Report - bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/

Report Overview

Visited public
2025-03-18 09:12:03
Tags
URL
bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/
Finishing URL
bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/
IP / ASN
104.21.48.1
#13335 CLOUDFLARENET
Title
Runtime Error

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bfjduf2.top	unknown	2024-09-23	2025-03-14	2025-03-14	1.5 kB	7.9 kB	104.21.112.1
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2025-03-12	500 B	20 kB	104.16.80.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-18	medium	bfjduf2.top	Sinkholed
2025-03-18	medium	bfjduf2.top	Sinkholed
2025-03-18	medium	bfjduf2.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	ScriptElement	20 kB	2024-06-07	2025-06-20
Pretty URL static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-06-20 03:47 Times Seen63338 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

HTTP Transactions (4)

URL IP Response Size

POST bfjduf2.top/cdn-cgi/rum?

104.21.112.1

204 No Content

0 B

URL POST
bfjduf2.top/cdn-cgi/rum?
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/
Certificate
IssuerGoogle Trust Services
Subjectbfjduf2.top
Fingerprint28:53:B2:C1:90:BB:F5:05:B5:3E:E8:FB:5F:14:8E:32:8D:B1:EB:EC
ValidityFri, 14 Feb 2025 09:23:25 GMT - Thu, 15 May 2025 10:21:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: bfjduf2.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1357
Origin: https://bfjduf2.top
DNT: 1
Connection: keep-alive
Referer: https://bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Tue, 18 Mar 2025 09:11:41 GMT
access-control-allow-origin: https://bfjduf2.top
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 92239aa458ceb527-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/

104.21.112.1

500 Internal Server Error

3.9 kB

URL User Request GET
bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbfjduf2.top
Fingerprint28:53:B2:C1:90:BB:F5:05:B5:3E:E8:FB:5F:14:8E:32:8D:B1:EB:EC
ValidityFri, 14 Feb 2025 09:23:25 GMT - Thu, 15 May 2025 10:21:48 GMT

File type
HTML document, ASCII text, with very long lines (4111), with no line terminators
Size
3.9 kB (3892 bytes)
Hash
b712b054174df1bf772805c4fccc7f93
8f651d9e8a5fcd2629b16346b32b99647278a6ae
9fbcc73c8a8326721034a8c0f30a64653ce939ecac3d00bfd2a019a202c669a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bin/support.client.exe?i=&e=support&y=guest&r/ HTTP/1.1
Host: bfjduf2.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 500 Internal Server Error
date: Tue, 18 Mar 2025 09:11:41 GMT
content-type: text/html; charset=utf-8
cache-control: private
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SfjHud20x6Psuk%2BCZg7ZcsWMIOgneeympjmWYB8PZccMYKzBzUlObi6e2bo3w2Gblx%2FFibVylpekCzGWJpT2%2Fd3tL8gCPo41BjPwFXtpXolBHm3h8I87kO0WtIOqug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 92239aa10ba1b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="BYPASS", cfL4;desc="?proto=TCP&rtt=6503&min_rtt=480&rtt_var=12040&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3197&recv_bytes=1156&delivery_rate=6972712&cwnd=254&unsent_bytes=0&cid=0ef4b291116df0e6&ts=147&x=0"
X-Firefox-Spdy: h2

GET static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

104.16.80.73

200 OK

20 kB

URL GET
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintAD:90:D1:30:C9:77:BF:DE:1F:AB:8C:0D:6E:67:CB:6A:E8:42:DB:18
ValidityThu, 27 Feb 2025 14:42:34 GMT - Wed, 28 May 2025 15:42:17 GMT

File type
JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Size
20 kB (19948 bytes)
Hash
ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

HTTP Headers

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bfjduf2.top
DNT: 1
Connection: keep-alive
Referer: https://bfjduf2.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 09:11:41 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 92239aa3be29568a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

GET bfjduf2.top/favicon.ico

104.21.112.1

404 Not Found

1.9 kB

URL GET
bfjduf2.top/favicon.ico
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/
Certificate
IssuerGoogle Trust Services
Subjectbfjduf2.top
Fingerprint28:53:B2:C1:90:BB:F5:05:B5:3E:E8:FB:5F:14:8E:32:8D:B1:EB:EC
ValidityFri, 14 Feb 2025 09:23:25 GMT - Thu, 15 May 2025 10:21:48 GMT

File type
HTML document, ASCII text, with very long lines (1998), with no line terminators
Size
1.9 kB (1896 bytes)
Hash
05304ce8e0b404bf960a780c569ac81d
d55aaa239062b3cf35aa1441e77f2ba7be360b49
46a34189f1d4398478f43218affd615d6e004f069de70550a6dd8c65e64c0186

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: bfjduf2.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bfjduf2.top/bin/support.client.exe?i=&e=support&y=guest&r/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 18 Mar 2025 09:11:41 GMT
content-type: text/html; charset=utf-8
cache-control: private
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Ga7LEKV3U8yJ4RZ07CFVHJ%2B6YTpis6eZCEGlnbRY%2FfOQxTwDiuY60HbQ%2Bla7%2Ff%2B%2BKNupGiIsTR6DtzUAeIZaSJHlzAqckzIv2tglNUtlqxTpcZqJPzO17v5dlfAvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 92239aa438a7b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3209&min_rtt=472&rtt_var=5365&sent=14&recv=20&lost=0&retrans=0&sent_bytes=8058&recv_bytes=2845&delivery_rate=12635253&cwnd=257&unsent_bytes=0&cid=0ef4b291116df0e6&ts=660&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers