wf.icu Threat Intelligence and Information

Host Location

Dig Results

• Got answer:
• -»HEADER«- opcode: QUERY, status: NOERROR, id: 26034
• flags: qr rd ra QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
• OPT PSEUDOSECTION:
• EDNS: version: 0, flags: udp: 1432
• QUESTION SECTION:
• wf.icu. IN A
• ANSWER SECTION:
• wf.icu. 297 IN A 207.99.76.201
• Query time: 0 msec
• SERVER: 192.168.1.153(192.168.1.1) (UDP)
• WHEN: Wed Nov 12 00:10:22 UTC 2025
• MSG SIZE rcvd: 51

Whois Data

• Domain Name: WF.ICU
• Registry Domain ID: D77619489-CNIC
• Registrar URL: http://digitalcandy.com
• Updated Date: 2025-09-28T00:10:25.0Z
• Creation Date: 2018-09-27T19:11:08.0Z
• Registry Expiry Date: 2026-09-27T23:59:59.0Z
• Registrar: Digital Candy, Inc
• Registrar IANA ID: 3253
• Name Server: NS-183.AWSDNS-22.COM
• Name Server: NS-590.AWSDNS-09.NET
• Name Server: NS-1938.AWSDNS-50.CO.UK
• Name Server: NS-1210.AWSDNS-23.ORG
• DNSSEC: unsigned
• Registrar Abuse Contact Email: tech@digitalcandy.com
• Registrar Abuse Contact Phone: +1.3015882849
• https://www.centralnicregistry.com/support/information/rdap «<
• blacklisted. All data is (c) CentralNic Ltd (https://www.centralnicregistry.com)

SSL Certificate Information

• Certificate:
• Data:
• Version: 3 (0x2)
• Serial Number:
• 05:9c:f8:6e:62:6b:cf:e1:58:1f:8d:77:e6:95:55:f8:12:68
• Signature Algorithm: sha256WithRSAEncryption
• Issuer: C = US, O = Let’s Encrypt, CN = R12
• Validity
• Not Before: Sep 29 02:38:48 2025 GMT
• Not After : Dec 28 02:38:47 2025 GMT
• Subject: CN = s001.quarkserver.com
• Subject Public Key Info:
• Public Key Algorithm: rsaEncryption
• Public-Key: (2048 bit)
• Modulus:
• 00:b0:ab:98:2d:80:4a:e9:d6:b0:27:35:d4:a9:32:
• 03:90:4a:82:7f:c6:87:42:c1:42:02:35:54:3c:05:
• a7:16:dd:ef:b2:cb:6b:fb:d9:93:52:26:f9:80:a3:
• 09:84:bc:36:c4:b0:eb:a7:4e:2f:a0:ee:43:1e:7e:
• 23:48:77:e0:e4:63:d1:c8:05:cf:d8:37:be:e6:3d:
• a5:dc:fe:75:9b:2b:85:f0:52:be:3e:08:f9:71:69:
• f2:2f:7b:8a:86:8d:08:e9:af:39:ba:e6:ea:40:b4:
• 0e:df:d2:4d:8d:fd:6b:20:65:a9:cb:ae:66:d5:8b:
• 58:d3:dc:c9:23:09:fa:96:e0:0e:3a:95:2a:2c:12:
• 61:2e:a3:20:6a:f3:59:0b:0e:28:18:86:fb:81:06:
• 0f:c5:9a:52:e0:3b:fc:0b:2d:01:05:6a:f4:91:e5:
• 37:d9:37:b8:d3:dc:37:e3:40:e3:00:35:29:35:85:
• fc:dd:94:fb:92:1d:bb:58:89:83:0d:af:f6:1d:6e:
• 15:f7:7d:64:4e:5a:f4:00:b7:bf:64:4b:6d:2e:af:
• 95:01:7a:b7:69:84:90:fb:66:10:5d:e4:26:7a:4e:
• e1:e7:e1:68:64:e7:c6:5e:2c:ea:85:ab:7e:26:f6:
• 10:19:f4:eb:15:25:7a:50:8d:ab:09:85:b5:01:66:
• 33:0b
• Exponent: 65537 (0x10001)
• X509v3 extensions:
• X509v3 Key Usage: critical
• Digital Signature, Key Encipherment
• X509v3 Extended Key Usage:
• TLS Web Server Authentication, TLS Web Client Authentication
• X509v3 Basic Constraints: critical
• CA:FALSE
• X509v3 Subject Key Identifier:
• 0D:18:8D:8E:7D:52:1E:B4:A5:A2:3E:72:36:AB:F0:7F:95:38:EC:73
• X509v3 Authority Key Identifier:
• 00:B5:29:F2:2D:8E:6F:31:E8:9B:4C:AD:78:3E:FA:DC:E9:0C:D1:D2
• Authority Information Access:
• CA Issuers - URI:http://r12.i.lencr.org/
• X509v3 Subject Alternative Name:
• DNS:s001.quarkserver.com
• X509v3 Certificate Policies:
• Policy: 2.23.140.1.2.1
• X509v3 CRL Distribution Points:
• Full Name:
• URI:http://r12.c.lencr.org/105.crl
• CT Precertificate SCTs:
• Signed Certificate Timestamp:
• Version : v1 (0x0)
• Log ID : ED:3C:4B:D6:E8:06:C2:A4:A2:00:57:DB:CB:24:E2:38:
• 01:DF:51:2F:ED:C4:86:C5:70:0F:20:DD:B7:3E:3F:E0
• Timestamp : Sep 29 03:37:18.384 2025 GMT
• Extensions: none
• Signature : ecdsa-with-SHA256
• 30:45:02:20:2B:3E:E2:E0:EA:56:A3:4F:CB:72:3A:18:
• 20:A5:C3:C9:C4:1D:48:43:A8:E9:58:D0:37:09:9F:18:
• 33:D3:F4:A9:02:21:00:A4:3D:D6:A7:C3:59:65:5B:8A:
• FC:D3:94:FF:57:84:EB:D6:C7:EF:16:A8:28:3A:DE:23:
• A8:E1:CC:19:BF:3E:48
• Signed Certificate Timestamp:
• Version : v1 (0x0)
• Log ID : 19:86:D4:C7:28:AA:6F:FE:BA:03:6F:78:2A:4D:01:91:
• AA:CE:2D:72:31:0F:AE:CE:5D:70:41:2D:25:4C:C7:D4
• Timestamp : Sep 29 03:37:18.398 2025 GMT
• Extensions: none
• Signature : ecdsa-with-SHA256
• 30:44:02:20:41:D6:C4:09:60:30:A7:23:F9:07:6E:20:
• 78:29:10:65:D3:D5:B9:42:08:79:06:6A:61:44:50:CB:
• E6:73:FC:33:02:20:3E:18:EF:2F:6B:3F:6A:0C:BB:CD:
• 15:0D:10:6C:BD:2F:2D:54:8D:E3:37:B5:84:31:8B:5C:
• 47:6B:B2:49:C6:A3
• Signature Algorithm: sha256WithRSAEncryption
• Signature Value:
• 5c:9d:a1:24:f5:e2:41:a6:62:6d:7f:c7:5e:7c:1a:35:df:1a:
• 29:60:c5:a5:27:d6:48:8f:ab:2d:bc:fe:64:e2:e8:7e:04:f1:
• 66:f8:06:1b:01:6e:8a:ff:ba:8d:67:66:f0:4e:ac:51:ab:ce:
• 5f:f0:7d:c7:d9:61:0f:14:f8:d3:b9:a4:99:f2:cf:2e:18:95:
• 2d:18:ca:75:6f:e5:9a:5c:ab:ef:79:d7:fc:1b:cc:b7:bd:ee:
• db:ad:16:a3:b7:d9:fc:8f:14:d0:d9:ae:23:ce:87:5a:fe:7c:
• 7b:f9:6d:58:63:bb:d8:5d:ab:2e:e9:66:b8:c5:0f:95:79:f6:
• 34:82:8a:8b:48:50:4f:7f:c8:96:0b:2d:ff:e5:f9:10:ed:06:
• fa:fb:1e:d3:bc:f5:6c:81:02:56:73:3b:d9:fe:95:83:e3:62:
• 1c:69:55:1d:ba:2d:cc:57:62:f7:90:19:b9:39:9c:71:9d:e0:
• c9:21:d4:bc:54:2f:d5:bd:61:26:ab:54:53:ee:ed:6d:46:5b:
• ea:6f:fc:6e:4a:df:67:2e:af:a3:ad:3d:1f:73:f1:51:9e:e7:
• 0c:00:da:2d:67:70:45:35:c0:37:6b:f4:dd:11:7a:ac:5f:f3:
• db:c0:6b:79:37:b3:aa:36:84:0b:30:3d:41:1a:ac:74:c8:7e:
• b2:92:d5:9e

Robots

“User-agent: *\nDisallow: /\n

Technologies

OpenSSH Postfix smtpd nginx nginx

Additional Links

*** Virustotal ***

*** WayBackMachine ***