Report - mrdsw8.com/

Report Overview

Visited public
2025-03-16 23:29:36
Tags
URL
mrdsw8.com/
Finishing URL
www.riyxzudq.cc/
IP / ASN
172.67.218.179
#13335 CLOUDFLARENET
Title
每日大赛官网 - 吃瓜爆料每日大赛聚集地 mrds.fun

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.riyxzudq.cc	unknown	2025-02-08	2025-03-16	2025-03-16	1.8 kB	50 kB	154.207.77.2
mrdsw8.com	unknown	2024-12-16	2025-03-16	2025-03-16	479 B	1.2 kB	172.67.218.179

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-16	medium	riyxzudq.cc	Sinkholed
2025-03-16	medium	riyxzudq.cc	Sinkholed
2025-03-16	medium	riyxzudq.cc	Sinkholed
2025-03-16	medium	riyxzudq.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	www.riyxzudq.cc/	ScriptElement	5.6 kB	2025-03-16	2025-03-16
Pretty URL www.riyxzudq.cc/ IP 154.207.77.2 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-16 23:29 Last Seen2025-03-16 23:29 Times Seen1 Hash ffb29cdfb737fe84900e414dc81e5bd8 7c5809c7def2e69e960a66eced18e6524d2007ca 16eb3aa11d93793b426aff561cc055cd8af6d5195841c49938dad6f6264164f0 Loading...

	mrdsw8.com/	ScriptElement	173 B	2025-03-16	2025-03-16
Pretty URL mrdsw8.com/ IP 172.67.218.179 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-16 23:29 Last Seen2025-03-16 23:29 Times Seen1 Hash ed6bc43343a4ec0f469c77eadf97c515 ad5b0a6021361fbe729e13a42109430651854459 788ef695e0d5ac7d8e6912864f64fb3fcd37086ca355566c1acb2938cd32de8d Loading...

	www.riyxzudq.cc/	ScriptElement	1.5 kB	2023-08-24	2025-04-09
Pretty URL www.riyxzudq.cc/ IP 154.207.77.2 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-24 21:43 Last Seen2025-04-09 06:26 Times Seen24 Hash 1f6dd845dbfe09a3501f7d1531324f15 6597685f372bad602d0b8162ff47000bc8f3bde6 f0522cea5ad7e49f6b80c4440b9179ad98875b34f76bfce7fb7e2616c4297d32 Loading...

	www.riyxzudq.cc/	ScriptElement	30 kB	2025-03-16	2025-03-16
Pretty URL www.riyxzudq.cc/ IP 154.207.77.2 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-16 23:29 Last Seen2025-03-16 23:29 Times Seen1 Hash a5d518f695dea665f85f51207310e6df 372ba2debe749ce7ac3aa7bd88c305f785d038e0 c7ac4c3584da607471d6b5f8e7c81454438085cdc5b0b19dcd1026b91a244231 Loading...

	www.riyxzudq.cc/js/Vx.js?t=v8	ScriptElement	4.7 kB	2023-08-24	2025-04-09
Pretty URL www.riyxzudq.cc/js/Vx.js?t=v8 IP 154.207.77.2 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-24 21:43 Last Seen2025-04-09 06:26 Times Seen24 Hash a3f6f4265759caee73de9d895280013f 5aacea03d6a379e1624e2f73fd2ef978b619da92 99327a2006fb63b91e8ada062cc929cc9c8c231cd0fb9df22bbff8989f517323 Loading...

	www.riyxzudq.cc/	ScriptElement	2.8 kB	2025-03-16	2025-03-16
Pretty URL www.riyxzudq.cc/ IP 154.207.77.2 ASN #63888 DATAWING LIMITED Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-16 23:29 Last Seen2025-03-16 23:29 Times Seen1 Hash 558620ae6c25c2d57528a4802486754c cadfb0b5dc08080c672006f962b22565f4d2806c 6b3165331ed554dcc616e3971b071fea5bececd5dac761b2338f16bbeb18450f Loading...

		Size	First Seen	Last Seen
	#1 Write - 1bc328bd1df20b062bad30b9785e5984	458 B	2025-03-16 23:29	2025-03-16 23:29
Pretty Observations First Seen2025-03-16 23:29 Last Seen2025-03-16 23:29 Times Seen1 Hash 1bc328bd1df20b062bad30b9785e5984 255250c89f0f47b811b08dafcfb9d9d0bd87ab3c c27fb759956d13078b13c5cdbdc9cee27fca7317a58f2d899255373a3ba04708 Loading...

HTTP Transactions (5)

URL IP Response Size

www.riyxzudq.cc/js/Vx.js?t=v8

154.207.77.2

200 OK

4.7 kB

URL GET
www.riyxzudq.cc/js/Vx.js?t=v8
IP
154.207.77.2:443
ASN
#63888 DATAWING LIMITED

Requested by
https://www.riyxzudq.cc/
Certificate
IssuerGoogle Trust Services
Subjectriyxzudq.cc
Fingerprint45:39:BD:28:62:F1:4E:B4:CB:C2:76:3A:51:15:2F:2E:A5:62:6F:CF
ValiditySat, 08 Feb 2025 03:08:58 GMT - Fri, 09 May 2025 04:07:42 GMT

File type
Apache Avro version 101
Size
4.7 kB (4719 bytes)
Hash
84f91497751b572e13899b0234627ceb
02d6dd8dde81654dee7857faf49c02d95e034963
18e2cd882cc52c4691c1656af035c456508f6461dc0bf91afffcfab9190ccc7b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/Vx.js?t=v8 HTTP/1.1
Host: www.riyxzudq.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.riyxzudq.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 16 Mar 2025 23:29:16 GMT
content-type: application/javascript
last-modified: Fri, 26 Jan 2024 08:13:13 GMT
etag: W/"65b36999-126f"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jXjw9T25jRuSd8qwj5Yhu5go1gzzfznolugXoGwBOaaSQdMfVgpOZjaym81VmonvHPSqq4IxeIfVEcvLq0cObGxBx4vqLb%2FGkYf7aiQS5pxjXLBAVk25iabaulI6GFhj6UI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9218081d8cf2abd2-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31264&min_rtt=26988&rtt_var=13174&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4070&recv_bytes=1366&delivery_rate=22009&cwnd=12000&unsent_bytes=0&cid=8da5e27fe4eadf20&ts=1131&x=1", cfExtPri, cfHdrFlush;dur=0

www.riyxzudq.cc/images/logo.png

154.207.77.2

200 OK

5.2 kB

URL GET
www.riyxzudq.cc/images/logo.png
IP
154.207.77.2:443
ASN
#63888 DATAWING LIMITED

Requested by
https://www.riyxzudq.cc/
Certificate
IssuerGoogle Trust Services
Subjectriyxzudq.cc
Fingerprint45:39:BD:28:62:F1:4E:B4:CB:C2:76:3A:51:15:2F:2E:A5:62:6F:CF
ValiditySat, 08 Feb 2025 03:08:58 GMT - Fri, 09 May 2025 04:07:42 GMT

File type
PNG image data, 450 x 230, 8-bit colormap, non-interlaced
Size
5.2 kB (5223 bytes)
Hash
ee0593745ea1766bbc7e5811ab77815b
61e42da7435785c05570a524274c90187ed14cdf
5450a76dabcd05b1fdfceca33ffda523d0942be34219f75f51b64df932b2b699

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: www.riyxzudq.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.riyxzudq.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 16 Mar 2025 23:29:16 GMT
content-type: image/png
content-length: 5223
last-modified: Fri, 26 Jan 2024 12:09:21 GMT
etag: "65b3a0f1-1467"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kkx%2BYJHq%2BnzVX3mW%2BGiVLlaESXSvXuz5YIGXbW0n4C%2Bz8QY%2BXmXjrxg7SjbM%2BI0Y21bfHj7KcL1Rcdqnj6oQtE7yS%2FlDcGCSeyx7ScRv52UmOztYJzHh50KomspfQ1qrd6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9218081d8cf4abd2-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31264&min_rtt=26988&rtt_var=13174&sent=14&recv=7&lost=0&retrans=0&sent_bytes=6336&recv_bytes=1366&delivery_rate=22009&cwnd=12000&unsent_bytes=0&cid=8da5e27fe4eadf20&ts=1141&x=1", cfExtPri, cfHdrFlush;dur=0

www.riyxzudq.cc/favicon.ico

154.207.77.2

200 OK

4.3 kB

URL GET
www.riyxzudq.cc/favicon.ico
IP
154.207.77.2:443
ASN
#63888 DATAWING LIMITED

Requested by
https://www.riyxzudq.cc/
Certificate
IssuerGoogle Trust Services
Subjectriyxzudq.cc
Fingerprint45:39:BD:28:62:F1:4E:B4:CB:C2:76:3A:51:15:2F:2E:A5:62:6F:CF
ValiditySat, 08 Feb 2025 03:08:58 GMT - Fri, 09 May 2025 04:07:42 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
47d548d69d1f84a499e4f9f700cd0c31
c3446995ff34f1bc4a11636e099957da25aab849
4f6db322fd42b4c307464f4657b5351bf6e87b2ac49007453a32c4f42b9b8d85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.riyxzudq.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.riyxzudq.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 16 Mar 2025 23:29:17 GMT
content-type: image/x-icon
last-modified: Fri, 26 Jan 2024 08:20:47 GMT
etag: W/"65b36b5f-10be"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RdU1%2BZ%2FJYc88DxbNCvzBW%2F9G%2F9ZBXEhugUG2WBqNtFLnMcKGaxHmBAqaKj2UAEM7KJ4r04OE%2F8g3VxRIn%2Fa1Yvf3i8yVBNtNVkUeINOOFmiLJ0h%2FKg4ezO6AhQHmfYlxS3c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92180820ee6babd2-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=31454&min_rtt=26988&rtt_var=9576&sent=21&recv=10&lost=0&retrans=0&sent_bytes=12425&recv_bytes=1735&delivery_rate=7795&cwnd=12000&unsent_bytes=0&cid=8da5e27fe4eadf20&ts=1671&x=1", cfExtPri, cfHdrFlush;dur=0

mrdsw8.com/

172.67.218.179

200 OK

311 B

URL User Request GET
mrdsw8.com/
IP
172.67.218.179:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmrdsw8.com
Fingerprint73:32:7B:E9:BA:92:1A:8C:5F:4F:5C:12:D1:D3:0D:C1:C4:DD:BC:3F
ValidityThu, 13 Feb 2025 08:45:34 GMT - Wed, 14 May 2025 09:43:58 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (313), with no line terminators
Size
311 B (311 bytes)
Hash
94d2f3321cd65f857de218b6a5432f5c
8d9b20c150170a0fdbd4329583fb91b5c5d3b699
ffe4c204ce381dd921859860c93d7b46b0f557cc0a31136f2ed851dec6ee8f68

HTTP Headers

GET / HTTP/1.1
Host: mrdsw8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 16 Mar 2025 23:29:14 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z9gpJvNIQgqaneYbTuEQU0s6xx3isR0TAxLKIjsqS7uFL6pe6apY1ChMpH6m4FJcLPFho7x1%2F8aSkhlTYdjP9HnCk4kzyx3hN2cswAtr77W6rH39gb05AF72ky1A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9218080e1ab1712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=477&min_rtt=372&rtt_var=147&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3268&recv_bytes=1245&delivery_rate=6950400&cwnd=254&unsent_bytes=0&cid=f5ce03e566aa1edf&ts=511&x=0"
X-Firefox-Spdy: h2

www.riyxzudq.cc/

154.207.77.2

200 OK

32 kB

URL User Request GET
www.riyxzudq.cc/
IP
154.207.77.2:443
ASN
#63888 DATAWING LIMITED

Certificate
IssuerGoogle Trust Services
Subjectriyxzudq.cc
Fingerprint45:39:BD:28:62:F1:4E:B4:CB:C2:76:3A:51:15:2F:2E:A5:62:6F:CF
ValiditySat, 08 Feb 2025 03:08:58 GMT - Fri, 09 May 2025 04:07:42 GMT

File type
HTML document, ASCII text, with very long lines (30356)
Size
32 kB (31854 bytes)
Hash
c63b0b7f37b0493b413b0066d85307ba
a114420b63dbcb64dc68ae3962a41781092139c8
5b445660996ba57aad22405b6672920eb494e741380cf9301bede3a834cf77f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www.riyxzudq.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mrdsw8.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 16 Mar 2025 23:29:15 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WIOnBWeW%2BtK4IErbxhSwTnph3E7iqZz22EEgxYV5hpVyNpOOkxbdyancYWAl8FVpjQPd0ovL%2BIVDECD1eeoCCzhjamKWHjxs6yef7jCzwW7NaXtZWoyGUTJJgIwLUwLjsk0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 921808163eae9309-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=31230&min_rtt=25805&rtt_var=13876&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3272&recv_bytes=1270&delivery_rate=167760&cwnd=254&unsent_bytes=0&cid=10de07d2eb981e6a&ts=442&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (5)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN