urlscan.io logo urlscan.io
SecurityTrails logo

74f26d34ffff049368a6cff8812f86ee.gq Open in urlscan Pro
104.21.62.32  Public Scan

Go To Rescan Add Verdict Report
URL: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/PvqDq929BSx_A_D_M1n_a.php
Submission Tags: c2 malware lokibot Search All
Submission: On September 26 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 104.21.62.32, located in and belongs to CLOUDFLARENET, US. The main domain is 74f26d34ffff049368a6cff8812f86ee.gq.
This is the only time 74f26d34ffff049368a6cff8812f86ee.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.21.62.32 13335 (CLOUDFLAR...)
1 2
Domain Requested by
1 74f26d34ffff049368a6cff8812f86ee.gq
1 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/PvqDq929BSx_A_D_M1n_a.php
Frame ID: AD9CE02B7BDCF6D6F9E7D89B1A5DD038
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Auth

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

1
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

4 kB
Transfer

7 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request PvqDq929BSx_A_D_M1n_a.php
74f26d34ffff049368a6cff8812f86ee.gq/BN111/ 		5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/PvqDq929BSx_A_D_M1n_a.php
Protocol
HTTP/1.1
Server
104.21.62.32 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88b98e8c42dab1c90e00bb3a4d00ea7e71bf73ba0ec11c5b8c621bae8bac42ec

Request headers

Host
74f26d34ffff049368a6cff8812f86ee.gq
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Sun, 26 Sep 2021 04:50:46 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
vary
Accept-Encoding
expires
Mon, 01 Jul 2000 01:00:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
last-modified
Sun, 26 Sep 2021 04:50:09 GMT
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btCkYmL83d3ubly3KIwtPBI9NdA3mvgN01nMBGV89A1AgIr11fE0jR1izZRyYDHLovCS8%2F977QUgFlkrDQ4B4CcBdU7iwHhutYO4o38vEtDXN5v8HC6K75UNRFgbjgqky8cGiPBeJukHFl3%2FxIP0LD70HbfLzw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
6949df8deff56903-FRA
Content-Encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af0374096e44f84ff3332c38bcbeab74fa8c82c2b56dcaed149d5679ab64085f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://74f26d34ffff049368a6cff8812f86ee.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

74f26d34ffff049368a6cff8812f86ee.gq
104.21.62.32
88b98e8c42dab1c90e00bb3a4d00ea7e71bf73ba0ec11c5b8c621bae8bac42ec
af0374096e44f84ff3332c38bcbeab74fa8c82c2b56dcaed149d5679ab64085f