2F87jEWOByfArBq9FxED2hUGj8HSuxHrxOF%2F2t8VM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cache-control: max-age=14400
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4241&min_rtt=752&rtt_var=2053&sent=44&recv=52&lost=0&retrans=0&sent_bytes=5473&recv_bytes=3528&delivery_rate=2480&cwnd=12000&unsent_bytes=0&cid=27d32e5eb29af4b2&ts=5419&x=16"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers