Report - spectacularnaiad6fc0c4.netlify.app/?email=c2hhamlAc2x1cnBtYWlsLm5ldA==

Report Overview

Visitedpublic

2025-07-15 11:50:15

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
logo.clearbit.com	27344	2003-07-04	2015-06-30	2025-07-10	468 B	500 B	54.240.174.116
slurpmail.net	unknown	2022-07-06	2022-07-06	2025-07-12	543 B	0 B	0.0.0.0
spectacularnaiad6fc0c4.netlify.app	unknown	unknown	2025-07-15	2025-07-15	547 B	9.4 kB	35.157.26.135
timeast-cn.net	unknown	2024-04-29	2025-05-20	2025-07-15	447 B	10 kB	104.21.16.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-07-15	medium	timeast-cn.net/teamkash/next.js	Detects file containing Telegram Bot API
2025-07-15	medium	javascript.script.md5:32c607fbfc4aced7dda2814fa05ef317	Detects file containing Telegram Bot API

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-15	medium	slurpmail.net	Sinkholed

ThreatFox

No alerts detected

Telegram Bot detected (1)

URL

timeast-cn.net/teamkash/next.js

IP / ASN

104.21.16.1

#13335 CLOUDFLARENET

Token

7542920963:AAFAOt3R4QcffH4mc4uEbrlz2VTOAvQt0jE

Bot Overview

User ID7542920963

Usernamegostme_Bot

First Name@gost.me

Last NameN/A

Chat Info

Chat ID5341612459

Chat Typeprivate

TitleN/A

User Count2

Admins0

Pending Msgs0

JavaScript (1)

URL

From

Size

First Seen

Last Seen

timeast-cn.net/teamkash/next.js

ScriptElement

9.2 kB

2025-07-15

2025-07-21

URL

timeast-cn.net/teamkash/next.js

IP / ASN

104.21.16.1

#13335 CLOUDFLARENET

Introduced by ScriptElement

Embedded false

Resource Info

First Seen 2025-07-15

Last Seen 2025-07-21

Times Seen 107

Size 9.2 kB (9241 bytes)

MD5 32c607fbfc4aced7dda2814fa05ef317

SHA1 6a614b0065a91fbe6ab1b2777295af394f6828e4

SHA256 0c1ed51f2b23c6556d81b7e77620794d371132d75028a4571621aac2dbb3af91

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

Format Code

HTTP Transactions (4)

URL IP Response Size

GET logo.clearbit.com/slurpmail.net

54.240.174.116

404 Not Found

0 B

URL

logo.clearbit.com/slurpmail.net

IP / ASN

54.240.174.116

#16509 AMAZON-02

Requested byhttps://spectacularnaiad6fc0c4.netlify.app/?email=c2hhamlAc2x1cnBtYWlsLm5ldA==

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606706

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerAmazon

Subjectclearbit.com

Fingerprint91:80:1A:DB:BB:67:A9:69:FC:29:AC:91:61:B8:94:78:5B:01:F1:00

ValiditySat, 21 Dec 2024 00:00:00 GMT - Sun, 18 Jan 2026 23:59:59 GMT

HTTP Headers

GET /slurpmail.net HTTP/1.1
Host: logo.clearbit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spectacularnaiad6fc0c4.netlify.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: text/plain; charset=utf-8
content-length: 1
date: Tue, 15 Jul 2025 11:44:50 GMT
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: Error from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Cv30YzzkowaAvnANlmCM6jc4RNlvG-1CAa2LAsoL5pO0PXE9tVNuJg==
age: 290
X-Firefox-Spdy: h2

GET slurpmail.net/

0.0.0.0

0 B

URL

slurpmail.net/

IP / ASN

0.0.0.0

Requested byhttps://spectacularnaiad6fc0c4.netlify.app/?email=c2hhamlAc2x1cnBtYWlsLm5ldA==

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606706

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: slurpmail.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spectacularnaiad6fc0c4.netlify.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET spectacularnaiad6fc0c4.netlify.app/?email=c2hhamlAc2x1cnBtYWlsLm5ldA==

35.157.26.135

200 OK

8.9 kB

URL

spectacularnaiad6fc0c4.netlify.app/?email=c2hhamlAc2x1cnBtYWlsLm5ldA==

IP / ASN

35.157.26.135

#16509 AMAZON-02

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (692)

First Seen2025-07-15

Last Seen2025-07-21

Times Seen107

Size8.9 kB (8883 bytes)

MD50f15023c4c431d90c1a7b2445bcba23a

SHA12cfafb0cc28b758d809d48b877ce8d7b24ff5fbe

SHA256d323decf7c91cc20bac2b685381fb0697ba6c497c687d0237c1569aab48004de

Certificate Info

IssuerDigiCert Inc

Subject*.netlify.app

Fingerprint04:28:C9:A3:BC:06:50:9C:6B:0B:67:72:82:27:C6:3D:99:1B:5B:71

ValidityFri, 31 Jan 2025 00:00:00 GMT - Tue, 03 Mar 2026 23:59:59 GMT

HTTP Headers

GET /?email=c2hhamlAc2x1cnBtYWlsLm5ldA== HTTP/1.1
Host: spectacularnaiad6fc0c4.netlify.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 5127
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 15 Jul 2025 11:49:39 GMT
etag: "c1b82e1c1ac2de3fdbc2ee761c4332dc-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01K06YPHN5Q4YDSHTB4N8Q019M
content-length: 2241
X-Firefox-Spdy: h2

GET timeast-cn.net/teamkash/next.js

104.21.16.1

200 OK

9.2 kB

URL

timeast-cn.net/teamkash/next.js

IP / ASN

104.21.16.1

#13335 CLOUDFLARENET

Requested byhttps://spectacularnaiad6fc0c4.netlify.app/?email=c2hhamlAc2x1cnBtYWlsLm5ldA==

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (2049)

First Seen2025-07-15

Last Seen2025-07-21

Times Seen107

Size9.2 kB (9244 bytes)

MD532c607fbfc4aced7dda2814fa05ef317

SHA16a614b0065a91fbe6ab1b2777295af394f6828e4

SHA2560c1ed51f2b23c6556d81b7e77620794d371132d75028a4571621aac2dbb3af91

Certificate Info

IssuerGoogle Trust Services

Subjecttimeast-cn.net

Fingerprint00:E7:D0:50:AE:40:93:1E:81:56:77:40:25:75:33:6B:3A:F2:72:08

ValidityThu, 26 Jun 2025 12:36:30 GMT - Wed, 24 Sep 2025 13:33:57 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API
urlquery	suspicious	Suspicious - Suspicious Javascript code

HTTP Headers

GET /teamkash/next.js HTTP/1.1
Host: timeast-cn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://spectacularnaiad6fc0c4.netlify.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 15 Jul 2025 11:49:40 GMT
content-type: application/javascript
content-length: 3111
cache-control: public, max-age=604800
expires: Tue, 22 Jul 2025 03:05:35 GMT
last-modified: Tue, 27 May 2025 02:03:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
age: 31443
cf-cache-status: HIT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RUqIiaMY%2FxJojvv0aRoUEBtWZmdgKARNpuhpjlyajyaQHb9mRBfcbhEArzJQja2RbRJt73B025HjVXW5F9dnkye8JcCQBZS3BFt1vQ%3D%3D"}]}
cf-ray: 95f909ad8e6d568b-OSL
X-Firefox-Spdy: h2