| link.pr.clinicsense.com/ls/click?upn=u001.bixIXbrw0kaFkQEgg0TJdJO27CKAqXGfVGQAaNLgrYEbbiA23K1QZvrDsQWnSL-2FWew2k_ES0ShO6fv3-2F6pmZ1UabGtd2fhCFNuntBej-2BU7tJpCEpQLwWUNLwAEpVOLSMmhXvzy-2Fa9hdA4y-2FG1OkTfNpxDL0lBsvMXXmUf-2BJOb6GetUvGM38Mv6iPvUOv3VT1E3KKcuAFtHAUSziIH4yJdFR9NoSoypFHe-2FHHKZQvophNN62BMqj811ZKKTr-2FF7TVORNqNat3Hwz4a5N4aTwcpdEbvS8se76QkUPUi3Iy4qNgfoeJLqDkPjrA811gk5x7Gx1HonujmAuECOpqVxhh3BJ0-2FW2dqb8Aw-2FtDDOiA2RqtVOqAet6dhWdSgHpNzbWyMy7xdnh9NlUpsZTbvtdR4BCGu0Tg3rUDLc9eM-2FOHXD-2FMO-2FdQ-3D | 143.204.55.30 | 302 Found | 54 B |
URL User Request GET HTTP/2link.pr.clinicsense.com/ls/click?upn=u001.bixIXbrw0kaFkQEgg0TJdJO27CKAqXGfVGQAaNLgrYEbbiA23K1QZvrDsQWnSL-2FWew2k_ES0ShO6fv3-2F6pmZ1UabGtd2fhCFNuntBej-2BU7tJpCEpQLwWUNLwAEpVOLSMmhXvzy-2Fa9hdA4y-2FG1OkTfNpxDL0lBsvMXXmUf-2BJOb6GetUvGM38Mv6iPvUOv3VT1E3KKcuAFtHAUSziIH4yJdFR9NoSoypFHe-2FHHKZQvophNN62BMqj811ZKKTr-2FF7TVORNqNat3Hwz4a5N4aTwcpdEbvS8se76QkUPUi3Iy4qNgfoeJLqDkPjrA811gk5x7Gx1HonujmAuECOpqVxhh3BJ0-2FW2dqb8Aw-2FtDDOiA2RqtVOqAet6dhWdSgHpNzbWyMy7xdnh9NlUpsZTbvtdR4BCGu0Tg3rUDLc9eM-2FOHXD-2FMO-2FdQ-3D IP143.204.55.30:443
CertificateIssuerAmazon Subjectclinicsense.com Fingerprint1C:BD:63:EA:82:FD:F6:E6:43:15:A3:CC:E3:95:D4:A9:9D:2F:61:51 ValidityFri, 19 Jan 2024 00:00:00 GMT - Sun, 16 Feb 2025 23:59:59 GMT
File typeHTML document, ASCII text Hash2e67afaa58b6d5675c582634241f1315 5bab543f2b6aaaff786d127f67474cad93cb8a27 aa84e588673b8c73e4d06ca74fe65d9b8aea2a29ae8038d2b242ef883d259738
GET /ls/click?upn=u001.bixIXbrw0kaFkQEgg0TJdJO27CKAqXGfVGQAaNLgrYEbbiA23K1QZvrDsQWnSL-2FWew2k_ES0ShO6fv3-2F6pmZ1UabGtd2fhCFNuntBej-2BU7tJpCEpQLwWUNLwAEpVOLSMmhXvzy-2Fa9hdA4y-2FG1OkTfNpxDL0lBsvMXXmUf-2BJOb6GetUvGM38Mv6iPvUOv3VT1E3KKcuAFtHAUSziIH4yJdFR9NoSoypFHe-2FHHKZQvophNN62BMqj811ZKKTr-2FF7TVORNqNat3Hwz4a5N4aTwcpdEbvS8se76QkUPUi3Iy4qNgfoeJLqDkPjrA811gk5x7Gx1HonujmAuECOpqVxhh3BJ0-2FW2dqb8Aw-2FtDDOiA2RqtVOqAet6dhWdSgHpNzbWyMy7xdnh9NlUpsZTbvtdR4BCGu0Tg3rUDLc9eM-2FOHXD-2FMO-2FdQ-3D HTTP/1.1
Host: link.pr.clinicsense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=utf-8
content-length: 54
location: https://lliuovirn.com/?id=iluvi
server: nginx
date: Thu, 18 Apr 2024 13:01:39 GMT
x-robots-tag: noindex, nofollow
x-cache: Miss from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: abqopf-whKN789l2u7gyLII9Z2dPL_Mk9178PQkobfYOC7daz_8WJQ==
X-Firefox-Spdy: h2
|
|
| lliuovirn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.95.247 | 302 Found | 0 B |
URL GET HTTP/3lliuovirn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.95.247:443
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerGoogle Trust Services LLC Subjectlliuovirn.com FingerprintC6:17:FF:5F:94:1E:8D:8C:D6:48:C6:B8:7B:1A:03:86:F4:86:7E:4F ValidityWed, 17 Apr 2024 10:11:35 GMT - Tue, 16 Jul 2024 10:11:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: lliuovirn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Thu, 18 Apr 2024 13:01:40 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h8zDiRMWQeSxm7LRr3PMtL9AIhq30m9B%2Fa%2BQmuijvfD2e3CWnxNe8rBftQkr8wjJry9lAIjGa6frBapaqpXZmPPoQUlVKVlLEgfmj91Ek6JWB%2FREAG6l9TCfjI9S%2ByuE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d8487f7756b5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| lliuovirn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.95.247 | 302 Found | 0 B |
URL GET HTTP/3lliuovirn.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.95.247:443
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerGoogle Trust Services LLC Subjectlliuovirn.com FingerprintC6:17:FF:5F:94:1E:8D:8C:D6:48:C6:B8:7B:1A:03:86:F4:86:7E:4F ValidityWed, 17 Apr 2024 10:11:35 GMT - Tue, 16 Jul 2024 10:11:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: lliuovirn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Thu, 18 Apr 2024 13:01:40 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sBzGZ82iw%2Fm9cFr273we%2F2YPHaMExKAtONWYLFNTfiXyt7XBOZTxGX2D0JhuYEWoneAZIqZbSQeW3faDEbiy6bWLRGlVnSrq1aA4V8%2BgaTUcwhBJOHnUKhZvsbDomTxg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d8487f8156b5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| lliuovirn.com/cdn-cgi/challenge-platform/h/g/jsd/r/8764d84559505699 | 104.21.95.247 | 200 OK | 0 B |
URL POST HTTP/3lliuovirn.com/cdn-cgi/challenge-platform/h/g/jsd/r/8764d84559505699 IP104.21.95.247:443
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerGoogle Trust Services LLC Subjectlliuovirn.com FingerprintC6:17:FF:5F:94:1E:8D:8C:D6:48:C6:B8:7B:1A:03:86:F4:86:7E:4F ValidityWed, 17 Apr 2024 10:11:35 GMT - Tue, 16 Jul 2024 10:11:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/jsd/r/8764d84559505699 HTTP/1.1
Host: lliuovirn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12154
Origin: https://lliuovirn.com
DNT: 1
Connection: keep-alive
Referer: https://lliuovirn.com/?id=iluvi
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:40 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=KEMsJXclWi2XWHtucwcU_77l2U6AH7QqC_zfUG9eJ9I-1713445300-1.0.1.1-dL4TLe.yy4toPFX_LouYhE9ejpAokxsgEM8_LOaueQe0MYRmsIq1_9mGedevLziOkCKRGBJmvA_h51i479B1cA; path=/; expires=Fri, 18-Apr-25 13:01:40 GMT; domain=.lliuovirn.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oLABf4GYRg0KpqD%2FaYMA3aa1KJlg9EILQ2%2BNZg%2FYD1Pto8d4XKhSSBkZBB3hxh6pScwUwUjkjAKSXq2Q0dQ0LQ4iWXp80DsdnLfy0XN2HOm8sQ%2F32Dvyvh9aBwnbWsYc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d849992056b5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| lliuovirn.com/cdn-cgi/challenge-platform/h/g/jsd/r/8764d84559505699 | 104.21.95.247 | 200 OK | 0 B |
URL POST HTTP/3lliuovirn.com/cdn-cgi/challenge-platform/h/g/jsd/r/8764d84559505699 IP104.21.95.247:443
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerGoogle Trust Services LLC Subjectlliuovirn.com FingerprintC6:17:FF:5F:94:1E:8D:8C:D6:48:C6:B8:7B:1A:03:86:F4:86:7E:4F ValidityWed, 17 Apr 2024 10:11:35 GMT - Tue, 16 Jul 2024 10:11:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/jsd/r/8764d84559505699 HTTP/1.1
Host: lliuovirn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12154
Origin: https://lliuovirn.com
DNT: 1
Connection: keep-alive
Referer: https://lliuovirn.com/?id=iluvi
Cookie: cf_clearance=KEMsJXclWi2XWHtucwcU_77l2U6AH7QqC_zfUG9eJ9I-1713445300-1.0.1.1-dL4TLe.yy4toPFX_LouYhE9ejpAokxsgEM8_LOaueQe0MYRmsIq1_9mGedevLziOkCKRGBJmvA_h51i479B1cA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:40 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=ZVx7ZfdK5vgVaAUdmXTVYq4sNgXGYhRFMtetWv5YzcY-1713445300-1.0.1.1-RGflmY62oFDblHLr_cv4aTIjx6_FnhGQMwoFeQVzjX_tnL2lJNpqBnL2v7xB2BIpXv.2YBYHWO0j_qxoSPj95g; path=/; expires=Fri, 18-Apr-25 13:01:40 GMT; domain=.lliuovirn.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rqxNGuzSWrc%2B3ZUrr26QGBAgZS0ZTmGZ%2B9El%2BOJSt3YDa3X9P2gUmetBm%2FO0LAabrDTfd%2BdZFRTxRYWnUF8mQjtYvLIW4wlF4jZx7zE95yYeYA4o405i7cgeZgsLDkiH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d84a39df56b5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.serviops.ca/wp-content/uploads/2015/11/Cloudflare_logo.svg_.png | 188.114.97.1 | 200 OK | 29 kB |
URL GET HTTP/2www.serviops.ca/wp-content/uploads/2015/11/Cloudflare_logo.svg_.png IP188.114.97.1:443
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerGoogle Trust Services LLC Subjectserviops.ca Fingerprint5D:C9:D3:9F:1C:DF:5C:49:D7:A5:15:B0:12:5D:99:09:34:85:EC:85 ValiditySun, 25 Feb 2024 13:34:39 GMT - Sat, 25 May 2024 13:34:38 GMT
File typePNG image data, 1280 x 436, 8-bit/color RGBA, non-interlaced Hashc5af2eeed73cd4a569bce03f96e21e11 458b5624d0b66242afdead9ee2f3a6125a624478 2b8a39ef4484a9c2b7d89a76e562cf9d5d920d07d5cf55d3f200cea52d0f8792
GET /wp-content/uploads/2015/11/Cloudflare_logo.svg_.png HTTP/1.1
Host: www.serviops.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lliuovirn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:01:41 GMT
content-type: image/png
content-length: 29039
x-frame-options: SAMEORIGIN, SAMEORIGIN
last-modified: Sun, 15 Oct 2017 15:37:03 GMT
etag: "716f-55b97a95a25c0"
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
cache-control: max-age=691200
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DSNwauXkFUj3Y7zeLNi7qSqvDZxcbeFYAhWn7DwIk7x3BXyoDuLxj9rBef6mPei27WXK8eBqxxIp2SXLaVBRixmOAmCXssDDXGwrteEAXq8vhWnD0%2BZ3IvMCNXenrKK2Hew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d848b8b2568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| | 104.21.95.247 | 200 OK | 6.2 kB |
URL User Request GET HTTP/2IP104.21.95.247:443
CertificateIssuerGoogle Trust Services LLC Subjectlliuovirn.com FingerprintC6:17:FF:5F:94:1E:8D:8C:D6:48:C6:B8:7B:1A:03:86:F4:86:7E:4F ValidityWed, 17 Apr 2024 10:11:35 GMT - Tue, 16 Jul 2024 10:11:34 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (6579), with no line terminators Hashd9813b472d28ce6b0bbb62080942278a 11d518e8b4232eeb9ece30b27658672aa99c67a6 95c84e26b62ce3127f7a1c3a2a4a6e8a3093d29f2e752a423bc415b32fb29b7a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?id=iluvi HTTP/1.1
Host: lliuovirn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:01:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IM2qL7GQ9oFWFlndCv2HtrNmnPXKi75%2BvIWcxR1H14Bb3wpegaBFLJNXuuMdXxCPbTQ98pi7j%2BR1ITRNn5TZFEpQdRz1jbsekrSFRpBfmK7YSVminb8lhzCQ3DV0MyJB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d84559505699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.cloudflare.com/favicon.ico | 0.0.0.0 | | 0 B |
URL GET www.cloudflare.com/favicon.ico IP0.0.0.0:0
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerLet's Encrypt Subjectwww.cloudflare.com FingerprintA8:2D:6E:C5:D3:33:52:26:3D:04:2B:56:87:7C:AB:2D:B4:90:16:9D ValidityFri, 05 Apr 2024 17:10:16 GMT - Thu, 04 Jul 2024 17:10:15 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lliuovirn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:01:40 GMT
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=0, must-revalidate
etag: W/"ffb25f3edc5c56acfdf7e7cdffcb217c"
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: geolocation=(), camera=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-gww-loc: EN-US
x-pgs-loc: EN-US
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=mOV3QaPnQBwm8mRpsnBz3HVpy4SAgtP6HwEKl6XgP_0-1713445300-1.0.1.1-m7VxQ_o6XoATz7l5KoqGrGI8L02hFCuYCIjJIzajIKpIOUZrhk.7kUS9b8VUL4NsjQ3M3HENrqMlKlhYwCE.kw4f07pa43kOQ_EslIR36fE; path=/; expires=Thu, 18-Apr-24 13:31:40 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OB6kmFlas0M%2BZ3R1tr7g7lMEEClk%2FgKN7WypEej3M%2Fh0%2B0%2BxbS%2FwZVu6RGx6MALanq90pt8y3iJFlbRc%2FjXptIg%2BdG1DwYsRGSsNKonec0Ne0hpmqzyRvPMaPWTTD2T1xdWvqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d8493b1e56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| lliuovirn.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js | 104.21.95.247 | 200 OK | 12 kB |
URL GET HTTP/3lliuovirn.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP104.21.95.247:443
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerGoogle Trust Services LLC Subjectlliuovirn.com FingerprintC6:17:FF:5F:94:1E:8D:8C:D6:48:C6:B8:7B:1A:03:86:F4:86:7E:4F ValidityWed, 17 Apr 2024 10:11:35 GMT - Tue, 16 Jul 2024 10:11:34 GMT
File typeJavaScript source, ASCII text, with very long lines (12331) Hash88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: lliuovirn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lliuovirn.com/?id=iluvi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:40 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:45:04 GMT
etag: W/"661e9d00-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g43h0Rn3cerZENA6YLKgskGZ1vS2gSc6TOiCTOyd%2FJwNmwrAqjl%2FPjZNdFPyVA0KKfETK9PdBka%2FqpFPUjjevQtwT8UtMlItOElcuV%2FNskX9DUldtEtUsLcopJZDYiWL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8764d8483f1a56b5-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 20 Apr 2024 13:01:40 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| lliuovirn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js | 104.21.95.247 | 200 OK | 7.9 kB |
URL GET HTTP/3lliuovirn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js IP104.21.95.247:443
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerGoogle Trust Services LLC Subjectlliuovirn.com FingerprintC6:17:FF:5F:94:1E:8D:8C:D6:48:C6:B8:7B:1A:03:86:F4:86:7E:4F ValidityWed, 17 Apr 2024 10:11:35 GMT - Tue, 16 Jul 2024 10:11:34 GMT
File typeJavaScript source, ASCII text, with very long lines (7855), with no line terminators Hash16566fe31c6418803a7e4d04f3607174 4d88271f988aad285bf09e749bae1ff08140fe1e 5a5ddb2b08684ec3c1696b4a3415d47bc368ceb1ec3b6417187267e033b1863b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: lliuovirn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:40 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=14400, public
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rNCzkqmVasLdEizFR2kzOQo2h7kYwScFd3cdm6bqC7CCio%2BvYxkZAU3LIj8kwGo3wuBJsQ95DRP3amMiwhQ9NQeLCfnfPgL4YjVu7eXAd0zZ1GZ3JWxkfZTj6Z4trSL6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d848afbf56b5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| lliuovirn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js | 104.21.95.247 | 200 OK | 7.8 kB |
URL GET HTTP/3lliuovirn.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js IP104.21.95.247:443
Requested byhttps://lliuovirn.com/?id=iluvi CertificateIssuerGoogle Trust Services LLC Subjectlliuovirn.com FingerprintC6:17:FF:5F:94:1E:8D:8C:D6:48:C6:B8:7B:1A:03:86:F4:86:7E:4F ValidityWed, 17 Apr 2024 10:11:35 GMT - Tue, 16 Jul 2024 10:11:34 GMT
File typeJavaScript source, ASCII text, with very long lines (7838), with no line terminators Hashd2e68414cd24ca043192a26685a2653b 5441b50d1cb82a5e95863f78c1ac7b30b6baa60f 053fcd3da8df764918a343ce22782f47c9493b910d18297daa4df54fdd12e259
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: lliuovirn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:01:40 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJJjjtxG5YceQUeHs4n2pmDYYGnsDVoPhlAT9Zbr420ZekApb2KqQJQGYKAjCd6Q46TGwBSzyT5%2FE69KCyStc%2BqbkWWHPjzcImOL0w0IeTMzaGfvVhAUkSZpEV36XVGW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8764d848bfc756b5-OSL
alt-svc: h3=":443"; ma=86400
|
|