Report - yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

Report Overview

Visited public
2025-04-30 08:54:23
Tags
URL
yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
Finishing URL
www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
IP / ASN
23.145.232.216
#0
Title
樱桃视频

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-30	440 B	383 kB	142.250.74.168
www.yt-lzyb1468.vip	unknown	2024-10-29	2025-04-30	2025-04-30	2.0 kB	22 kB	23.145.232.217
static.sinw.net	unknown	2023-06-05	2024-05-05	2025-04-23	5.4 kB	0 B	0.0.0.0
yt-lzyb1468.vip	unknown	2024-10-29	2025-04-30	2025-04-30	1.7 kB	18 kB	23.145.232.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-30	medium	yt-lzyb1468.vip	Sinkholed
2025-04-30	medium	yt-lzyb1468.vip	Sinkholed
2025-04-30	medium	yt-lzyb1468.vip	Sinkholed
2025-04-30	medium	yt-lzyb1468.vip	Sinkholed
2025-04-30	medium	yt-lzyb1468.vip	Sinkholed
2025-04-30	medium	yt-lzyb1468.vip	Sinkholed
2025-04-30	medium	yt-lzyb1468.vip	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt	ScriptElement	116 B	2024-05-15	2025-06-02
Pretty URL www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt IP 23.145.232.217 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-15 06:18 Last Seen2025-06-02 18:50 Times Seen25 Hash b1069f1279a2ab8f407129bf6f56af35 fefb3d213dd83edda750cf152a2a6daa22d55e74 d833617b86930faae8085e28d900608c8a2bb8a124e0656d9563f881fe47265c Loading...

	www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt	ScriptElement	5.7 kB	2025-04-30	2025-05-01
Pretty URL www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt IP 23.145.232.217 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-30 08:54 Last Seen2025-05-01 06:41 Times Seen2 Hash dbeba5e46e0277a6892d60e9750541c2 8522912e64f74dbe777f82e0a74d30d26708352b cfb56a933030ca11c71f8b07540bf219bee27a3063710350bca87e46fdd1448f Loading...

	www.googletagmanager.com/gtag/js?id=G-317TL56XJ0	ScriptElement	382 kB	2025-04-30	2025-04-30
Pretty URL www.googletagmanager.com/gtag/js?id=G-317TL56XJ0 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 08:54 Last Seen2025-04-30 08:54 Times Seen1 Hash bd6773a49f50775664c2506811134847 a154ea447622dc5543689200b58b1a9b718b1aa8 475053a2f8e1df07ea9bbb818b8ec888788d2f8c427b760add42561dd55bad6d Loading...

	www.yt-lzyb1468.vip/sw-script.js?t=v3	ScriptElement	3.5 kB	2025-02-01	2025-06-07
Pretty URL www.yt-lzyb1468.vip/sw-script.js?t=v3 IP 23.145.232.217 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-01 16:36 Last Seen2025-06-07 07:50 Times Seen96 Hash 071873f403db4db84ceb9899d191377b 63dd4995bd1c9230b7076eb8cf5b8c9f5a20d072 a7e865d816c91a5cbb3afe59d96c6ef800243742ea47153ec1d1df3ead5dea4f Loading...

	www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt	ScriptElement	120 B	2024-05-15	2025-06-07
Pretty URL www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt IP 23.145.232.217 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-15 06:18 Last Seen2025-06-07 07:50 Times Seen123 Hash a64648c1b057a97de3bcfc6def8e3ef1 99b6834dbf2d34824b979f9363d3beba24fd1ea2 20b4dff42e462aec142c7a807956d931203d19ea07ec7fa468ea921e149afe4e Loading...

		Size	First Seen	Last Seen
	#1 Write - e23c1aa2b2fb0662b2115bc7c5905181	4.0 kB	2025-04-30 08:54	2025-05-01 06:41
Pretty Observations First Seen2025-04-30 08:54 Last Seen2025-05-01 06:41 Times Seen2 Hash e23c1aa2b2fb0662b2115bc7c5905181 68a083feef7b08f77bde74b5619bb44bad0e2759 c933588d04b8aca61a171274b3aabc9173948a43509eb0272626cf9065943561 Loading...

HTTP Transactions (20)

URL IP Response Size

static.sinw.net/upload/2024-03-13/commons/app.js?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/commons/app.js?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/commons/app.js?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

yt-lzyb1468.vip/GE/CC/VALIDATOR?key=f5e0c7b2f8cf19222429de343246b621.3b1610475cd357c85b6c558f2ed2ecfc.1746003231&url=https%3A%2F%2Fyt-lzyb1468.vip%2F.well-known%2Fpki-validation%2Ffileauth.txt

23.145.232.217

302 Found

5.7 kB

URL User Request GET
yt-lzyb1468.vip/GE/CC/VALIDATOR?key=f5e0c7b2f8cf19222429de343246b621.3b1610475cd357c85b6c558f2ed2ecfc.1746003231&url=https%3A%2F%2Fyt-lzyb1468.vip%2F.well-known%2Fpki-validation%2Ffileauth.txt
IP
23.145.232.217:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.yt-lzyb1468.vip
Fingerprint32:E5:A7:50:25:BF:64:1E:2E:A5:36:4D:72:3E:92:D8:5C:97:FC:3F
ValiditySat, 01 Feb 2025 22:00:53 GMT - Fri, 02 May 2025 22:00:52 GMT

File type

Size
5.7 kB (5739 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /GE/CC/VALIDATOR?key=f5e0c7b2f8cf19222429de343246b621.3b1610475cd357c85b6c558f2ed2ecfc.1746003231&url=https%3A%2F%2Fyt-lzyb1468.vip%2F.well-known%2Fpki-validation%2Ffileauth.txt HTTP/1.1
Host: yt-lzyb1468.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: https://yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
content-length: 0
date: Wed, 30 Apr 2025 08:53:51 GMT
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-317TL56XJ0

142.250.74.168

200 OK

382 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-317TL56XJ0
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintE4:97:12:2A:2B:30:84:66:33:9D:D6:09:14:D3:8F:CE:3E:20:73:24
ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
382 kB (381837 bytes)
Hash
bd6773a49f50775664c2506811134847
a154ea447622dc5543689200b58b1a9b718b1aa8
475053a2f8e1df07ea9bbb818b8ec888788d2f8c427b760add42561dd55bad6d

HTTP Headers

GET /gtag/js?id=G-317TL56XJ0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Apr 2025 08:53:53 GMT
expires: Wed, 30 Apr 2025 08:53:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1072:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1072:0
report-to: {"group":"ascgcycc:1072:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1072:0"}],}
server: Google Tag Manager
content-length: 127018
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.sinw.net/upload/2024-03-13/abcdn/ABCDN2.js?t=1731312850591

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/abcdn/ABCDN2.js?t=1731312850591
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/abcdn/ABCDN2.js?t=1731312850591 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

static.sinw.net/upload/2024-03-13/vendor.js?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/vendor.js?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/vendor.js?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.yt-lzyb1468.vip/favicon.ico?v=231

23.145.232.217

200 OK

1.2 kB

URL GET
www.yt-lzyb1468.vip/favicon.ico?v=231
IP
23.145.232.217:443
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
Certificate
IssuerLet's Encrypt
Subject*.yt-lzyb1468.vip
Fingerprint32:E5:A7:50:25:BF:64:1E:2E:A5:36:4D:72:3E:92:D8:5C:97:FC:3F
ValiditySat, 01 Feb 2025 22:00:53 GMT - Fri, 02 May 2025 22:00:52 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
1b662e0d3eb0aed4385dd374a3d52420
d63d24f3a547de6e150bd1f72fd79b202cda1d50
4441503e6932a2a2df1f30616d1e2412c5a87a0425979997416366eab51109b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico?v=231 HTTP/1.1
Host: www.yt-lzyb1468.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: openresty
content-length: 1150
etag: "68109a6c-47e"
date: Wed, 30 Apr 2025 08:53:57 GMT
content-type: image/x-icon
last-modified: Tue, 29 Apr 2025 09:22:52 GMT
alt-svc: h3=":443"; h3-27=":443"; h3-28=":443"; h3-29=":443"; ma=315360000; quic=":443"
accept-ranges: bytes

static.sinw.net/upload/2024-03-13/abcdn/hls_raw_player.js?t=1733502053966

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/abcdn/hls_raw_player.js?t=1733502053966
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/abcdn/hls_raw_player.js?t=1733502053966 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

23.145.232.217

301 Moved Permanently

5.7 kB

URL User Request GET
yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
IP
23.145.232.217:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.yt-lzyb1468.vip
Fingerprint32:E5:A7:50:25:BF:64:1E:2E:A5:36:4D:72:3E:92:D8:5C:97:FC:3F
ValiditySat, 01 Feb 2025 22:00:53 GMT - Fri, 02 May 2025 22:00:52 GMT

File type

Size
5.7 kB (5739 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /.well-known/pki-validation/fileauth.txt HTTP/1.1
Host: yt-lzyb1468.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html
date: Wed, 30 Apr 2025 08:53:51 GMT
location: https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
server: openresty
content-length: 166
X-Firefox-Spdy: h2

www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

23.145.232.217

200 OK

5.7 kB

URL User Request GET
www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
IP
23.145.232.217:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.yt-lzyb1468.vip
Fingerprint32:E5:A7:50:25:BF:64:1E:2E:A5:36:4D:72:3E:92:D8:5C:97:FC:3F
ValiditySat, 01 Feb 2025 22:00:53 GMT - Fri, 02 May 2025 22:00:52 GMT

File type
HTML document, ASCII text, with very long lines (5739), with no line terminators
Size
5.7 kB (5739 bytes)
Hash
a57a9262de76853ea5b159e440618bc0
43925748c6a1a0fc24df847ffa491a636df75b64
2686072f9a03af690e21f70d67bfde7aa8b427c6764fea3cb51fa2ec39af9676

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /.well-known/pki-validation/fileauth.txt HTTP/1.1
Host: www.yt-lzyb1468.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html
date: Wed, 30 Apr 2025 08:53:52 GMT
etag: "68109a6d-166b"
last-modified: Tue, 29 Apr 2025 09:22:53 GMT
server: openresty
content-length: 5739
X-Firefox-Spdy: h2

static.sinw.net/upload/2024-03-13/abcdn/hls_raw_player.js?t=1733502053966

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/abcdn/hls_raw_player.js?t=1733502053966
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/abcdn/hls_raw_player.js?t=1733502053966 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.yt-lzyb1468.vip/sw-script.js?t=v3

23.145.232.217

200 OK

3.5 kB

URL GET
www.yt-lzyb1468.vip/sw-script.js?t=v3
IP
23.145.232.217:443
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
Certificate
IssuerLet's Encrypt
Subject*.yt-lzyb1468.vip
Fingerprint32:E5:A7:50:25:BF:64:1E:2E:A5:36:4D:72:3E:92:D8:5C:97:FC:3F
ValiditySat, 01 Feb 2025 22:00:53 GMT - Fri, 02 May 2025 22:00:52 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1109)
Size
3.5 kB (3500 bytes)
Hash
071873f403db4db84ceb9899d191377b
63dd4995bd1c9230b7076eb8cf5b8c9f5a20d072
a7e865d816c91a5cbb3afe59d96c6ef800243742ea47153ec1d1df3ead5dea4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-script.js?t=v3 HTTP/1.1
Host: www.yt-lzyb1468.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: openresty
content-type: application/javascript
content-length: 3500
last-modified: Tue, 29 Apr 2025 09:22:52 GMT
alt-svc: h3=":443"; h3-27=":443"; h3-28=":443"; h3-29=":443"; ma=315360000; quic=":443"
date: Wed, 30 Apr 2025 08:53:53 GMT
etag: "68109a6c-dac"
accept-ranges: bytes

static.sinw.net/upload/2024-03-13/commons/app.js?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/commons/app.js?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/commons/app.js?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

static.sinw.net/upload/2024-03-13/styles.css?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/styles.css?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/styles.css?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

static.sinw.net/upload/2024-03-13/runtime.js?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/runtime.js?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/runtime.js?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

23.145.232.217

302 Found

5.7 kB

URL User Request GET
yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
IP
23.145.232.217:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject*.yt-lzyb1468.vip
Fingerprint32:E5:A7:50:25:BF:64:1E:2E:A5:36:4D:72:3E:92:D8:5C:97:FC:3F
ValiditySat, 01 Feb 2025 22:00:53 GMT - Fri, 02 May 2025 22:00:52 GMT

File type

Size
5.7 kB (5739 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /.well-known/pki-validation/fileauth.txt HTTP/1.1
Host: yt-lzyb1468.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: /GE/CC/VALIDATOR?key=f5e0c7b2f8cf19222429de343246b621.3b1610475cd357c85b6c558f2ed2ecfc.1746003231&url=https%3A%2F%2Fyt-lzyb1468.vip%2F.well-known%2Fpki-validation%2Ffileauth.txt
content-length: 0
date: Wed, 30 Apr 2025 08:53:51 GMT
X-Firefox-Spdy: h2

static.sinw.net/upload/2024-03-13/styles.js?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/styles.js?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/styles.js?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

static.sinw.net/upload/2024-03-13/app.js?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/app.js?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/app.js?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.yt-lzyb1468.vip/apple-touch-icon.png

23.145.232.217

200 OK

10 kB

URL GET
www.yt-lzyb1468.vip/apple-touch-icon.png
IP
23.145.232.217:443
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
Certificate
IssuerLet's Encrypt
Subject*.yt-lzyb1468.vip
Fingerprint32:E5:A7:50:25:BF:64:1E:2E:A5:36:4D:72:3E:92:D8:5C:97:FC:3F
ValiditySat, 01 Feb 2025 22:00:53 GMT - Fri, 02 May 2025 22:00:52 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
10 kB (10404 bytes)
Hash
e0facfb8e4852a22ebba102cf8ba1ebb
ae878596b5dcab69df76ee789c82eb3bc0adc137
78b15e369c68acc4ebca936c2bd2c7a528b7fe5a943edd38f8d1cca7c50b33e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: www.yt-lzyb1468.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 30 Apr 2025 08:53:57 GMT
last-modified: Tue, 29 Apr 2025 09:22:52 GMT
alt-svc: h3=":443"; h3-27=":443"; h3-28=":443"; h3-29=":443"; ma=315360000; quic=":443"
server: openresty
content-type: image/png
etag: W/"68109a6c-28a4"
content-encoding: gzip

static.sinw.net/upload/2024-03-13/styles.css?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/styles.css?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/styles.css?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

static.sinw.net/upload/2024-03-13/runtime.js?v=231

0.0.0.0

0 B

URL GET
static.sinw.net/upload/2024-03-13/runtime.js?v=231
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.yt-lzyb1468.vip/.well-known/pki-validation/fileauth.txt

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /upload/2024-03-13/runtime.js?v=231 HTTP/1.1
Host: static.sinw.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.yt-lzyb1468.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (20)

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by