Report - sagawa-emptern.rweydfz.cn/login

Report Overview

Visitedpublic

2025-06-01 11:49:55

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
sagawa-emptern.rweydfz.cn	unknown	2025-03-29	2025-06-01	2025-06-01	2.1 kB	42 kB	172.67.179.194

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2025-05-31	medium	sagawa-emptern.rweydfz.cn/login_show/	Other
2025-05-31	medium	sagawa-emptern.rweydfz.cn/login_show/	Other

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-01	medium	rweydfz.cn	Sinkholed
2025-06-01	medium	rweydfz.cn	Sinkholed
2025-06-01	medium	rweydfz.cn	Sinkholed
2025-06-01	medium	rweydfz.cn	Sinkholed
2025-06-01	medium	rweydfz.cn	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	sagawa-emptern.rweydfz.cn/login_show/	ScriptElement	210 B	2023-03-07	2025-08-03
URL sagawa-emptern.rweydfz.cn/login_show/ IP / ASN 172.67.179.194 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-03 Times Seen 162762 Size 210 B (210 bytes) MD5 ab1ac4cf0f484cc9f859c0a7983353e0 SHA1 2da142b1135bd10cdbed4a7353e4483acc30ebe9 SHA256 50e878a18b2b5be7071dc7c10297381bcfcb55f17c27760ee857af9e31133324 Format Code Loading...

	sagawa-emptern.rweydfz.cn/login_show/	ScriptElement	375 B	2023-03-07	2025-08-03
URL sagawa-emptern.rweydfz.cn/login_show/ IP / ASN 172.67.179.194 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-03 Times Seen 168787 Size 375 B (375 bytes) MD5 56df91490fa1984fa82b297dcb23c22d SHA1 2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9 SHA256 275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24 Format Code Loading...

	sagawa-emptern.rweydfz.cn/login_show/	ScriptElement	38 B	2023-03-07	2025-08-03
URL sagawa-emptern.rweydfz.cn/login_show/ IP / ASN 172.67.179.194 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-03 Times Seen 124937 Size 38 B (38 bytes) MD5 eb2ee6e4b3d4e81bacdb2474d9b3c2f5 SHA1 6588855b25c975b224e0fd1b50ca1b3f36cd46ed SHA256 3dd83a652b2e60d8dfc699cd2006f70007b826a92b49e61e9194bf422481ac05 Format Code Loading...

HTTP Transactions (5)

URL IP Response Size

GET sagawa-emptern.rweydfz.cn/cdn-cgi/images/icon-exclamation.png?1376755637

172.67.179.194

200 OK

452 B

URL GET HTTP

sagawa-emptern.rweydfz.cn/cdn-cgi/images/icon-exclamation.png?1376755637

IP / ASN

172.67.179.194

#13335 CLOUDFLARENET

Requested byhttp://sagawa-emptern.rweydfz.cn/login_show/

Resource Info

File typePNG image data, 54 x 54, 8-bit colormap, non-interlaced

First Seen2023-04-12

Last Seen2025-08-04

Times Seen201087

Size452 B (452 bytes)

MD5c33de66281e933259772399d10a6afe8

SHA1b9f9d500f8814381451011d4dcf59cd2d90ad94f

SHA256f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
Host: sagawa-emptern.rweydfz.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sagawa-emptern.rweydfz.cn/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 01 Jun 2025 11:49:34 GMT
Content-Type: image/png
Content-Length: 452
Connection: keep-alive
Last-Modified: Wed, 28 May 2025 10:49:09 GMT
ETag: "6836ea25-1c4"
Server: cloudflare
CF-RAY: 948e7d08fa2056a8-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 01 Jun 2025 13:49:34 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

GET sagawa-emptern.rweydfz.cn/favicon.ico

172.67.179.194

403 Forbidden

4.5 kB

URL GET HTTP

sagawa-emptern.rweydfz.cn/favicon.ico

IP / ASN

172.67.179.194

#13335 CLOUDFLARENET

Requested byhttp://sagawa-emptern.rweydfz.cn/login_show/

Resource Info

File typeHTML document, ASCII text, with very long lines (394)

First Seen2025-06-01

Last Seen2025-06-01

Times Seen1

Size4.5 kB (4512 bytes)

MD575111abff9c7710df25a8d0b8fe86c5a

SHA170c71b6cde9eab7ff423600e84a04c2ad07b3109

SHA2563d1c911860d477f0180ce7bae8259932b76883b8be67bcc3eabb85d8edfb02f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sagawa-emptern.rweydfz.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sagawa-emptern.rweydfz.cn/login_show/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sun, 01 Jun 2025 11:49:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Sun, 01 Jun 2025 11:49:49 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YXEyYFv9whk%2B2sfYKbLq2qm4jXgbfovAYzPgkvS9T8xxSpO9CLPGBHb%2FgjuJWbgcqk%2FlIW2tktrcL%2FMAvBUHvrb1KYJ7hXMJY97kME5k3zKQfVlp6vHHUfEqS%2FuYkiLuXPnQ7XT%2FpsIh%2Fr6J"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 948e7d092a7156a8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=694&min_rtt=439&rtt_var=267&sent=11&recv=16&lost=0&retrans=0&sent_bytes=8344&recv_bytes=1593&delivery_rate=7056530&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET sagawa-emptern.rweydfz.cn/login_show/

172.67.179.194

403 Forbidden

5.0 kB

URL User Request GET HTTPS

sagawa-emptern.rweydfz.cn/login_show/

IP / ASN

172.67.179.194

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (396)

First Seen2025-06-01

Last Seen2025-06-01

Times Seen1

Size5.0 kB (5005 bytes)

MD58f49a94b106120c11154d61c7e6c42a0

SHA18bc7d9538b36b41287fa94a3e57f7392289d7c03

SHA2569df8d167dfcd35877a8868ffbc4a1506113684590c5c7e83049381accde62940

Certificate Info

IssuerGoogle Trust Services

Subjectrweydfz.cn

Fingerprint33:DB:D6:22:8E:70:03:CE:52:7E:D6:6B:26:C1:71:10:30:88:8C:38

ValidityWed, 21 May 2025 17:30:13 GMT - Tue, 19 Aug 2025 18:27:43 GMT

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login_show/ HTTP/1.1
Host: sagawa-emptern.rweydfz.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sun, 01 Jun 2025 11:49:33 GMT
content-type: text/html; charset=utf-8
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=I59xA85qSCiJyHYEwyz9gfvpXrDoY0VLSZZw0MKlKHQQz%2F3r2Fwa5vxPSu18E8ssR%2Be5BQV8SJGcTntk7HzwktD1EdQ2UUZyfhF%2FuJifXHleZoyfazoz"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 948e7d06dcb0712d-OSL
X-Firefox-Spdy: h2

GET sagawa-emptern.rweydfz.cn/login_show/

172.67.179.194

403 Forbidden

4.6 kB

URL User Request GET HTTP

sagawa-emptern.rweydfz.cn/login_show/

IP / ASN

172.67.179.194

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (394)

First Seen2025-06-01

Last Seen2025-06-01

Times Seen1

Size4.6 kB (4556 bytes)

MD55284a206b77ea2a88196b4228d3198eb

SHA1f92b89bc9f9b4f189a66714e1111fb0f8a8738e6

SHA25626f8c5d66830230fefbaf4b0408bfc31b58721e16606989c057be48ae3df9ca2

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login_show/ HTTP/1.1
Host: sagawa-emptern.rweydfz.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sun, 01 Jun 2025 11:49:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTm21qske1EyuAh9DGy%2FQ%2FTUTgPj9DxkyD1oxI%2FZoAnyhbOmTfBoH9Fl4FPhmW9FKGBZsaY0PwEz0olrX9%2BsDtz0wCukEoXT%2FwmrUp9PUfNdBMzxzAQmloOlcDamkJbQlF1RyX1znyhujEr2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 948e7d07b87a56a8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

GET sagawa-emptern.rweydfz.cn/cdn-cgi/styles/cf.errors.css

172.67.179.194

200 OK

24 kB

URL GET HTTP

sagawa-emptern.rweydfz.cn/cdn-cgi/styles/cf.errors.css

IP / ASN

172.67.179.194

#13335 CLOUDFLARENET

Requested byhttp://sagawa-emptern.rweydfz.cn/login_show/

Resource Info

File typeASCII text, with very long lines (24050)

First Seen0001-01-01

Last Seen2025-08-04

Times Seen230904

Size24 kB (24051 bytes)

MD55e8c69a459a691b5d1b9be442332c87d

SHA1f24dd1ad7c9080575d92a9a9a2c42620725ef836

SHA25684e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: sagawa-emptern.rweydfz.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sagawa-emptern.rweydfz.cn/login_show/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 01 Jun 2025 11:49:34 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 28 May 2025 10:49:09 GMT
ETag: W/"6836ea25-5df3"
Server: cloudflare
CF-RAY: 948e7d0899a056a8-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 01 Jun 2025 13:49:34 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip