Report - ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Report Overview

Visitedpublic

2024-05-07 07:55:08

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-03-23 18:27:44	896 B	1.7 kB	142.250.74.164
t2.gstatic.com	unknown	2008-02-11	2013-05-07 02:09:56	2024-05-02 18:54:23	2.0 kB	4.1 kB	142.250.74.100
mail.mycraftmail.com	unknown	unknown	No data	No data	507 B	0 B	0.0.0.0
ysxa2.sa.com	unknown	2023-11-22	2023-12-04 20:23:42	2024-03-23 19:44:04	3.3 kB	55 kB	91.185.215.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	ysxa2.sa.com	Sinkholed
2024-05-07	medium	ysxa2.sa.com	Sinkholed
2024-05-07	medium	ysxa2.sa.com	Sinkholed
2024-05-07	medium	ysxa2.sa.com	Sinkholed
2024-05-07	medium	ysxa2.sa.com	Sinkholed
2024-05-07	medium	ysxa2.sa.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==	ScriptElement	0 B	0001-01-01	2025-08-02
URL ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ== IP / ASN 91.185.215.4 #41828 Telemach Slovenija d.o.o. Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5605971 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	ysxa2.sa.com/cn-file/edg/assets/js/index.js	ScriptElement	25 kB	2024-02-29	2025-08-01
URL ysxa2.sa.com/cn-file/edg/assets/js/index.js IP / ASN 91.185.215.4 #41828 Telemach Slovenija d.o.o. Introduced by ScriptElement Embedded false Resource Info First Seen 2024-02-29 Last Seen 2025-08-01 Times Seen 293 Size 25 kB (24730 bytes) MD5 a4279d8d402beb941895d3e9c18b738d SHA1 6cab01a778966e2d5d1d84659525339d5f70cb88 SHA256 e4f1f89acd4984a38721d43081ffb9b10323f1b2d37ae35c9c92eb69ae109d5d Format Code Loading...

HTTP Transactions (13)

URL IP Response Size

GET ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

91.185.215.4

200 OK

1.2 kB

URL

ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

IP / ASN

91.185.215.4

#41828 Telemach Slovenija d.o.o.

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (475)

First Seen2024-02-29

Last Seen2025-08-01

Times Seen193

Size1.2 kB (1215 bytes)

MD5247e8f3c18fdb021661afa17a4fea102

SHA184b25bd876a25f9c26d0c246b873a45d809148bb

SHA2562737879b7b4b28e45e809b1d2817d2bf10795f33e5b70c167fbb67336f4111ab

Certificate Info

IssuerLet's Encrypt

Subjectysxa2.sa.com

FingerprintDE:85:1F:FE:9A:97:2E:D4:5F:27:64:4A:13:A3:23:A2:8C:93:23:E5

ValiditySun, 07 Apr 2024 20:20:59 GMT - Sat, 06 Jul 2024 20:20:58 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ== HTTP/1.1
Host: ysxa2.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 07:54:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET ysxa2.sa.com/cn-file/edg/assets/js/index.js

91.185.215.4

200 OK

25 kB

URL

ysxa2.sa.com/cn-file/edg/assets/js/index.js

IP / ASN

91.185.215.4

#41828 Telemach Slovenija d.o.o.

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typeASCII text, with very long lines (14329), with CRLF line terminators

First Seen2024-02-29

Last Seen2025-08-01

Times Seen293

Size25 kB (24730 bytes)

MD5a4279d8d402beb941895d3e9c18b738d

SHA16cab01a778966e2d5d1d84659525339d5f70cb88

SHA256e4f1f89acd4984a38721d43081ffb9b10323f1b2d37ae35c9c92eb69ae109d5d

Certificate Info

IssuerLet's Encrypt

Subjectysxa2.sa.com

FingerprintDE:85:1F:FE:9A:97:2E:D4:5F:27:64:4A:13:A3:23:A2:8C:93:23:E5

ValiditySun, 07 Apr 2024 20:20:59 GMT - Sat, 06 Jul 2024 20:20:58 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cn-file/edg/assets/js/index.js HTTP/1.1
Host: ysxa2.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 07:54:44 GMT
Server: Apache
Last-Modified: Thu, 22 Feb 2024 21:55:54 GMT
Accept-Ranges: bytes
Content-Length: 24730
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

GET ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

91.185.215.4

200 OK

1.2 kB

URL

ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

IP / ASN

91.185.215.4

#41828 Telemach Slovenija d.o.o.

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (475)

First Seen2024-02-29

Last Seen2025-08-01

Times Seen193

Size1.2 kB (1215 bytes)

MD5247e8f3c18fdb021661afa17a4fea102

SHA184b25bd876a25f9c26d0c246b873a45d809148bb

SHA2562737879b7b4b28e45e809b1d2817d2bf10795f33e5b70c167fbb67336f4111ab

Certificate Info

IssuerLet's Encrypt

Subjectysxa2.sa.com

FingerprintDE:85:1F:FE:9A:97:2E:D4:5F:27:64:4A:13:A3:23:A2:8C:93:23:E5

ValiditySun, 07 Apr 2024 20:20:59 GMT - Sat, 06 Jul 2024 20:20:58 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ== HTTP/1.1
Host: ysxa2.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 07:54:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET ysxa2.sa.com/cn-file/edg/assets/js/index.js

91.185.215.4

200 OK

25 kB

URL

ysxa2.sa.com/cn-file/edg/assets/js/index.js

IP / ASN

91.185.215.4

#41828 Telemach Slovenija d.o.o.

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typeASCII text, with very long lines (14329), with CRLF line terminators

First Seen2024-02-29

Last Seen2025-08-01

Times Seen293

Size25 kB (24730 bytes)

MD5a4279d8d402beb941895d3e9c18b738d

SHA16cab01a778966e2d5d1d84659525339d5f70cb88

SHA256e4f1f89acd4984a38721d43081ffb9b10323f1b2d37ae35c9c92eb69ae109d5d

Certificate Info

IssuerLet's Encrypt

Subjectysxa2.sa.com

FingerprintDE:85:1F:FE:9A:97:2E:D4:5F:27:64:4A:13:A3:23:A2:8C:93:23:E5

ValiditySun, 07 Apr 2024 20:20:59 GMT - Sat, 06 Jul 2024 20:20:58 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cn-file/edg/assets/js/index.js HTTP/1.1
Host: ysxa2.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 07:54:45 GMT
Server: Apache
Last-Modified: Thu, 22 Feb 2024 21:55:54 GMT
Accept-Ranges: bytes
Content-Length: 24730
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript

POST ysxa2.sa.com/cn-file/edg/assets/php/policy.php

91.185.215.4

200 OK

228 B

URL

ysxa2.sa.com/cn-file/edg/assets/php/policy.php

IP / ASN

91.185.215.4

#41828 Telemach Slovenija d.o.o.

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typeJSON text data

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size228 B (228 bytes)

MD5e94f7870425bb3226ea06ca11ffb45a3

SHA17c0572f2223515106e03b73eeaad7f19eb721182

SHA256fe51122dde238f843aa177a7f340135b7cc7fefa1058976f200639a6502a1fd0

Certificate Info

IssuerLet's Encrypt

Subjectysxa2.sa.com

FingerprintDE:85:1F:FE:9A:97:2E:D4:5F:27:64:4A:13:A3:23:A2:8C:93:23:E5

ValiditySun, 07 Apr 2024 20:20:59 GMT - Sat, 06 Jul 2024 20:20:58 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cn-file/edg/assets/php/policy.php HTTP/1.1
Host: ysxa2.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==
Content-Type: application/json
Content-Length: 52
Origin: https://ysxa2.sa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 07:54:45 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET www.google.com/s2/favicons?domain=mycraftmail.com

142.250.74.164

301 Moved Permanently

335 B

URL

www.google.com/s2/favicons?domain=mycraftmail.com

IP / ASN

142.250.74.164

#15169 GOOGLE

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typeHTML document, ASCII text, with CRLF, LF line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size335 B (335 bytes)

MD50c2a4132711d226631b128ec05f00e64

SHA1ba7b67dc8618c15689a350d51aee51f708dc0d56

SHA256b471549dade2b69f3debd8f1af5b6ac7d97145c2d4e6237eeeff3f984172cb1f

Certificate Info

IssuerGoogle Trust Services LLC

Subjectwww.google.com

FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99

ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

HTTP Headers

GET /s2/favicons?domain=mycraftmail.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ysxa2.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 335
x-xss-protection: 0
date: Tue, 07 May 2024 07:49:18 GMT
expires: Tue, 07 May 2024 08:19:18 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 328
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.google.com/s2/favicons?domain=mycraftmail.com

142.250.74.164

301 Moved Permanently

335 B

URL

www.google.com/s2/favicons?domain=mycraftmail.com

IP / ASN

142.250.74.164

#15169 GOOGLE

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typeHTML document, ASCII text, with CRLF, LF line terminators

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size335 B (335 bytes)

MD50c2a4132711d226631b128ec05f00e64

SHA1ba7b67dc8618c15689a350d51aee51f708dc0d56

SHA256b471549dade2b69f3debd8f1af5b6ac7d97145c2d4e6237eeeff3f984172cb1f

Certificate Info

IssuerGoogle Trust Services LLC

Subjectwww.google.com

FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99

ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

HTTP Headers

GET /s2/favicons?domain=mycraftmail.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ysxa2.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 335
x-xss-protection: 0
date: Tue, 07 May 2024 07:49:18 GMT
expires: Tue, 07 May 2024 08:19:18 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 328
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16

142.250.74.100

726 B

URL

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16

IP / ASN

142.250.74.100

#15169 GOOGLE

Requested byN/A

Resource Info

File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

First Seen2023-04-05

Last Seen2025-08-02

Times Seen4828

Size726 B (726 bytes)

MD5b8a0bf372c762e966cc99ede8682bc71

SHA12d7c9b60d1e2b4f4726141de2e4ab738110b9287

SHA25659bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ysxa2.sa.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Tue, 07 May 2024 07:54:46 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16

142.250.74.100

726 B

URL

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16

IP / ASN

142.250.74.100

#15169 GOOGLE

Requested byN/A

Resource Info

File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

First Seen2023-04-05

Last Seen2025-08-02

Times Seen4828

Size726 B (726 bytes)

MD5b8a0bf372c762e966cc99ede8682bc71

SHA12d7c9b60d1e2b4f4726141de2e4ab738110b9287

SHA25659bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ysxa2.sa.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Tue, 07 May 2024 07:54:46 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16

142.250.74.100

404 Not Found

726 B

URL

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16

IP / ASN

142.250.74.100

#15169 GOOGLE

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

First Seen2023-04-05

Last Seen2025-08-02

Times Seen4828

Size726 B (726 bytes)

MD5b8a0bf372c762e966cc99ede8682bc71

SHA12d7c9b60d1e2b4f4726141de2e4ab738110b9287

SHA25659bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD

ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ysxa2.sa.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Tue, 07 May 2024 07:54:46 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

91.185.215.4

200 OK

1.2 kB

URL

ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

IP / ASN

91.185.215.4

#41828 Telemach Slovenija d.o.o.

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typeHTML document, ASCII text, with very long lines (1287), with no line terminators

First Seen2024-02-29

Last Seen2025-02-28

Times Seen214

Size1.2 kB (1215 bytes)

MD5568221a04eeb06a2845e674ca91cf392

SHA1a3cb3d65681151217b5cd2578e2e84e29edfff38

SHA256e544b4d688f81d861888c641e7d0afe29d6f4dcf1bd9ceee9fcfd4cd1178ee5a

Certificate Info

IssuerLet's Encrypt

Subjectysxa2.sa.com

FingerprintDE:85:1F:FE:9A:97:2E:D4:5F:27:64:4A:13:A3:23:A2:8C:93:23:E5

ValiditySun, 07 Apr 2024 20:20:59 GMT - Sat, 06 Jul 2024 20:20:58 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ== HTTP/1.1
Host: ysxa2.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 07:54:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET mail.mycraftmail.com/

0.0.0.0

0 B

URL

mail.mycraftmail.com/

IP / ASN

0.0.0.0

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: mail.mycraftmail.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ysxa2.sa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16

142.250.74.100

404 Not Found

726 B

URL

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16

IP / ASN

142.250.74.100

#15169 GOOGLE

Requested byhttps://ysxa2.sa.com/cn-file/edg/index.php?info=bm9ib2R5QG15Y3JhZnRtYWlsLmNvbQ==

Resource Info

File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

First Seen2023-04-05

Last Seen2025-08-02

Times Seen4828

Size726 B (726 bytes)

MD5b8a0bf372c762e966cc99ede8682bc71

SHA12d7c9b60d1e2b4f4726141de2e4ab738110b9287

SHA25659bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.gstatic.com

Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD

ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://mycraftmail.com&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ysxa2.sa.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Tue, 07 May 2024 07:54:46 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2