Report - gakp4xmd.xyz/?s=exio&t=21

Report Overview

Visitedpublic

2024-10-11 02:50:47

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-10 13:37:19	1.3 kB	3.6 kB	23.33.119.27
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-10 13:37:10	654 B	1.8 kB	23.33.119.57
gakp4xmd.xyz	unknown	2024-09-27	2024-10-07 06:40:18	2024-10-07 12:49:08	964 B	1.8 kB	104.21.23.60

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-11	medium	gakp4xmd.xyz	Sinkholed
2024-10-11	medium	gakp4xmd.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-11

Times Seen2056

Size504 B (504 bytes)

MD5e8655fceca672a60b40615879037e742

SHA1a58e96e869ed3caf523c47cc94e5808d67ff033e

SHA2567442a4ec6cb6cf290cd3677c77cd85ad4145048d536fb22872fa980e9cd9b708

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7442A4EC6CB6CF290CD3677C77CD85AD4145048D536FB22872FA980E9CD9B708"
Last-Modified: Thu, 10 Oct 2024 20:49:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17399
Expires: Fri, 11 Oct 2024 07:40:21 GMT
Date: Fri, 11 Oct 2024 02:50:22 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-12

Times Seen1745

Size504 B (504 bytes)

MD585587957f115a41b4d266a01ffa9d2a2

SHA14587aa98c2eab3ab844d28001cf948dbba5fd000

SHA256e2c7d2c5b96353b104eddbfe4fa3a93659bae1f72dd3e9fbecbf2c65ba49a1bc

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E2C7D2C5B96353B104EDDBFE4FA3A93659BAE1F72DD3E9FBECBF2C65BA49A1BC"
Last-Modified: Thu, 10 Oct 2024 21:01:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11261
Expires: Fri, 11 Oct 2024 05:58:03 GMT
Date: Fri, 11 Oct 2024 02:50:22 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-10

Last Seen2024-10-11

Times Seen6249

Size504 B (504 bytes)

MD598bbf57a5e5f7f90fd4a8eeba951c9b8

SHA1f9825be278e9bb848fedd3fef7e0fb5852593191

SHA256b5018224e661a6e445d442958f7bf4640744ae71d1b54cb56e71d244f3a2f543

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B5018224E661A6E445D442958F7BF4640744AE71D1B54CB56E71D244F3A2F543"
Last-Modified: Thu, 10 Oct 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2197
Expires: Fri, 11 Oct 2024 03:27:00 GMT
Date: Fri, 11 Oct 2024 02:50:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-12

Times Seen4554

Size504 B (504 bytes)

MD579cc92870c237da0a800ef6a3c32181e

SHA1db1eafb8715ecab04572ae3a2509e1482604e857

SHA256678a9d9c7a94705e293236ab03c6db471fec41d7b2ee0dc2f2ae92a59c9b21f6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "678A9D9C7A94705E293236AB03C6DB471FEC41D7B2EE0DC2F2AE92A59C9B21F6"
Last-Modified: Fri, 11 Oct 2024 01:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17333
Expires: Fri, 11 Oct 2024 07:39:16 GMT
Date: Fri, 11 Oct 2024 02:50:23 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-13

Times Seen8461

Size504 B (504 bytes)

MD5af0d1cea6aa0671f0271828695f79be4

SHA1ae58030b5e611aa6a2a4b608a18e49f7f4cbe9c3

SHA25633e0e5962e66d1ce7c82595b0bca02808bbddc350a471425a2046aeb2a4e9260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "33E0E5962E66D1CE7C82595B0BCA02808BBDDC350A471425A2046AEB2A4E9260"
Last-Modified: Thu, 10 Oct 2024 21:42:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19405
Expires: Fri, 11 Oct 2024 08:13:50 GMT
Date: Fri, 11 Oct 2024 02:50:25 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.33.119.57

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-11

Last Seen2024-10-13

Times Seen8461

Size504 B (504 bytes)

MD5af0d1cea6aa0671f0271828695f79be4

SHA1ae58030b5e611aa6a2a4b608a18e49f7f4cbe9c3

SHA25633e0e5962e66d1ce7c82595b0bca02808bbddc350a471425a2046aeb2a4e9260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "33E0E5962E66D1CE7C82595B0BCA02808BBDDC350A471425A2046AEB2A4E9260"
Last-Modified: Thu, 10 Oct 2024 21:42:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19405
Expires: Fri, 11 Oct 2024 08:13:50 GMT
Date: Fri, 11 Oct 2024 02:50:25 GMT
Connection: keep-alive

GET gakp4xmd.xyz/?s=exio&t=21

104.21.23.60

200 OK

20 B

URL User Request GET HTTPS

gakp4xmd.xyz/?s=exio&t=21

IP / ASN

104.21.23.60

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeASCII text, with no line terminators

First Seen2023-05-23

Last Seen2024-10-12

Times Seen98

Size20 B (20 bytes)

MD5bc6f34ae804b934f40a9200022fb754c

SHA1afbc2a847d8c09d5728d5f0d0730812ef241036e

SHA256b178cef0ecccf8cae964696a4498feca42738cc6709beaf256dae930b34263e4

Certificate Info

IssuerGoogle Trust Services

Subjectgakp4xmd.xyz

Fingerprint52:06:72:77:44:35:81:70:DF:03:D6:4C:B9:B5:A5:8F:F1:DB:53:8B

ValidityFri, 27 Sep 2024 20:25:36 GMT - Thu, 26 Dec 2024 20:25:35 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?s=exio&t=21 HTTP/1.1
Host: gakp4xmd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 11 Oct 2024 02:50:23 GMT
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=5955adc8e2b7c7913140277247c89a8d; path=/
cf-cache-status: DYNAMIC
server-timing: cfCacheStatus;desc="DYNAMIC"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jWi3FeauKTOKmNpfMW17CLr%2BtUlIyPpIVB1Cp3Lm6395vQWYNULtxTANSOHkNr7l59u7FFF8wyd8vN5zyfynu2qnYYFQh4NIWA7bDCaHpEr%2BehuA0vs0YGWx%2B2VEMto%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8d0b8ad6bebab527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET gakp4xmd.xyz/favicon.ico

104.21.23.60

404 Not Found

236 B

URL GET HTTPS

gakp4xmd.xyz/favicon.ico

IP / ASN

104.21.23.60

#13335 CLOUDFLARENET

Requested byhttps://gakp4xmd.xyz/?s=exio&t=21

Resource Info

File typeHTML document, ASCII text, with no line terminators

First Seen2023-04-05

Last Seen2025-08-08

Times Seen2215

Size236 B (236 bytes)

MD53dea6e4a74ae5c8a6b8dd3bae0de6081

SHA10b2672db2629a86272ca21084220113c548195db

SHA2566c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362

Certificate Info

IssuerGoogle Trust Services

Subjectgakp4xmd.xyz

Fingerprint52:06:72:77:44:35:81:70:DF:03:D6:4C:B9:B5:A5:8F:F1:DB:53:8B

ValidityFri, 27 Sep 2024 20:25:36 GMT - Thu, 26 Dec 2024 20:25:35 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gakp4xmd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gakp4xmd.xyz/?s=exio&t=21
Cookie: PHPSESSID=5955adc8e2b7c7913140277247c89a8d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 11 Oct 2024 02:50:24 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBewOTCQnbBERGQY8Wu1cBsvAnTvCWb%2B5ZSZQDn2AW%2BpnhnFV7dfHwF%2BmBQJwgOFaHwf46gwQupi0N1Yb11x6ysGsysVvd6ago9E6xQ1bQDeNiV8nfsnQ99uzmfEabQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8d0b8adbc84956cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400