Report - nd3b.rkleor.es/oZOLuJ/

Report Overview

Visited public
2025-03-26 11:52:37
Tags
suspicious phishing tycoon
URL
nd3b.rkleor.es/oZOLuJ/
Finishing URL
nd3b.rkleor.es/oZOLuJ/
IP / ASN
172.67.131.243
#13335 CLOUDFLARENET
Title
Suspicious - Anti-debugging code
Phishing - Tycoon Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pcq.viugbu.ru	unknown	2025-02-26	2025-03-26	2025-03-26	2.6 kB	4.2 kB	104.21.95.206
nd3b.rkleor.es	unknown	unknown	2025-03-26	2025-03-26	1.7 kB	717 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-03-25	medium	nd3b.rkleor.es/oZOLuJ/	Generic/Spear Phishing

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	nd3b.rkleor.es/oZOLuJ/	ScriptElement	714 kB	2025-03-26	2025-03-26
Pretty URL nd3b.rkleor.es/oZOLuJ/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-26 11:52 Last Seen2025-03-26 11:52 Times Seen1 Hash fa0f1e068487ac04c82126013211405a 3618e807187b16c8bd1b9e9b19faea5c2b75b6ef 142589bab758ce0867a4879c4dfb037db8fbbb91d4feeb693fc28bfa593cb52e Loading...

	nd3b.rkleor.es/oZOLuJ/	Eval	1.7 kB	2025-03-26	2025-03-26
Pretty URL nd3b.rkleor.es/oZOLuJ/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-26 11:52 Last Seen2025-03-26 11:52 Times Seen1 Hash 3eacfe476a58490caf61af57d89d2341 9ab023a5b38a8f35c7003d59b7be938e990158bd ac3f4c2f61669aa71d0d795d29e2e4b6ee881e69151ca9042a820f4733d3a1f1 Loading...

	nd3b.rkleor.es/oZOLuJ/	ScriptElement	39 kB	2025-03-26	2025-03-26
Pretty URL nd3b.rkleor.es/oZOLuJ/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 11:52 Last Seen2025-03-26 11:52 Times Seen1 Hash a815e02b4a511e4ebab87827a29eece0 e4e6145e9f4de758d6c946dc25f281993e87f466 bfdd2796ed06a0c946d0666ce373382af1e3ad8ba3d65c901792c383c4b78f18 Loading...

	nd3b.rkleor.es/oZOLuJ/	ScriptElement	205 kB	2025-03-26	2025-03-26
Pretty URL nd3b.rkleor.es/oZOLuJ/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-26 11:52 Last Seen2025-03-26 11:52 Times Seen1 Hash 783d3b9b12f8d6dd119a2e0f55ea6af0 4ad8ee1827f76b2b14a8025cb4af498fe565f111 da3158bdee7240f8ab51949681b9e04791e2875ab5854c97bbcda5a55f4c50dd Loading...

	nd3b.rkleor.es/oZOLuJ/	Eval	8.6 kB	2025-03-26	2025-03-26
Pretty URL nd3b.rkleor.es/oZOLuJ/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-03-26 11:52 Last Seen2025-03-26 11:52 Times Seen1 Hash 1251beb898caef38223bbd5bdcebf377 27f99a1593a56df39a98f9ff9fb5aef0afb54949 e1846cb9ca90e9b875b5bf28532afb2e9a197550ad0f4321dbe5bee634b4c2a4 Loading...

		Size	First Seen	Last Seen
	#1 Write - 996cebed84e1aeae305f32cada996e22	194 kB	2025-03-26 11:52	2025-03-26 11:52
Pretty Observations First Seen2025-03-26 11:52 Last Seen2025-03-26 11:52 Times Seen1 Hash 996cebed84e1aeae305f32cada996e22 389ced7f6acd87b176b6461d14ee0b9a33e3e329 5069d26203c31e9acfcea70d867d656e632d8f7b43ce1e33d35b46218a590e4d Loading...

HTTP Transactions (8)

URL IP Response Size

pcq.viugbu.ru/tarboz@jy284

104.21.95.206

200 OK

1 B

URL GET
pcq.viugbu.ru/tarboz@jy284
IP
104.21.95.206:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nd3b.rkleor.es/oZOLuJ/
Certificate
IssuerGoogle Trust Services
Subjectviugbu.ru
FingerprintB4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C
ValidityThu, 27 Feb 2025 12:36:32 GMT - Wed, 28 May 2025 13:34:53 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /tarboz@jy284 HTTP/1.1
Host: pcq.viugbu.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nd3b.rkleor.es/
Origin: https://nd3b.rkleor.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 11:52:25 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSdB9viZ96nDYsCQKi7bfIFvk9OFgMXTYqxouL4PHUqJTcXMEEGLxwHApIY8AAJfJe2q%2FQz3EI1FTWe%2F0i%2FTYkM5glj3qEw4CVuln9F5qvgp5rx4B9VbbV1huGZc%2FTL4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 926671133b4dfff8-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=24855&min_rtt=19677&rtt_var=12673&sent=9&recv=12&lost=0&retrans=0&sent_bytes=3191&recv_bytes=1167&delivery_rate=220116&cwnd=234&unsent_bytes=0&cid=d408e9a2019b00a4&ts=735&x=0"
X-Firefox-Spdy: h2

pcq.viugbu.ru/tarboz@jy284

104.21.95.206

200 OK

1 B

URL GET
pcq.viugbu.ru/tarboz@jy284
IP
104.21.95.206:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nd3b.rkleor.es/oZOLuJ/
Certificate
IssuerGoogle Trust Services
Subjectviugbu.ru
FingerprintB4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C
ValidityThu, 27 Feb 2025 12:36:32 GMT - Wed, 28 May 2025 13:34:53 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /tarboz@jy284 HTTP/1.1
Host: pcq.viugbu.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nd3b.rkleor.es/
Origin: https://nd3b.rkleor.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 11:52:25 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FElb5jONUcY9t8rRHeUdJbvJy3Sn8bfDvbesxXh2RoiV7BjXBzZHE9%2BIDrISjLXRHSbdp%2Bg9vJEqsnWdMmcCvzbxAZlTaKZyzxNn1HHw%2FfrUiNex6hCGPZQMuWjpOQPm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92667113ac6afff8-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23134&min_rtt=19607&rtt_var=7937&sent=12&recv=15&lost=0&retrans=0&sent_bytes=3852&recv_bytes=1167&delivery_rate=220675&cwnd=237&unsent_bytes=0&cid=d408e9a2019b00a4&ts=816&x=0"
X-Firefox-Spdy: h2

pcq.viugbu.ru/tarboz@jy284

104.21.95.206

200 OK

1 B

URL GET
pcq.viugbu.ru/tarboz@jy284
IP
104.21.95.206:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nd3b.rkleor.es/oZOLuJ/
Certificate
IssuerGoogle Trust Services
Subjectviugbu.ru
FingerprintB4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C
ValidityThu, 27 Feb 2025 12:36:32 GMT - Wed, 28 May 2025 13:34:53 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /tarboz@jy284 HTTP/1.1
Host: pcq.viugbu.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nd3b.rkleor.es/
Origin: https://nd3b.rkleor.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 11:52:29 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o7nRy0rmUSxcrT%2Ba8%2Fnjfam3v%2B5fV0%2BUHsZSM%2FzUtyZfWtFIjL6WgS3yaBi9VsIrbBjTojKYgjHXcaUw1KWpnceYG4MXGcpbJ1FANlU64pOiJi4hUJ06LvaEIY0%2BxsU6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92667129b93efff8-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22317&min_rtt=19570&rtt_var=5886&sent=15&recv=18&lost=0&retrans=0&sent_bytes=4339&recv_bytes=1245&delivery_rate=220675&cwnd=237&unsent_bytes=0&cid=d408e9a2019b00a4&ts=4217&x=0"
X-Firefox-Spdy: h2

pcq.viugbu.ru/tarboz@jy284

104.21.95.206

200 OK

1 B

URL GET
pcq.viugbu.ru/tarboz@jy284
IP
104.21.95.206:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nd3b.rkleor.es/oZOLuJ/
Certificate
IssuerGoogle Trust Services
Subjectviugbu.ru
FingerprintB4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C
ValidityThu, 27 Feb 2025 12:36:32 GMT - Wed, 28 May 2025 13:34:53 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /tarboz@jy284 HTTP/1.1
Host: pcq.viugbu.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nd3b.rkleor.es/
Origin: https://nd3b.rkleor.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 11:52:29 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RR8zcml9BjcMWbVyIeRUWLWvTwGOxLycGt4Ao9DWChltBZWKtr4FeGNJG8nstygNtzG%2Bo8jas1ais4QNxVr1vKQkVXYxDm4GON%2Bd2Use0alfXcd2Sh6zdmiMtkfvdNCK"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 9266712b19c4bc8a-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

pcq.viugbu.ru/tarboz@jy284

104.21.95.206

200 OK

1 B

URL GET
pcq.viugbu.ru/tarboz@jy284
IP
104.21.95.206:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nd3b.rkleor.es/oZOLuJ/
Certificate
IssuerGoogle Trust Services
Subjectviugbu.ru
FingerprintB4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C
ValidityThu, 27 Feb 2025 12:36:32 GMT - Wed, 28 May 2025 13:34:53 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /tarboz@jy284 HTTP/1.1
Host: pcq.viugbu.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nd3b.rkleor.es/
Origin: https://nd3b.rkleor.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 11:52:33 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VZ0iSowhjCc%2BJQuLxuWlWbUMGhIC6r9z3pN8iF3yZS4Q1V8frn6110MrnYqwt5YGWA%2BFvxi%2BWzf5AdtYpLBLGmWKV75GTuEYZHdKHtSP0iiP09QWA7d713COugfj3Nil"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 92667146ed0fbc8a-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

pcq.viugbu.ru/tarboz@jy284

104.21.95.206

200 OK

1 B

URL GET
pcq.viugbu.ru/tarboz@jy284
IP
104.21.95.206:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nd3b.rkleor.es/oZOLuJ/
Certificate
IssuerGoogle Trust Services
Subjectviugbu.ru
FingerprintB4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C
ValidityThu, 27 Feb 2025 12:36:32 GMT - Wed, 28 May 2025 13:34:53 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

GET /tarboz@jy284 HTTP/1.1
Host: pcq.viugbu.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nd3b.rkleor.es/
Origin: https://nd3b.rkleor.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 26 Mar 2025 11:52:34 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BJHAxbTEAHIhJ9Y77HXpD1MZB0ZIMfgxsRRPliavT%2FxSYZbLWqTuE2%2FPqDYz%2BqonjOvPgL0rIBlV2plpwByYNkjt8dhMi%2Fy%2FE%2Fhkrnwm5j7vYTSYka%2FUF6JAb7TvcORg"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 926671482d30bc8a-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400

nd3b.rkleor.es/oZOLuJ/

188.114.97.1

200 OK

714 kB

URL User Request GET
nd3b.rkleor.es/oZOLuJ/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectrkleor.es
Fingerprint48:90:3D:F2:36:F9:90:D2:FA:E6:70:17:FF:21:EE:1A:B4:56:EA:23
ValiditySun, 16 Mar 2025 01:03:09 GMT - Sat, 14 Jun 2025 02:01:44 GMT

File type
HTML document, ASCII text, with very long lines (65368)
Size
714 kB (714203 bytes)
Hash
7dbc679558566a00aab2cbf1ae0460d4
a2992b5db0f7e82b43ed2c3bd8f657e768ba0f2b
64732f46dd7377c0da37cb9e7f22388d50d4e49dee58aa35658e7eb775198a5a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Tycoon Phishing Kit
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /oZOLuJ/ HTTP/1.1
Host: nd3b.rkleor.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 26 Mar 2025 11:52:15 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vAloX2nNL%2BYibkGLMZEeMq58e3%2FyQ597hwUpmb8aY6GDKcTnCXcAtwcNhxQq3D0VMQp3oG2vv1nj3ukBvhtfVG8BTEN5KXm2MiUuK8g74%2FvVcZm0DQmxbXB1UUvqAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkFQTkhZcjJxNWZPV0pjZ2REbVpyZEE9PSIsInZhbHVlIjoiNlVXL1BMMVdHSzB4U2Q1RVBGLzJjaENkYjBsYS9mZlJMMjhvbXd3S3F5dXk4VnB6Qk9YdUc5L21XU0NuY2lLdUtpYjIvc3hwZ29ldFoxcG1NcytVSVdBSXViTTdJejZCUFZNeDVyYjJlMlNXMk9DbU5TZU1vL0ZobHRLUTU5V2IiLCJtYWMiOiJlMGU5ZjhjMDhkNTMxOGFkMzk4MTc4NTVkOWUwNjQyYTAxZGU3MmY0MTBjY2Q2Mjk1MDMzODE3MWIyMWU3MTJjIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 13:52:15 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjB3Y1lpQTBhZHJod1ppYWJTRmtHYmc9PSIsInZhbHVlIjoiQy9xZWxtaDJwN1JBVHNqUTlzMWhYcW0vYVNZbmdDM08vZ3ZBVW12VGhaNUxIZkY0b2MzUlVoU1huZTlKUkRQKzIwUW9sN0hSYVpmdk95L29zc0FWeEl3alN5K2V0d1pyRVBkZGo4NTNZUjA2cmZWdFErZ05VeURmektHa3RUcFkiLCJtYWMiOiI0YzY4ODU0OWY2NzYxMmVhYWM4MWVlMjVjNjk0OTg0N2U2YTkwYjlhNDhjZjEyNjQ0ZDc5Njg5ZWFlYjVhNTA4IiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 13:52:15 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 926670d88c2bfeaf-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=15516&min_rtt=10321&rtt_var=9654&sent=568&recv=143&lost=0&retrans=3&sent_bytes=731782&recv_bytes=22462&delivery_rate=7566418&cwnd=429&unsent_bytes=0&cid=bd65b9abf6e6ef89&ts=182598&x=0", cfL4;desc="?proto=TCP&rtt=24791&min_rtt=19791&rtt_var=12340&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3192&recv_bytes=1131&delivery_rate=219294&cwnd=209&unsent_bytes=0&cid=69ec6ab6c4721ef3&ts=507&x=0"
X-Firefox-Spdy: h2

nd3b.rkleor.es/favicon.ico

188.114.97.1

404 Not Found

0 B

URL GET
nd3b.rkleor.es/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nd3b.rkleor.es/oZOLuJ/
Certificate
IssuerGoogle Trust Services
Subjectrkleor.es
Fingerprint48:90:3D:F2:36:F9:90:D2:FA:E6:70:17:FF:21:EE:1A:B4:56:EA:23
ValiditySun, 16 Mar 2025 01:03:09 GMT - Sat, 14 Jun 2025 02:01:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tycoon Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nd3b.rkleor.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nd3b.rkleor.es/oZOLuJ/
Cookie: XSRF-TOKEN=eyJpdiI6IkFQTkhZcjJxNWZPV0pjZ2REbVpyZEE9PSIsInZhbHVlIjoiNlVXL1BMMVdHSzB4U2Q1RVBGLzJjaENkYjBsYS9mZlJMMjhvbXd3S3F5dXk4VnB6Qk9YdUc5L21XU0NuY2lLdUtpYjIvc3hwZ29ldFoxcG1NcytVSVdBSXViTTdJejZCUFZNeDVyYjJlMlNXMk9DbU5TZU1vL0ZobHRLUTU5V2IiLCJtYWMiOiJlMGU5ZjhjMDhkNTMxOGFkMzk4MTc4NTVkOWUwNjQyYTAxZGU3MmY0MTBjY2Q2Mjk1MDMzODE3MWIyMWU3MTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjB3Y1lpQTBhZHJod1ppYWJTRmtHYmc9PSIsInZhbHVlIjoiQy9xZWxtaDJwN1JBVHNqUTlzMWhYcW0vYVNZbmdDM08vZ3ZBVW12VGhaNUxIZkY0b2MzUlVoU1huZTlKUkRQKzIwUW9sN0hSYVpmdk95L29zc0FWeEl3alN5K2V0d1pyRVBkZGo4NTNZUjA2cmZWdFErZ05VeURmektHa3RUcFkiLCJtYWMiOiI0YzY4ODU0OWY2NzYxMmVhYWM4MWVlMjVjNjk0OTg0N2U2YTkwYjlhNDhjZjEyNjQ0ZDc5Njg5ZWFlYjVhNTA4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 26 Mar 2025 11:52:16 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fm93qFsX1vFRONZDyd8Sn9pKK%2B40HXApekrjipm43ZR8J9b0BRh4R2jpnDf6CWdJR0O5%2Bqi5GHTThiW6iVbqyuwxQnOAaNFkdPRApvJpxysTEzei5CJOXNaGvnkmZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
priority: u=6,i=?0
server: cloudflare
cf-ray: 926670deb84afeaf-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=10709&min_rtt=10321&rtt_var=629&sent=629&recv=166&lost=0&retrans=3&sent_bytes=805845&recv_bytes=23957&delivery_rate=7566418&cwnd=429&unsent_bytes=0&cid=bd65b9abf6e6ef89&ts=183540&x=0", cfL4;desc="?proto=QUIC&rtt=26778&min_rtt=24514&rtt_var=10810&sent=10&recv=6&lost=0&retrans=0&sent_bytes=3988&recv_bytes=1693&delivery_rate=24230&cwnd=12000&unsent_bytes=0&cid=8e61bc8994139d86&ts=912&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (8)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN