Report - t.ly/ZUJqL

Report Overview

Visited public
2023-11-02 12:38:12
Tags
URL
t.ly/ZUJqL
Finishing URL
jbposta.top/
IP / ASN
104.26.13.201
#13335 CLOUDFLARENET
Title
jbposta.top/

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jbposta.top	unknown	2023-11-02	2023-11-02 08:00:33	2023-11-02 13:12:11	1.0 kB	26 kB	172.67.201.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-02 12:37:55	low	Client IP	Internal IP	ET INFO URL Shortening Service Domain in DNS Lookup (t .ly)
2023-11-02 12:37:55	low	Client IP	Internal IP	ET INFO URL Shortening Service Domain in DNS Lookup (t .ly)
2023-11-02 12:37:56	low	Client IP	172.67.75.122	ET INFO Observed URL Shortening Service Domain (t .ly in TLS SNI)
2023-11-02 12:37:56	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-11-02 12:37:56	medium	Client IP	172.67.201.201	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	jbposta.top/assets/index-fb7ff0b6.js	ScriptElement	69 kB	2023-10-24	2023-11-02
Pretty URL jbposta.top/assets/index-fb7ff0b6.js IP 172.67.201.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 17:35 Last Seen2023-11-02 13:38 Times Seen2 Hash ceef497cf6d2f17c0ddd9167387255e7 a3cc099471c0bd6385c3031fe360dffe702cd777 69cacadfa76716cae27c42df464cefff132baf5460c0f6afbfc9fb283f569351 Loading...

	jbposta.top/	ScriptElement	328 B	2023-04-07	2025-03-18
Pretty URL jbposta.top/ IP 172.67.201.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-03-18 21:01 Times Seen9141 Hash 3cb9786af5e65ff7a58c24c85677a40a 1dcbd37c74e0e059f17066831f594c4c2cd531f7 8bc5a4a4db521fb00a74ed14b2351db552ca6530233a4d403dfe004b6fd38f6a Loading...

	jbposta.top/	ScriptElement	84 B	2023-04-07	2025-06-13
Pretty URL jbposta.top/ IP 172.67.201.201 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-06-13 01:56 Times Seen14201 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

HTTP Transactions (3)

URL IP Response Size

jbposta.top/

172.67.201.201

200 OK

747 B

URL User Request GET HTTP/1.1
jbposta.top/
IP
172.67.201.201:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (435)
Size
747 B (747 bytes)
Hash
9c31dfa975c4fae0175e3b53b2b5f8a5
cc3b22e7eee213dd9e2c6e611a43ef83d92c3ea8
8af3fee5f7a189ffcab0ac16e675ccca44935dd6acab0d43d0845ccadf8bf90c

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: jbposta.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Nov 2023 12:37:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 23 Oct 2023 20:33:38 GMT
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8v%2BdQtlVHz0lEG96MEvF37%2BtC5p17B1txz9uFNgtSOML7xn288yT%2BuVwugl0RO9XTRFPkjG8E8RxnwETFXW%2Biy9t36bX42WCeY6XVyTEUoeQxSAdSDTiuO4XeSx8Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81fc6e7d78d80b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

jbposta.top/assets/index-fb7ff0b6.js

172.67.201.201

200 OK

22 kB

URL GET HTTP/1.1
jbposta.top/assets/index-fb7ff0b6.js
IP
172.67.201.201:80
ASN
#13335 CLOUDFLARENET

Requested by
http://jbposta.top/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (22320 bytes)
Hash
ceef497cf6d2f17c0ddd9167387255e7
a3cc099471c0bd6385c3031fe360dffe702cd777
69cacadfa76716cae27c42df464cefff132baf5460c0f6afbfc9fb283f569351

HTTP Headers

GET /assets/index-fb7ff0b6.js HTTP/1.1
Host: jbposta.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://jbposta.top/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Nov 2023 12:37:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 23 Oct 2023 20:33:44 GMT
Vary: Accept-Encoding
ETag: W/"6536d8a8-10cd2"
Expires: Thu, 09 Nov 2023 12:37:56 GMT
Cache-Control: max-age=604800
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ueqZJZW5mXAZ%2FGvPBvschTZPMKguT2a2liPG%2B84Erpxe%2BB4iX27aGwfA4XDcOWavoIVyeG%2FmZeezV1oS9JHprV7EBUT%2BSmeiGlNl3FLdaer0jcJ5G1NppDSg4BB%2BMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81fc6e816be30b55-OSL
alt-svc: h2=":443"; ma=60

jbposta.top/favicon.ico

172.67.201.201

200 OK

397 B

URL GET HTTP/1.1
jbposta.top/favicon.ico
IP
172.67.201.201:80
ASN
#13335 CLOUDFLARENET

Requested by
http://jbposta.top/

File type
MS Windows icon resource - 1 icon, 16x16\012- data
Size
397 B (397 bytes)
Hash
4053dfb4509b7c2d5a3596e2875caab1
3c1f289f080ab434719b38541f45ae0283d06944
8c085bf3fbcd594d612f2497a9946a3573225dc0f17fc65b0166aa8b1ec0fd1d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: jbposta.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://jbposta.top/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Nov 2023 12:37:56 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 23 Oct 2023 20:33:33 GMT
ETag: W/"6536d89d-57e"
Expires: Thu, 09 Nov 2023 12:37:56 GMT
Cache-Control: max-age=604800
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LtbqJ%2FxB1TdRuWcWrvovftZr%2FgbllB9ksCSItlWMOy1Qtb5FKQNkDuqiJFRlPziltSCPxqPWp6aQjvaGDziukyBRBpg0ZH64JDmqIV3vKMyQ6zyx23kW55qYRDSCrg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 81fc6e84ae7e0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (3)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers