Report - dfsvgd.pages.dev/

Report Overview

Submitted URL
dfsvgd.pages.dev/
IP
172.66.44.247
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 04:03:10
Access
public
Website Title
WhatsApp Group Invite
Final URL
dfsvgd.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ideapassage.com	unknown	2024-04-24	2024-04-25	2024-04-25	482 B	467 B	172.240.108.76
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-04-24	735 B	423 B	192.243.59.13
hzr0dm28m17c.com	269459	2020-06-29	2020-08-28	2024-04-20	436 B	32 kB	172.240.108.68
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-04-25	413 B	87 kB	188.114.96.1
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-04-24	443 B	6.1 kB	45.133.44.9
dfsvgd.pages.dev	unknown	unknown	No data	No data	3.8 kB	518 kB	172.66.44.247
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-04-25	433 B	423 B	18.185.247.192
acknowledgecalculated.com	unknown	unknown	No data	No data	2.9 kB	38 kB	192.243.61.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	dfsvgd.pages.dev/	WhatsApp
2024-04-25	medium	dfsvgd.pages.dev/	WhatsApp
2024-04-25	medium	dfsvgd.pages.dev/	WhatsApp
2024-04-25	medium	dfsvgd.pages.dev/	WhatsApp
2024-04-25	medium	dfsvgd.pages.dev/	WhatsApp
2024-04-25	medium	dfsvgd.pages.dev/	WhatsApp
2024-04-25	medium	dfsvgd.pages.dev/	WhatsApp
2024-04-25	medium	dfsvgd.pages.dev/	WhatsApp

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	acknowledgecalculated.com	Sinkholed
2024-04-25	medium	acknowledgecalculated.com	Sinkholed
2024-04-25	medium	acknowledgecalculated.com	Sinkholed
2024-04-26	medium	ideapassage.com	Sinkholed
2024-04-25	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	dfsvgd.pages.dev/npm/backoffer.js	618 B	2023-03-07	2024-05-02
Pretty URL dfsvgd.pages.dev/npm/backoffer.js IP 172.66.44.247 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57:37 Last Seen2024-05-02 10:16:26 Times Seen257 Hash 4e39716b4d4469996fc6e68265fa8830 c8b24994e71f4e58170e639124107fd25757f755 3cc4cdc7b3421264503656474f5b10db20bc711493bfe2df0680da0b7c81a72c Loading...

	dfsvgd.pages.dev/	0 B	2023-03-07	2024-05-06
Pretty URL dfsvgd.pages.dev/ IP 172.66.44.247 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 19:10:44 Times Seen37382443 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	488 B	2023-09-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 03:24:58 Last Seen2024-04-26 06:03:16 Times Seen11 Hash 969bf229d2b715dbd0cdc3d20acc70f1 48a0006e93d9d1b6261a1de7985e1b9b9609c276 f6ad322d90b3a3223e3685fa17b9870fb70a001152fb134d944a8fab2e2dd361 Loading...

	acknowledgecalculated.com/cd/ad/48/cdad48e428afe48d78642d3476d5432e.js	82 kB	2024-04-26	2024-04-26
Pretty URL acknowledgecalculated.com/cd/ad/48/cdad48e428afe48d78642d3476d5432e.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 06:03:16 Last Seen2024-04-26 06:03:17 Times Seen2 Hash ee6994081b9a3c541e6fea3287fe1c8c a2fe035884827c8dc2c6c39166c8ebd782781751 756b4497371bc17060c633f8ee69c68cdec9c5f095fc0d639fa3c89cbd5db510 Loading...

	unknown	196 B	2023-12-04	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 14:26:58 Last Seen2024-04-26 06:03:16 Times Seen3 Hash fb1f4ca6170fdacaa60998155aaac08f 373ea7a4ab9e76eb9809988fec8ccd1c03ef71d7 972606796d68d049b2d519bae5e05804bb32d59eaa263cc58407a17ea4f0d137 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-06
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-06 14:59:09 Times Seen2315 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unknown	3.8 kB	2024-04-26	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 06:03:16 Last Seen2024-04-26 06:03:16 Times Seen1 Hash 693b785c424773917b28fc596794ca85 b945e6abb45886cde3d71d5bea7cdd51597dd87f 3efe2ecd51bb311c12229a106f29fedae556cc45471a5d51395383023a77dd77 Loading...

	hzr0dm28m17c.com/7e89a56fa66ca3796726cd5fa0f1906e/invoke.js	31 kB	2024-04-26	2024-04-26
Pretty URL hzr0dm28m17c.com/7e89a56fa66ca3796726cd5fa0f1906e/invoke.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 06:03:16 Last Seen2024-04-26 06:03:17 Times Seen2 Hash f33677fdebc496be22597c6525b67db8 a82053b234f13243ec426a86c90124636340b2bf 5512dfc494d042c55573c9857fa9d8359da57c9e0fc681b8b778fc53e6ef9522 Loading...

	unknown	145 B	2023-09-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 03:24:58 Last Seen2024-04-26 06:03:16 Times Seen11 Hash 7c2393e6b8890f7c9458f51c0f1238d4 1a550440171be8423c6f4d7453973da5b15f19d1 9f1424074d3fbbc87f6d451fef4dbd401be72d00cc20e0b6cf0d1c150630e204 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4bbc64558779de0ea06408c2936deb4b	2.1 kB	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 06:03:16 Last Seen2024-04-26 06:03:16 Times Seen1 Hash 4bbc64558779de0ea06408c2936deb4b e1053c3a4007c4cc29fd0af8efd49074b7e7d5b1 c0cc1dc46f474ef263eb8db8b8942e2cb2197b39a1efb19903513e4cf1c58b59 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0d38ea1dd08b50c1c24e78555d8eb78d	452 B	2023-09-07	2024-04-26
Pretty Observations First Seen2023-09-07 03:24:58 Last Seen2024-04-26 06:03:16 Times Seen11 Hash 0d38ea1dd08b50c1c24e78555d8eb78d 10e4e8e8a529c473ad1c4fe3db476806bd32bae4 3321d55d738a5f014eddd4f4f75a426cc4d1bb0de32e02dc600c20d29492e8de Loading...

	#2 Write - 22a65843a4e83bb8c21e937656d3ac2b	114 B	2023-09-07	2024-04-26
Pretty Observations First Seen2023-09-07 03:24:58 Last Seen2024-04-26 06:03:17 Times Seen11 Hash 22a65843a4e83bb8c21e937656d3ac2b d05760568f8ac460a747e6d017bc8e293b7deb3b cc429cb8583482f3adfa15356b8119f697390ba41ded50c40e1f3393fed4069f Loading...

HTTP Transactions (17)

URL IP Response Size

dfsvgd.pages.dev/img/logo-2.jpg

172.66.44.247

200 OK

142 kB

URL GET HTTP/3
dfsvgd.pages.dev/img/logo-2.jpg
IP
172.66.44.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdfsvgd.pages.dev
FingerprintBE:15:6F:B4:DA:F1:2C:4F:1A:7C:49:0C:1B:29:1F:DC:52:0A:20:9F
ValidityMon, 15 Apr 2024 00:08:02 GMT - Sun, 14 Jul 2024 00:08:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1080, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=720], baseline, precision 8, 720x1080, components 3
Size
142 kB (141454 bytes)
Hash
bcd43a6fbb58b7e87785f0d95e8d5e36
51dfda212afdc544a32c47e1cc31698bbbceff45
f8ef2d1f4507b16731994895cb684fc0200176e647516a501ea93287aade4d47

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /img/logo-2.jpg HTTP/1.1
Host: dfsvgd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:02:45 GMT
content-type: image/jpeg
content-length: 141454
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "e1a0634a88ed82c8b27af2e8d0c38b63"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=87tZCIvCtpG2Ax5rcmtCXoarxVLJtaZqruWtyPucRHjIj44XWobe4FdSxYKYaRplbgXa%2FLpU%2FWfStB9UsjXJFb9yBGKgWf0iYIhELbZKDNwy6CDsj2LD4wc8CyRE22qH7vE6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3add7ee71b511-OSL
alt-svc: h3=":443"; ma=86400

dfsvgd.pages.dev/img/wa-logo.svg

172.66.44.247

200 OK

104 kB

URL GET HTTP/3
dfsvgd.pages.dev/img/wa-logo.svg
IP
172.66.44.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdfsvgd.pages.dev
FingerprintBE:15:6F:B4:DA:F1:2C:4F:1A:7C:49:0C:1B:29:1F:DC:52:0A:20:9F
ValidityMon, 15 Apr 2024 00:08:02 GMT - Sun, 14 Jul 2024 00:08:01 GMT

File type
SVG Scalable Vector Graphics image
Size
104 kB (103736 bytes)
Hash
6b3ee5e3877cc19d1154cbe98eea6f66
56d4b7556cebad6129ebb61a980d5964be476b4a
533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /img/wa-logo.svg HTTP/1.1
Host: dfsvgd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:02:45 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"25c86fe408000f9d7d23dd184c483eb2"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SzVeyqLodoaKHHxQY6RWm0%2FmBc1aclxkZkfDkaXg%2BGPLxpxOgrtXnox1AYuW5SzPyQkUoYXWsBSa%2FRroNVlAJrP9BZg7YJrQSEvftXX7ESJbf5liWjOz8WPN6R7K%2F%2BeoNf4v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3add7ee70b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dfsvgd.pages.dev/npm/bootstrap-5.1.3/dist/css/bootstrap.min.css

172.66.44.247

200 OK

37 kB

URL GET HTTP/3
dfsvgd.pages.dev/npm/bootstrap-5.1.3/dist/css/bootstrap.min.css
IP
172.66.44.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdfsvgd.pages.dev
FingerprintBE:15:6F:B4:DA:F1:2C:4F:1A:7C:49:0C:1B:29:1F:DC:52:0A:20:9F
ValidityMon, 15 Apr 2024 00:08:02 GMT - Sun, 14 Jul 2024 00:08:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (61349), with CRLF line terminators
Size
37 kB (37200 bytes)
Hash
eb323eab70d4fa2878e9d540f89d65b1
38916a97a9a8d575558ba89600c49279b57809c1
fcae4b9595f3a6e396c66760e473dfccb037db9d8d2419c24ff548cbbc65d8a7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /npm/bootstrap-5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: dfsvgd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:02:45 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"77074764c111b28d243f7e446ef99209"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8hb5rHEHE8o4607Ly%2BrF49VpxQTnoWQ1kbKid%2FFWxcTYZ9eP80phgETyfDrsvWoIxnnjasf71pED%2BMXBsSn6SUkJha6uhs7taSLIH4yJzENT857EsCZ0oEcuu%2Byw6200Vpyg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3add7de6db511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

proftrafficcounter.com/stats

18.185.247.192

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.247.192:443
ASN
#16509 AMAZON-02

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ac23e923abd1dcf1805d83233d85e3c1
3a1ea0bac15abd19c88dc24d24cd0703bafa3c5d
c441565ba75a2151e96f8581bde645aeb4d5c5a8f99f36f4e06829879ac2ae4c

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
Origin: https://dfsvgd.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:02:46 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dfsvgd.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=aeb64e29-5854-4be4-9f24-b7a3d637cddc:2:1; expires=Mon, 24 Apr 2034 04:02:46 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

dfsvgd.pages.dev/npm/backoffer.js

172.66.44.247

200 OK

732 B

URL GET HTTP/3
dfsvgd.pages.dev/npm/backoffer.js
IP
172.66.44.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdfsvgd.pages.dev
FingerprintBE:15:6F:B4:DA:F1:2C:4F:1A:7C:49:0C:1B:29:1F:DC:52:0A:20:9F
ValidityMon, 15 Apr 2024 00:08:02 GMT - Sun, 14 Jul 2024 00:08:01 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
732 B (732 bytes)
Hash
4e39716b4d4469996fc6e68265fa8830
c8b24994e71f4e58170e639124107fd25757f755
3cc4cdc7b3421264503656474f5b10db20bc711493bfe2df0680da0b7c81a72c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /npm/backoffer.js HTTP/1.1
Host: dfsvgd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:02:45 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"09641025415c02def83d21149b6a7f1d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ts1CDjhfqfbxQNj0Tceha6Xrt0q41fkI%2Bls0kyBuPRZZ91WuvzHQV8Jux%2BQCWRmz0jDCiKOhrDk492nlpIX7LNZamRklrON3xftrIVweQeO5DccD%2FOb4nl2B22ia49Nm9SEq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3add7ee6eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

acknowledgecalculated.com/cd/ad/48/cdad48e428afe48d78642d3476d5432e.js

192.243.61.225

200 OK

31 kB

URL GET HTTP/1.1
acknowledgecalculated.com/cd/ad/48/cdad48e428afe48d78642d3476d5432e.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectacknowledgecalculated.com
Fingerprint20:65:3B:35:64:3E:0C:63:EF:0A:BC:38:43:BE:15:6A:66:00:8B:61
ValidityTue, 23 Apr 2024 10:59:22 GMT - Mon, 22 Jul 2024 10:59:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30719 bytes)
Hash
ee6994081b9a3c541e6fea3287fe1c8c
a2fe035884827c8dc2c6c39166c8ebd782781751
756b4497371bc17060c633f8ee69c68cdec9c5f095fc0d639fa3c89cbd5db510

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cd/ad/48/cdad48e428afe48d78642d3476d5432e.js HTTP/1.1
Host: acknowledgecalculated.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 04:02:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3df7e1d668bf223c5b0333479d7452a9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

acknowledgecalculated.com/watch.1529322067987.js?key=7e89a56fa66ca3796726cd5fa0f1906e&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fdfsvgd.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc%3A2%3A1

172.240.108.76

307 Temporary Redirect

0 B

URL GET HTTP/1.1
acknowledgecalculated.com/watch.1529322067987.js?key=7e89a56fa66ca3796726cd5fa0f1906e&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fdfsvgd.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc%3A2%3A1
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectacknowledgecalculated.com
Fingerprint20:65:3B:35:64:3E:0C:63:EF:0A:BC:38:43:BE:15:6A:66:00:8B:61
ValidityTue, 23 Apr 2024 10:59:22 GMT - Mon, 22 Jul 2024 10:59:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1529322067987.js?key=7e89a56fa66ca3796726cd5fa0f1906e&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&refer=https%3A%2F%2Fdfsvgd.pages.dev%2F&tz=0&dev=e&res=14.2071&uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc%3A2%3A1 HTTP/1.1
Host: acknowledgecalculated.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
Origin: https://dfsvgd.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 04:02:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfsvgd.pages.dev
Access-Control-Allow-Origin: https://dfsvgd.pages.dev
Access-Control-Allow-Credentials: true
Location: https://acknowledgecalculated.com/watch.1529322067987.js?dev=e&key=7e89a56fa66ca3796726cd5fa0f1906e&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714104226&refer=https%3A%2F%2Fdfsvgd.pages.dev%2F&res=14.2071&rmtc=t&shu=49fdc89091015794878b1215c48d9cdf4dee9ec742942d47c2797f820390082720ed0a8cf87a7a4311e34973646a052ff79eaf9f65ff4a3b51d133915f4a263b5baa49f1febf180cc762965169ad300226da266e4a6b8cfc3e848c2053d95873e31694&tz=0&uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc%3A2%3A1
Set-Cookie: u_pl=19433974; expires=Sat, 27 Apr 2024 04:02:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTQzMzk3NCwiayI6IjdlODlhNTZmYTY2Y2EzNzk2NzI2Y2Q1ZmEwZjE5MDZlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNTcyNDE4LCJwaWQiOjg5MzkyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJyNjl3NXp2cCIsImNwa3MiOnsiMjgiOiJjZGFkNDhlNDI4YWZlNDhkNzg2NDJkMzQ3NmQ1NDMyZSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9kZnN2Z2QucGFnZXMuZGV2LyIsImFyIjpbXX19.lNf9qP0Ng_sAnbcpiK3jzSQJTBr6mF2NJj5T1j0ICu0; expires=Fri, 26 Apr 2024 04:03:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1af9a5f135e15d75f70efcafaede1f7e
Strict-Transport-Security: max-age=0; includeSubdomains

acknowledgecalculated.com/watch.1529322067987.js?dev=e&key=7e89a56fa66ca3796726cd5fa0f1906e&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714104226&refer=https%3A%2F%2Fdfsvgd.pages.dev%2F&res=14.2071&rmtc=t&shu=49fdc89091015794878b1215c48d9cdf4dee9ec742942d47c2797f820390082720ed0a8cf87a7a4311e34973646a052ff79eaf9f65ff4a3b51d133915f4a263b5baa49f1febf180cc762965169ad300226da266e4a6b8cfc3e848c2053d95873e31694&tz=0&uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc%3A2%3A1

192.243.61.225

200 OK

2.5 kB

URL GET HTTP/1.1
acknowledgecalculated.com/watch.1529322067987.js?dev=e&key=7e89a56fa66ca3796726cd5fa0f1906e&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714104226&refer=https%3A%2F%2Fdfsvgd.pages.dev%2F&res=14.2071&rmtc=t&shu=49fdc89091015794878b1215c48d9cdf4dee9ec742942d47c2797f820390082720ed0a8cf87a7a4311e34973646a052ff79eaf9f65ff4a3b51d133915f4a263b5baa49f1febf180cc762965169ad300226da266e4a6b8cfc3e848c2053d95873e31694&tz=0&uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc%3A2%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectacknowledgecalculated.com
Fingerprint20:65:3B:35:64:3E:0C:63:EF:0A:BC:38:43:BE:15:6A:66:00:8B:61
ValidityTue, 23 Apr 2024 10:59:22 GMT - Mon, 22 Jul 2024 10:59:21 GMT

File type
JavaScript source, ASCII text, with very long lines (3153)
Size
2.5 kB (2475 bytes)
Hash
df2dd11b621f849a564daff1f04233d0
b82b74f7a308fd958eafa52eb1a7cef1108c8397
fef72fdcc64875394a096d1bc094ee9e8e0f77985b059fb8abe7b0b0c63e4904

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1529322067987.js?dev=e&key=7e89a56fa66ca3796726cd5fa0f1906e&kw=%5B%22whatsapp%22%2C%22group%22%2C%22invite%22%5D&pst=1714104226&refer=https%3A%2F%2Fdfsvgd.pages.dev%2F&res=14.2071&rmtc=t&shu=49fdc89091015794878b1215c48d9cdf4dee9ec742942d47c2797f820390082720ed0a8cf87a7a4311e34973646a052ff79eaf9f65ff4a3b51d133915f4a263b5baa49f1febf180cc762965169ad300226da266e4a6b8cfc3e848c2053d95873e31694&tz=0&uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc%3A2%3A1 HTTP/1.1
Host: acknowledgecalculated.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dfsvgd.pages.dev
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19433974; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTQzMzk3NCwiayI6IjdlODlhNTZmYTY2Y2EzNzk2NzI2Y2Q1ZmEwZjE5MDZlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNTcyNDE4LCJwaWQiOjg5MzkyLCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJyNjl3NXp2cCIsImNwa3MiOnsiMjgiOiJjZGFkNDhlNDI4YWZlNDhkNzg2NDJkMzQ3NmQ1NDMyZSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9kZnN2Z2QucGFnZXMuZGV2LyIsImFyIjpbXX19.lNf9qP0Ng_sAnbcpiK3jzSQJTBr6mF2NJj5T1j0ICu0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 04:02:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dfsvgd.pages.dev
Access-Control-Allow-Origin: https://dfsvgd.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=aeb64e29-5854-4be4-9f24-b7a3d637cddc:2:1; expires=Fri, 03 May 2024 04:02:46 GMT; secure; SameSite=None
iprc4743b42075275959b0d80ecc28ef8266=3569682; expires=Fri, 26 Apr 2024 08:02:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 27 Apr 2024 04:02:46 GMT; secure; SameSite=None
uncs=1; expires=Sat, 27 Apr 2024 04:02:46 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sat, 27 Apr 2024 04:02:46 GMT; secure; SameSite=None
uncs32=1; expires=Sat, 27 Apr 2024 04:02:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97f8976fb05238cd1fc8a992df017c40
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dfsvgd.pages.dev/favicon.ico

172.66.44.247

200 OK

36 kB

URL GET HTTP/3
dfsvgd.pages.dev/favicon.ico
IP
172.66.44.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdfsvgd.pages.dev
FingerprintBE:15:6F:B4:DA:F1:2C:4F:1A:7C:49:0C:1B:29:1F:DC:52:0A:20:9F
ValidityMon, 15 Apr 2024 00:08:02 GMT - Sun, 14 Jul 2024 00:08:01 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (5229), with CRLF line terminators
Size
36 kB (36270 bytes)
Hash
4c60349b6c4903a63efce07108ab3157
ecb810800efd9d9391b8740567b4ecf4479321b3
1de1b9395457e51cebc27c059851e33b89050c0ddbb7a4d2b10215263c4c2a3c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dfsvgd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=aeb64e29-5854-4be4-9f24-b7a3d637cddc%3A2%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:02:46 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"faf1213fdd988a55135f05bdb5fbfe49"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FfmFuLbVik3ECkPZNvjDrbNyXBXrDpwf7fUyp3DrDnHwDU22ljSROoa4N%2FberPtSUf8kz9vNezo0c7Uq3u1r3gYXH4jRfTiGXtHGMJB9uF%2F4FE6ezuUP6j9RM9PofmBhlXmJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3ade00a8db511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ideapassage.com/pixel/purst?dl=0&th=0&sc=0&rs=2010&rd=2010&fd=593&bv=24.4.3467&tmpl=70

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
ideapassage.com/pixel/purst?dl=0&th=0&sc=0&rs=2010&rd=2010&fd=593&bv=24.4.3467&tmpl=70
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectideapassage.com
Fingerprint64:11:23:80:71:A6:A3:04:37:8D:EE:B8:20:2C:DF:B8:C7:8B:49:FD
ValidityWed, 24 Apr 2024 15:11:11 GMT - Tue, 23 Jul 2024 15:11:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2010&rd=2010&fd=593&bv=24.4.3467&tmpl=70 HTTP/1.1
Host: ideapassage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 04:02:47 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=cdad48e428afe48d78642d3476d5432e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=cdad48e428afe48d78642d3476d5432e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=aeb64e29-5854-4be4-9f24-b7a3d637cddc&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=cdad48e428afe48d78642d3476d5432e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 04:02:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71d5e24c7de0a8f8172b965c98aaf0d1
Strict-Transport-Security: max-age=0; includeSubdomains

hzr0dm28m17c.com/7e89a56fa66ca3796726cd5fa0f1906e/invoke.js

172.240.108.68

200 OK

31 kB

URL GET HTTP/1.1
hzr0dm28m17c.com/7e89a56fa66ca3796726cd5fa0f1906e/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerLet's Encrypt
Subjecthzr0dm28m17c.com
Fingerprint9F:89:99:65:B2:6A:E8:8C:A8:61:55:B2:AC:E5:74:D2:72:2E:0F:F4
ValidityWed, 10 Apr 2024 07:04:16 GMT - Tue, 09 Jul 2024 07:04:15 GMT

File type
JavaScript source, ASCII text, with very long lines (31308), with no line terminators
Size
31 kB (31308 bytes)
Hash
f33677fdebc496be22597c6525b67db8
a82053b234f13243ec426a86c90124636340b2bf
5512dfc494d042c55573c9857fa9d8359da57c9e0fc681b8b778fc53e6ef9522

HTTP Headers

GET /7e89a56fa66ca3796726cd5fa0f1906e/invoke.js HTTP/1.1
Host: hzr0dm28m17c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 04:02:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f5d2aba40015b5358c148c63a4dbfd7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

dfsvgd.pages.dev/npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff

172.66.44.247

200 OK

102 kB

URL GET HTTP/3
dfsvgd.pages.dev/npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff
IP
172.66.44.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdfsvgd.pages.dev
FingerprintBE:15:6F:B4:DA:F1:2C:4F:1A:7C:49:0C:1B:29:1F:DC:52:0A:20:9F
ValidityMon, 15 Apr 2024 00:08:02 GMT - Sun, 14 Jul 2024 00:08:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 102536, version 1.0
Size
102 kB (102536 bytes)
Hash
1ed478a6b265d4b4f5c26bb063203588
1ca5e8c7d2fb8e9d60ad1a1feb2a46e98c248a3d
c874e14c63db86c4c5318c77cb557fce7036645edc7d690dcc1d23b389631b13

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /npm/bootstrap-icons-1.8.1/font/fonts/bootstrap-icons.woff HTTP/1.1
Host: dfsvgd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://dfsvgd.pages.dev/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:02:45 GMT
content-type: application/font-woff
content-length: 102536
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "5be77896cfc73472a4e6d8b7fcbbb306"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VVDjfE3ve3ishjwpujfcL1jHDuP1OANa%2FN1%2FjSY11qBJh16kP4tXiRZkRumx4GZEB%2FJibGH%2Fe0D2SKRQcWwKKW24%2FjHs2qmk2gc0gBzF7motsLoE2Zb66JofeQh%2FcwSIfvUf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3add92f0eb511-OSL
alt-svc: h3=":443"; ma=86400

dfsvgd.pages.dev/

172.66.44.247

200 OK

9.7 kB

URL User Request GET HTTP/2
dfsvgd.pages.dev/
IP
172.66.44.247:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdfsvgd.pages.dev
FingerprintBE:15:6F:B4:DA:F1:2C:4F:1A:7C:49:0C:1B:29:1F:DC:52:0A:20:9F
ValidityMon, 15 Apr 2024 00:08:02 GMT - Sun, 14 Jul 2024 00:08:01 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (9994), with no line terminators
Size
9.7 kB (9665 bytes)
Hash
44320a20bb46d516b58b7b29bb77ab9d
09b8221866d6e2bc54805266e7ad3616a55614c3
c5c9fd4de64655501ef2930c8e32e63834225cc9c04d656eeb8e009f011faf96

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET / HTTP/1.1
Host: dfsvgd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:02:44 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"faf1213fdd988a55135f05bdb5fbfe49"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMQgU0RgLmqe47N67rI7gJbHOSw23osV20xk6P64yif3NaYUxT48bavskRIAIvR8xCBkVjFW8MQuOgDuMW6ungdzuJhb%2BVyofSJEoxrapt9yN2AzHD3TKkkzXu1kU72igOgv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3add5a9adb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dfsvgd.pages.dev/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css

172.66.44.247

200 OK

80 kB

URL GET HTTP/3
dfsvgd.pages.dev/npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css
IP
172.66.44.247:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdfsvgd.pages.dev
FingerprintBE:15:6F:B4:DA:F1:2C:4F:1A:7C:49:0C:1B:29:1F:DC:52:0A:20:9F
ValidityMon, 15 Apr 2024 00:08:02 GMT - Sun, 14 Jul 2024 00:08:01 GMT

File type
ASCII text
Size
80 kB (80439 bytes)
Hash
f483f87a3c57f292bd5eb4c343003b01
5f2b1fa8de5b4d52ea2b04941aa508529e6994c9
f93ce1072054f40abfa1889d47d29d227a8af86231a073ccf678f7ab8841d6f3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /npm/bootstrap-icons-1.8.1/font/bootstrap-icons.css HTTP/1.1
Host: dfsvgd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 04:02:45 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"e923e3e66559c9a0e65917c26a484c62"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=togjNHIgqqUckonXVokSv08XXxD%2FsUd0NNz3nodas58DkFAKbs6%2FwyHG%2BeUZ3yg%2BYQEN9buYtD4D1CLqEQnWThSfVWJdYa9nZ8O94%2FVlcCaVFe8dxrs6t3MiWPm%2F%2FrbYhRWu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3add7de6cb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

downstairsnegotiatebarren.com/sfp.js

188.114.96.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dfsvgd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:02:46 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ab15b23515ecfd67ec81189a52c58f42
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: STALE
age: 0
last-modified: Fri, 26 Apr 2024 04:02:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OwO4LLvc9p255Y8Lx6hgNndcycA7i3v%2F8ypP6uDeryZpAScp%2F6cqzHw%2BDzUNJDCNB0khPwwddmobqxg5ONeJgzcPe2MrPoNaBrxMaERhCQagERA2bZjzW35ABI3o6KB2tSEtz8u3fkt8tXOSCqpFMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3ade22d717129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/e7/7f/66/e77f66a1bf85e2e04ab5cc04da0f3a33/1658915540.gif

45.133.44.9

200 OK

5.8 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/e7/7f/66/e77f66a1bf85e2e04ab5cc04da0f3a33/1658915540.gif
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://dfsvgd.pages.dev/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
GIF image data, version 89a, 320 x 50
Size
5.8 kB (5817 bytes)
Hash
9435690825affab0d3786533519f2e39
20e7701821ca04cce18bb07b53f5b80bf4d9ff8c
42f117a4284f3aafdf140b07a569992be9f36b2d84257697bcf940fdab35245f

HTTP Headers

GET /cti/e7/7f/66/e77f66a1bf85e2e04ab5cc04da0f3a33/1658915540.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 04:02:47 GMT
content-type: image/gif
content-length: 5817
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 09:52:28 GMT
etag: "62e10adc-16b9"
expires: Sun, 28 Apr 2024 04:02:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations