Report - sypx.xpxnoulepg.ru/xsic/

Report Overview

Visited public
2024-12-12 06:55:16
Tags
suspicious
URL
sypx.xpxnoulepg.ru/xsic/
Finishing URL
sypx.xpxnoulepg.ru/xsic/
IP / ASN
172.67.206.196
#13335 CLOUDFLARENET
Title
Suspicious - Anti-debugging code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2024-12-11	440 B	15 kB	104.17.24.14
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-12-11	1.1 kB	8.4 kB	104.18.94.41
code.jquery.com	634	2005-12-10	2012-05-21	2024-12-11	412 B	32 kB	151.101.2.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	sypx.xpxnoulepg.ru/xsic/	ScriptElement	20 kB	2024-12-12	2024-12-12
Pretty URL sypx.xpxnoulepg.ru/xsic/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-12 06:55 Last Seen2024-12-12 06:55 Times Seen1 Hash c2fe1721f60222529902960fb0559117 557d8bb1ad350155ad0b37ac5d2ce8c33749a0ec 8f53b1269b851fe07460d01e3a3b16384d58fe56ad84ef5465d0223b593410f4 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-07
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 03:42 Times Seen205118 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	ScriptElement	48 kB	2024-12-05	2024-12-17
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-05 14:49 Last Seen2024-12-17 09:29 Times Seen3946 Hash b0b3774e70e752266b4cf190e6d95053 03823d33d8c374dd69b66f1d75a5fc93d29967e1 a9f0787e39291d7bcb873d0d514f1d2c8db0256fd741c2abc4d46a809254e141 Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-05-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-07 03:42 Times Seen92465 Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Loading...

	unknown	ScriptElement	1.6 kB	2024-12-12	2024-12-12
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-12 06:55 Last Seen2024-12-12 06:55 Times Seen1 Hash e33417f36756c9544d956be3dccc7666 33d20a2d17dc74a7bcc48742388268e937da51cc 79a1b5c6af49ebdf2bc2c22f076f7b4e73d1999a3f38fa559becc7332b87f660 Loading...

	unknown	ScriptElement	1.5 kB	2024-12-12	2024-12-12
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-12 06:55 Last Seen2024-12-12 06:55 Times Seen1 Hash a69d5867565f19aa4118c8ea4fb2d305 0cdc38e458d5c8607431fbd5b13677420ea16d79 3b3ce74d7f1737189c40e906644dbb0c9e53284cae33e03546beed2f819ff846 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6wmab/0x4AAAAAAA0rId-x8AoOojuU/auto/fbE/normal/auto/	ScriptElement	3.7 kB	2024-12-12	2024-12-12
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6wmab/0x4AAAAAAA0rId-x8AoOojuU/auto/fbE/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-12 06:55 Last Seen2024-12-12 06:55 Times Seen1 Hash 69e52ef5b0bb71590f2df45485d3ace6 ad3c310ad85179de1f1c3131c8b2b070b9e565e6 73e282d4ae4b3eebc6154593ecda7f11a8cb8f8caaa86e1704840d49bf029c62 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8f0bce396ca5b51d&lang=auto	ScriptElement	116 kB	2024-12-12	2024-12-12
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8f0bce396ca5b51d&lang=auto IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-12 06:55 Last Seen2024-12-12 06:55 Times Seen1 Hash 450a5155b721edf225018c5acd0c2ccd 06a24ef3a5f801b974fa7f7dc416a9cc2f9edc25 c5e75811ea98a7a0fc9e6cd58fcac72123207795b13e31401d017d14711a472f Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-07 03:45
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-07 03:45 Times Seen368320 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

		Size	First Seen	Last Seen
	#1 Write - eafb326d4a124133309633095f52a398	5.5 kB	2024-12-12 06:55	2024-12-12 06:55
Pretty Observations First Seen2024-12-12 06:55 Last Seen2024-12-12 06:55 Times Seen1 Hash eafb326d4a124133309633095f52a398 3b6ce14f9b02950808a9d131b36f7f789b5daa9c 674e54e28cf13493b32ad38e5c780551c938a65567948e6574cb6f5dc5a116b5 Loading...

HTTP Transactions (4)

	URL	IP	Response	Size
	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	104.17.24.14	200 OK	14 kB
URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP 104.17.24.14:0 ASN #13335 CLOUDFLARENET File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators Size 14 kB (13972 bytes) Hash 2ca03ad87885ab983541092b87adb299 1a17f60bf776a8c468a185c1e8e985c41a50dc27 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 HTTP Headers `GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sypx.xpxnoulepg.ru/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 12 Dec 2024 06:54:52 GMT content-type: application/javascript; charset=utf-8 content-length: 13972 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "61182885-3694" last-modified: Sat, 14 Aug 2021 20:33:09 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 26383 expires: Tue, 02 Dec 2025 06:54:52 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vSNoaOuoAUvRNun1o7mpw7btOX7MPYjdl8BgMf2RffXir7ooDaHOZiFAXVFJWX3qL1AAeGxpp8zx%2FiOoHos90bYK88Tw8au7AYEGTjsPstJDPWNXcYfR1rRlEVQeXryDcEvFCsEz"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 8f0bce382d3456bf-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	104.18.94.41	302 Found	0 B
URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP 104.18.94.41:0 ASN #13335 CLOUDFLARENET File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /turnstile/v0/api.js?render=explicit HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sypx.xpxnoulepg.ru/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 302 Found date: Thu, 12 Dec 2024 06:54:52 GMT content-length: 0 access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/g/f9063374b04d/api.js vary: Accept-Encoding server: cloudflare cf-ray: 8f0bce382e0f1bfa-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2`

	code.jquery.com/jquery-3.6.0.min.js	151.101.2.137	200 OK	31 kB
URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.2.137:0 ASN #54113 FASTLY File type JavaScript source, ASCII text, with very long lines (65447) Size 31 kB (30875 bytes) Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e HTTP Headers `GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sypx.xpxnoulepg.ru/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=utf-8 last-modified: Fri, 18 Oct 1991 12:00:00 GMT etag: W/"28feccc0-15d9d" cache-control: public, max-age=31536000, stale-while-revalidate=604800 access-control-allow-origin: * cross-origin-resource-policy: cross-origin content-encoding: gzip via: 1.1 varnish, 1.1 varnish accept-ranges: bytes date: Thu, 12 Dec 2024 06:54:52 GMT age: 2509782 x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL x-cache: HIT, HIT x-cache-hits: 71, 420288 x-timer: S1733986492.254738,VS0,VE0 vary: Accept-Encoding content-length: 30875 X-Firefox-Spdy: h2

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6wmab/0x4AAAAAAA0rId-x8AoOojuU/auto/fbE/normal/auto/	104.18.94.41	200 OK	6.6 kB
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6wmab/0x4AAAAAAA0rId-x8AoOojuU/auto/fbE/normal/auto/ IP 104.18.94.41:0 ASN #13335 CLOUDFLARENET File type HTML document, ASCII text, with very long lines (22073) Size 6.6 kB (6565 bytes) Hash f20f2e8d60475fd7425bb9703ac60777 4a7be57748c8e3810de0cf89e7d88c7469f5864f 2e12496ce9553755b2568bc775b993d04c43b4fb9c740247d4bfa4cdfe4b1a6c HTTP Headers GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/6wmab/0x4AAAAAAA0rId-x8AoOojuU/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://sypx.xpxnoulepg.ru/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Thu, 12 Dec 2024 06:54:52 GMT content-type: text/html; charset=UTF-8 cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin document-policy: js-profiling priority: u=4,i=?0 server: cloudflare cf-ray: 8f0bce396ca5b51d-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash