| ey18yuot4.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js | 172.67.155.160 | 302 Found | 0 B |
URL GET HTTP/3ey18yuot4.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js IP172.67.155.160:443
Requested byhttps://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13 CertificateIssuerGoogle Trust Services LLC Subjectey18yuot4.xyz Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47 ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Sat, 04 May 2024 08:18:20 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XkpjpLVls9fkxefPMRH1NaKogOPY2b7sKEm961HkGcUfqR%2BO%2B6rerEvvtQPSqOqlBPPcx7lFY2XcT18ufIUV8qwdyWoe%2B2bvd9%2BIxotAXUOwNuDWZrroZWqRBXU0UBbf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e70f3c0a6fb515-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ey18yuot4.xyz/cdn-cgi/challenge-platform/h/g/jsd/r/87e70f377b4a5696 | 172.67.155.160 | 200 OK | 0 B |
URL POST HTTP/3ey18yuot4.xyz/cdn-cgi/challenge-platform/h/g/jsd/r/87e70f377b4a5696 IP172.67.155.160:443
Requested byhttps://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13 CertificateIssuerGoogle Trust Services LLC Subjectey18yuot4.xyz Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47 ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/challenge-platform/h/g/jsd/r/87e70f377b4a5696 HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12284
Origin: https://ey18yuot4.xyz
DNT: 1
Connection: keep-alive
Referer: https://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 08:18:20 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=ZVRvYu1QuJsk6KqrSsORHBMvZFJlBnqyCTALBuD5k.I-1714810700-1.0.1.1-4Gs2cqsr4uCDv6Ta5KV7R60BJ5xV6he1gX_P47yN2wOBWeaQ8j50v31NrmA5H3CWEA9VvgIN4XSEWOTcBuh36A; path=/; expires=Sun, 04-May-25 08:18:20 GMT; domain=.ey18yuot4.xyz; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NbzE73a6pCxcPnyGz6mPgwgztSmXQcAMWJv5JDWpolX9Z3xj5cwH%2FT1rZsVUe3vcKhhpWq1ytOqUtCkOVaJpfl%2Fc%2BA93W3JZmvzcBo4wiUOLCNWbUN1xMlYhkiF%2B7pUY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e70f3d4bafb515-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Asap | 142.250.74.74 | 200 OK | 928 B |
URL GET HTTP/2fonts.googleapis.com/css?family=Asap IP142.250.74.74:443
Requested byhttps://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hasha098abcc56e230b47813263f15799f54 7775f72e232b0b48baa4517dee8d032d147d1c10 41aa708e524049f0f0366bad1fe9824bf64b86104126150ad15a2a6e1218cabe
GET /css?family=Asap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 08:18:24 GMT
date: Sat, 04 May 2024 08:18:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| rdtyucf.xyz/new/js/jquery.js | 172.67.175.124 | 200 OK | 47 kB |
URL GET HTTP/3rdtyucf.xyz/new/js/jquery.js IP172.67.175.124:443
Requested byhttps://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT CertificateIssuerLet's Encrypt Subjectrdtyucf.xyz Fingerprint99:AD:05:9B:12:D8:BA:DE:36:6D:D3:0C:47:BC:7C:33:3D:3A:F2:4F ValiditySat, 27 Apr 2024 18:35:37 GMT - Fri, 26 Jul 2024 18:35:36 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashb4d0f8d3f1e17a37e8f669569aea4cb7 908825421e02011e4fb4915d0ba80d39ccb1fc94 6fdf878caa6115ab88f270d81cfdbccbaa93935924bb9d015b0c4cf4a1d483db
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /new/js/jquery.js HTTP/1.1
Host: rdtyucf.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=38b2b0dcdb92ef8846627dc716590a69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 08:18:24 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=88145
last-modified: Fri, 15 Oct 2021 19:37:00 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVN5JkMI55m8MCtqZCJiTGAm7lNf8zGh1UXfQm4FkMncA57jwwzNSZ6CCfAfZy4sQanbziqNzfuv5aANT%2BOeWqGAJfMyEPwPwzk7JO5tFHN7a7chrRDO%2BFoYkUdIXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e70f54ee31569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| rdtyucf.xyz/favicon.ico | 172.67.175.124 | 404 Not Found | 9.1 kB |
IP172.67.175.124:443
Requested byhttps://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT CertificateIssuerLet's Encrypt Subjectrdtyucf.xyz Fingerprint99:AD:05:9B:12:D8:BA:DE:36:6D:D3:0C:47:BC:7C:33:3D:3A:F2:4F ValiditySat, 27 Apr 2024 18:35:37 GMT - Fri, 26 Jul 2024 18:35:36 GMT
File typeHTML document, ASCII text, with no line terminators Hash3dea6e4a74ae5c8a6b8dd3bae0de6081 0b2672db2629a86272ca21084220113c548195db 6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: rdtyucf.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=38b2b0dcdb92ef8846627dc716590a69
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sat, 04 May 2024 08:18:25 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PjZEThKK%2FhX6a%2BOiDkPi5s2clmXP7zmgirlUYBgct1%2BE9f27x9X5Fdjnt1DN64owOqn0CBfbFjtP8SnpDSFTwKH4uxQqDKljEf69mKDv8IdVblYc5QgaOruviUajzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e70f5a1b58569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/asap/v30/KFOOCniXp96a4Tc2DaTeuDAoKsE617JFc49knOIYdjTYkqUcKWmW.woff2 | 142.250.74.163 | 200 OK | 15 kB |
URL GET HTTP/2fonts.gstatic.com/s/asap/v30/KFOOCniXp96a4Tc2DaTeuDAoKsE617JFc49knOIYdjTYkqUcKWmW.woff2 IP142.250.74.163:443
Requested byhttps://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15036, version 1.0 Hash7e2ecfd75a716509f6860fed1d4619ad 4bcc7d99f712b2be0599c5709c6254685f05b3f8 a07a2e0ca3402a2df11bd4b5144e81fd31709101d9a72ea0e27b48828a23f559
GET /s/asap/v30/KFOOCniXp96a4Tc2DaTeuDAoKsE617JFc49knOIYdjTYkqUcKWmW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rdtyucf.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:11:08 GMT
expires: Fri, 02 May 2025 02:11:08 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Jun 2023 20:38:31 GMT
content-type: font/woff2
age: 194836
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| freeiconshop.com/wp-content/uploads/edd/android-flat.png | 0.0.0.0 | | 0 B |
URL GET freeiconshop.com/wp-content/uploads/edd/android-flat.png IP0.0.0.0:0
Requested byhttps://rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads/edd/android-flat.png HTTP/1.1
Host: freeiconshop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13 | 172.67.155.160 | 200 OK | 2.5 kB |
URL User Request POST HTTP/2ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13 IP172.67.155.160:443
CertificateIssuerGoogle Trust Services LLC Subjectey18yuot4.xyz Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47 ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT
File typeJavaScript source, ASCII text, with very long lines (2577), with no line terminators Hashf19430779f87453d6aa0f1cc687a6441 8882138b55ba7328b8695b1c8e18014860b1c47f c31ace8c203ea6381ff3276d92c2d627af3779e00bbc3d8f55ba413bb49b64f3
POST /?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13 HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 95
Origin: https://auesk.cfd
DNT: 1
Connection: keep-alive
Referer: https://auesk.cfd/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 08:18:20 GMT
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z2Uf3DwChkY9kJAvrG0LP6GAQnz4pjJ%2B7IIoZxjaCLfbeVXxiMhZTqyciLRdFonNM%2BqmfQruYX8tQsJ2iCxBmUZWWafcWpHqTSZsJmY9dJ%2FI0VPPBvmwWg297hsh1H1c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e70f377b4a5696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ey18yuot4.xyz/favicon.ico | 172.67.155.160 | 404 Not Found | 236 B |
URL GET HTTP/3ey18yuot4.xyz/favicon.ico IP172.67.155.160:443
Requested byhttps://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13 CertificateIssuerGoogle Trust Services LLC Subjectey18yuot4.xyz Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47 ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT
File typeHTML document, ASCII text, with no line terminators Hash3dea6e4a74ae5c8a6b8dd3bae0de6081 0b2672db2629a86272ca21084220113c548195db 6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362
GET /favicon.ico HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sat, 04 May 2024 08:18:20 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5syifl1bwUBB6SYFlbnExsCs2TFUnP%2F6YN1pd9IgogeFxo5CL%2B4MvVC7HoQJKxdS3hqIbKShVaNgdIIAFG3extXEmY2gBfISF2%2Bvz7jkNzNisuz%2B9xv0Xq%2BpzuNcpyom"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e70f3bfa6eb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ey18yuot4.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js | 172.67.155.160 | 200 OK | 7.8 kB |
URL GET HTTP/3ey18yuot4.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js IP172.67.155.160:443
Requested byhttps://ey18yuot4.xyz/?26_6=535610c7395b4243cf2398440e8e5ace&s=G-RJ01154297-v240331rar&t=13 CertificateIssuerGoogle Trust Services LLC Subjectey18yuot4.xyz Fingerprint21:F7:AB:88:83:86:0C:50:86:7D:FA:08:58:94:96:48:26:16:9A:47 ValidityWed, 17 Apr 2024 11:17:50 GMT - Tue, 16 Jul 2024 11:17:49 GMT
File typeJavaScript source, ASCII text, with very long lines (7797), with no line terminators Hash31a651cd95fb00d6202879c827d6972c c162e6e69f169a93de1ebada3b066c0916e585a6 cccdaab75ad97da2880a5b7edd3282dd5ec170948358aa208051569b0a103d4e
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js HTTP/1.1
Host: ey18yuot4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 08:18:20 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
content-encoding: br
x-content-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GnU0Ej8Lv17A6d5iKN0h3jl18voVJcWTXnad%2FhqgrGAqhee2y7SB2YglHnt3JawzIQ%2FnxW7lzhhL%2BHt6yYHCmurE%2FOtm5EIiW2msVtPb2bw7%2FkaK5ZMhR%2BgrAG6TGotr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e70f3c3a9bb515-OSL
alt-svc: h3=":443"; ma=86400
|
|
| rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT | 172.67.175.124 | 200 OK | 4.7 kB |
URL User Request POST HTTP/2rdtyucf.xyz/?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT IP172.67.175.124:443
CertificateIssuerLet's Encrypt Subjectrdtyucf.xyz Fingerprint99:AD:05:9B:12:D8:BA:DE:36:6D:D3:0C:47:BC:7C:33:3D:3A:F2:4F ValiditySat, 27 Apr 2024 18:35:37 GMT - Fri, 26 Jul 2024 18:35:36 GMT
File typeHTML document, ASCII text, with very long lines (5039), with no line terminators Hashfceadbdca82a7d9982b0e8e6914f9f1d 5a6341a69e374697263f01ec7fe07b26e0d3c70c 54428a7bd0ee8f11b4ef6b6ffb210b7b65535d6f9f63e53e6de690f9cafe3629
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /?vGlUhD4OHmZRV2fKxa7BWcJLNoFr18AqgYEy-iawBRcKOorTjSZfpsWugmA68NFXIEM3Pl5Y-iPWycz7ZR9mn2IJKljtAvpaO0QuBDHCk4Ndqr8bESxeVhwXs36UT HTTP/1.1
Host: rdtyucf.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Origin: https://ey18yuot4.xyz
DNT: 1
Connection: keep-alive
Referer: https://ey18yuot4.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 08:18:24 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=38b2b0dcdb92ef8846627dc716590a69; path=/; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2F8PMQe7dnjPdJUmMsGVuwQUIe6E5%2Fob7jCOeK2ozDJA7A379qwg08hsmvsK1BiJI0ReKNbN5DEsINy17VulyvQx2v9S7JnNd5W%2FKlrC7FzQYPscUU6sxY5yvG1VA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e70f50ceb656c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|