Report - mwrlzyxtgpvfo.work/

Report Overview

Visited public
2025-03-07 05:29:27
Tags
URL
mwrlzyxtgpvfo.work/
Finishing URL
mwrlzyxtgpvfo.work/
IP / ASN
104.21.47.140
#13335 CLOUDFLARENET
Title
Telegram

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mwrlzyxtgpvfo.work	unknown	2024-12-21	2024-12-27	2024-12-27	12 kB	1.4 MB	172.67.171.79
hu.bafanglaicai.app	unknown	2024-10-22	2024-11-22	2025-03-06	1.5 kB	6.7 kB	104.21.42.79

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram
2025-01-31	medium	mwrlzyxtgpvfo.work/	Telegram

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	mwrlzyxtgpvfo.work/redirect.js	ScriptElement	325 B	2023-07-27	2025-06-22
Pretty URL mwrlzyxtgpvfo.work/redirect.js IP 172.67.171.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-27 09:32 Last Seen2025-06-22 12:13 Times Seen9134 Hash 17773b57b87a678c98e26a7cac72df6c 7422857aa75ee81cabcec2eed6c4a6168f363ee1 375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f Loading...

	mwrlzyxtgpvfo.work/compatTest.js	ScriptElement	2.5 kB	2024-06-30	2025-06-22
Pretty URL mwrlzyxtgpvfo.work/compatTest.js IP 172.67.171.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-30 22:36 Last Seen2025-06-22 15:46 Times Seen9959 Hash da7800ea928a021f2539ab41e6f2323e 0141da1dc85ca8f34212f3dde2fac9bf61f5adb7 15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf Loading...

	mwrlzyxtgpvfo.work/main.d54bfa037348b154a941.js	ScriptElement	296 kB	2024-12-10	2025-06-22
Pretty URL mwrlzyxtgpvfo.work/main.d54bfa037348b154a941.js IP 172.67.171.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-10 16:27 Last Seen2025-06-22 12:13 Times Seen7297 Hash a04bc08436674f0eba06d5c190dc6fe5 3d0a8dbececd918da43706976766e246262d254d 4c70083f389a2fafc6a5f3c35179243623b4416cab07a1c6ce08d3f7c1ddb2ae Loading...

	hu.bafanglaicai.app/script.js	ScriptElement	2.6 kB	2024-09-19	2025-06-22
Pretty URL hu.bafanglaicai.app/script.js IP 104.21.42.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-19 05:33 Last Seen2025-06-22 21:50 Times Seen3084 Hash 6bf3115322cb61a0ebc7383b08053dee 89dabec6afe44a46ba483acacacf36ec30baf4bb 023d8e20a6dc800a6415a305418e11c27484c01ab373778d26d87e8b020961c4 Loading...

	mwrlzyxtgpvfo.work/8673.1b6dd8d303b0535cc1f8.js	ScriptElement	11 kB	2024-12-10	2025-06-22
Pretty URL mwrlzyxtgpvfo.work/8673.1b6dd8d303b0535cc1f8.js IP 172.67.171.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-10 16:27 Last Seen2025-06-22 12:13 Times Seen8995 Hash ea8d5208dada45e8d0844877a7c93db6 45d98fbe3dae09a988cccd836d39016c5100f313 25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8 Loading...

HTTP Transactions (29)

URL IP Response Size

GET mwrlzyxtgpvfo.work/7784.df07a876b22e3b2a83e9.js

172.67.171.79

200 OK

22 kB

URL GET
mwrlzyxtgpvfo.work/7784.df07a876b22e3b2a83e9.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (21340)
Size
22 kB (21477 bytes)
Hash
a0980d43cea486530c30f9f5e1c1b5e4
deec93f70f8b813b479137075afa6a0a3a25b8bd
4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:14 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-53e5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9yhwbMLjTN4efsKsx92GsMPNmB477aHkE5ml%2FqQKDV6q3x7pJQHQQN7O7SsjhDzbIv6SggNSi1OrHXDID1KZ8TkMvuqdR8G2Lp5ksT%2FYCiTItrfED0le7STpiK7jI8CprynlIts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a648765687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2476&min_rtt=932&rtt_var=2254&sent=241&recv=45&lost=0&retrans=1&sent_bytes=244397&recv_bytes=6827&delivery_rate=5348370&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=6134&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/5905.db5d2749ecb90aaf2752.js

172.67.171.79

200 OK

140 kB

URL GET
mwrlzyxtgpvfo.work/5905.db5d2749ecb90aaf2752.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140233 bytes)
Hash
fdd268f67cf5c4f79320041e3d156e98
d66194ee702467dd19130dee59bd824990f5bc71
36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:14 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-223c9"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dY3EnC8KASuHuOmoKkorWlltdWJWyxP5SgO8HE5%2FJvdr7chA6fEZmXKDWWNzDvs%2BtKkCe1rnaiVNo3qnlAwYsxV%2F6uSogvQOC0C6iydIjQ%2FoPy8NIjuqN%2F8Am%2FbtN1cwAK1TGxE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a8b9e25687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2343&min_rtt=932&rtt_var=1956&sent=253&recv=50&lost=0&retrans=1&sent_bytes=253631&recv_bytes=8065&delivery_rate=4009402&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=6572&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/compatTest.js

172.67.171.79

200 OK

2.5 kB

URL GET
mwrlzyxtgpvfo.work/compatTest.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (2610), with no line terminators
Size
2.5 kB (2544 bytes)
Hash
6cfbdd49583de4aef06544f30e1eafb9
b852473e5433f95a06bf58c7e625876a14358422
9f053b9be11ee313213aaf4d5269f4a011e068ed6eaf12a557634381fc42c9ec

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /compatTest.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:09 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:40 GMT
vary: Accept-Encoding
etag: W/"674840b0-9f0"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0FR9szqYmNJEyqgSvaDcaXVHM9sTGd0UXx6Ufyhn6SE1BnTT%2BVK2OIneNcdLSLIyDEkFmbgM4HPoKBg7nE3htDtlN1%2FMJGKYM%2FB6coNIjwLQkycOPBjmRw25wnNL2uDhAoAtMEs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1857a3d5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8518&min_rtt=1844&rtt_var=6902&sent=30&recv=13&lost=0&retrans=0&sent_bytes=20044&recv_bytes=2094&delivery_rate=1075505&cwnd=24000&unsent_bytes=0&cid=ebe955518256c3b9&ts=932&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/8673.1b6dd8d303b0535cc1f8.js

172.67.171.79

200 OK

11 kB

URL GET
mwrlzyxtgpvfo.work/8673.1b6dd8d303b0535cc1f8.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (10642)
Size
11 kB (10696 bytes)
Hash
ea8d5208dada45e8d0844877a7c93db6
45d98fbe3dae09a988cccd836d39016c5100f313
25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /8673.1b6dd8d303b0535cc1f8.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:13 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-29c8"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xEO4%2Bc3Fjh2wkVyry9XkuPEdEoNaEP3W%2FasE6c0l7CqCPtArC4LQL4MFzLjL9ITvAMuoJsRVEm%2FjyctAawqTUqNCUQtbvzvdBXMUrYy8WQszRnbhBOB2cg7NQ7C6Dl4T59e34KA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a02c0b5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4803&min_rtt=932&rtt_var=4943&sent=176&recv=29&lost=0&retrans=1&sent_bytes=182039&recv_bytes=4149&delivery_rate=1873920&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=5178&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js

172.67.171.79

200 OK

14 kB

URL GET
mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (14402)
Size
14 kB (14456 bytes)
Hash
6471dbad18ad444906e7a2bbac930e90
2c1f84caf20c633205f7535b129ae069187ef14d
1fce51354cfb15e01d900a86d9806d476a4ceb7fd409a5f2744e8bb81fab56e8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2976.4e6e9b1254ce313f06c5.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:13 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-3878"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M3vR%2Bm2AteyEDO%2B9ybTIlIjxorRfo4mZM%2FFUmQiyuiOzT3FoursRje%2BtTGO4XKD5e5A5t2FDgkPyDSDN8oeZ2TpLl4vnlJM4Ee1Q9152GvpXOmJ0xCAGBrQyEyr%2Fa926tJ0hnC0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a31e055687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4354&min_rtt=932&rtt_var=4605&sent=184&recv=34&lost=0&retrans=1&sent_bytes=186906&recv_bytes=5319&delivery_rate=11293&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=5652&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.171.79

200 OK

66 kB

URL GET
mwrlzyxtgpvfo.work/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65591 bytes)
Hash
4441938ee433d3657c20d454d352a336
dd67121d7fda7c17be196f60c72dfa06bcb5bc6f
659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:15 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-10037"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fSvzQk1F1Y%2Bkq%2By2ZAAVhH1sDSvyjtsLcHOB2DqNUnQ8vlI%2FdGWTaXWXyXzt0UX8Yt9uc9K02XxvE0Un0j3MKDdHVc7R36BoLZ4csSZgHRcv4gdvGUcWLjxEU4yYlvqFKireE%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1abbc4b5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1913&min_rtt=932&rtt_var=542&sent=445&recv=61&lost=0&retrans=1&sent_bytes=475104&recv_bytes=9597&delivery_rate=8416696&cwnd=85200&unsent_bytes=0&cid=ebe955518256c3b9&ts=7040&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/main.949acaf34f3882f511ff.css

172.67.171.79

200 OK

113 kB

URL GET
mwrlzyxtgpvfo.work/main.949acaf34f3882f511ff.css
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type

Size
113 kB (113301 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /main.949acaf34f3882f511ff.css HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:09 GMT
content-type: text/css
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-1ba95"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kn088AO5CuNLm6%2Fe1V9jkcFG1DyBFNm3ZJynkXu1k1sxud%2FMA9b0FPi8fw95qlEu%2FxhiLwQEpW6XWcyn3KtE%2BDUisMX%2BzSqAcp1YvEhMw08L0xIq6PPyQlJDwwcHl28cm6X%2BPVE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1857a395687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=10444&min_rtt=3192&rtt_var=6377&sent=16&recv=11&lost=0&retrans=0&sent_bytes=4250&recv_bytes=2007&delivery_rate=186066&cwnd=12000&unsent_bytes=0&cid=ebe955518256c3b9&ts=881&x=1", cfExtPri, cfHdrFlush;dur=0

OPTIONS hu.bafanglaicai.app/api/send

104.21.42.79

204 No Content

0 B

URL OPTIONS
hu.bafanglaicai.app/api/send
IP
104.21.42.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectbafanglaicai.app
Fingerprint93:17:34:23:39:28:CD:22:67:8D:DE:BC:2C:EE:36:F5:04:BD:3B:31
ValidityMon, 17 Feb 2025 10:30:37 GMT - Sun, 18 May 2025 11:27:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /api/send HTTP/1.1
Host: hu.bafanglaicai.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mwrlzyxtgpvfo.work/
Origin: https://mwrlzyxtgpvfo.work
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Fri, 07 Mar 2025 05:29:11 GMT
cf-ray: 91c7b1918a8056b1-OSL
server: cloudflare
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
access-control-max-age: 86400
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z7rf2hQTK0l9o%2BVEWPnBf2jFtKQm40%2BAtNTpXytJTCAVqyE3w7igHehgEaO10m8v%2B9UruXpYaGy4zYHVff%2FWWZsqexBptnPQFPJKHeuWo2H32Iz0UVoqyv%2FZ8uk%2BPCocELmx%2Bbq1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5502&min_rtt=2501&rtt_var=3081&sent=14&recv=9&lost=0&retrans=0&sent_bytes=4186&recv_bytes=1268&delivery_rate=235485&cwnd=12000&unsent_bytes=0&cid=28321c86febb9a18&ts=430&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/5905.db5d2749ecb90aaf2752.js

172.67.171.79

200 OK

140 kB

URL GET
mwrlzyxtgpvfo.work/5905.db5d2749ecb90aaf2752.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140233 bytes)
Hash
fdd268f67cf5c4f79320041e3d156e98
d66194ee702467dd19130dee59bd824990f5bc71
36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:14 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-223c9"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6dJaA3vV5URp9i1mNY7azamKVmbdsIdOedTwvbLkDCV7S10HxUgaxLBjpZsAL%2FKDdxGD%2Fm4y%2BwkjYGD0Sylk%2Fi4E3C3WKMou0Grb9SOoSUp0dgEtYIgWwMy50gInpq47LhMUN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a8e9fc5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1913&min_rtt=932&rtt_var=1189&sent=349&recv=54&lost=0&retrans=1&sent_bytes=366944&recv_bytes=8247&delivery_rate=18660084&cwnd=85200&unsent_bytes=0&cid=ebe955518256c3b9&ts=6592&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.171.79

200 OK

66 kB

URL GET
mwrlzyxtgpvfo.work/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65591 bytes)
Hash
4441938ee433d3657c20d454d352a336
dd67121d7fda7c17be196f60c72dfa06bcb5bc6f
659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:15 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-10037"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHEDIZk%2FboNAKemJDqINzO6Nqjjm0lb%2FwY1YTfZ6Z9Q3Daf5yBhY888iyit5GgesMlckTGYqc10T2AKTqBABc87jet5hqXWb7IhsWon%2BETFrSP1zjRSKRMZt9f%2FQRoM8nUdGT8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1abbc465687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1913&min_rtt=932&rtt_var=542&sent=425&recv=61&lost=0&retrans=1&sent_bytes=451680&recv_bytes=9597&delivery_rate=8416696&cwnd=85200&unsent_bytes=0&cid=ebe955518256c3b9&ts=7040&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.171.79

200 OK

66 kB

URL GET
mwrlzyxtgpvfo.work/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65591 bytes)
Hash
4441938ee433d3657c20d454d352a336
dd67121d7fda7c17be196f60c72dfa06bcb5bc6f
659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:15 GMT
content-type: application/javascript
cf-ray: 91c7b1abac445687-OSL
server: cloudflare
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-10037"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vrdaszk40O9%2FII06CjRmheIQ4k%2Btc%2BrTrkSArPJxnXLRqrN0y8Y4ybJOhrgyZqfC%2BXGWasqHCcZzRcCSsEn7%2B6j8QGv6K06Oh0ztHM3kTM7Lum55%2Fly0TOy9nEwQ3ykjJ5kKMa8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1901&min_rtt=932&rtt_var=917&sent=385&recv=59&lost=0&retrans=1&sent_bytes=404823&recv_bytes=9505&delivery_rate=10937449&cwnd=85200&unsent_bytes=0&cid=ebe955518256c3b9&ts=7024&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/favicon.svg

172.67.171.79

200 OK

892 B

URL GET
mwrlzyxtgpvfo.work/favicon.svg
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
SVG Scalable Vector Graphics image
Size
892 B (892 bytes)
Hash
fbfd454715d8180275b32bd48770a483
0716abb57416f83cfad3e17ff830039c0607b313
788c238be3597ef42c549caff599bb84e584790f43f7d6013d6a1987264bdbe1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /favicon.svg HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:10 GMT
content-type: image/svg+xml
last-modified: Thu, 28 Nov 2024 10:06:40 GMT
etag: W/"674840b0-37c"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZ5JkWLa77xRbW4ls9jatl6w%2BafJ5bkTTIni5Osep5o1qbra5w2G3SZ7pyqwv6vZVZnnsSQknbwPcV3DmvaFe1ybh%2FD%2BfaWixAyVecTeF5%2BxDgYBN2nPmKbRqjf%2BhSquQUwfW%2BA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91c7b18ec94a5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5873&min_rtt=932&rtt_var=5514&sent=169&recv=26&lost=0&retrans=1&sent_bytes=176881&recv_bytes=3791&delivery_rate=1171259&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=2388&x=1", cfExtPri, cfHdrFlush;dur=0

POST hu.bafanglaicai.app/api/send

104.21.42.79

200 OK

609 B

URL POST
hu.bafanglaicai.app/api/send
IP
104.21.42.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectbafanglaicai.app
Fingerprint93:17:34:23:39:28:CD:22:67:8D:DE:BC:2C:EE:36:F5:04:BD:3B:31
ValidityMon, 17 Feb 2025 10:30:37 GMT - Sun, 18 May 2025 11:27:49 GMT

File type
ASCII text, with very long lines (609), with no line terminators
Size
609 B (609 bytes)
Hash
d7feb07e38fa1af7c928c3d8a0738f27
c407521ef3341b6c40c9ef2cf9095cd172a4a640
64f74804fc2b7295fa2d30e67c0478c6b84e26ed3ef6987e68e1ddf653e10edf

HTTP Headers

POST /api/send HTTP/1.1
Host: hu.bafanglaicai.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mwrlzyxtgpvfo.work/
Content-Type: application/json
Content-Length: 178
Origin: https://mwrlzyxtgpvfo.work
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:11 GMT
content-type: text/plain
content-encoding: br
cf-ray: 91c7b1941bfb56b1-OSL
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
access-control-allow-origin: *
etag: W/"xwl8r0moczgx"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7gMHMUtkY%2Fd82tb21U5HOKpIG%2BWqA0%2BWEp5bVo6IgnLK457JIchwi2BoD3r4xyp1UzZCC1dJCgZYfMUXbjPSeseB42lWK3FCS%2F9UucziCqmElm5h8EbjOyxdQQVyRnNEWYadmkuT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6582&min_rtt=2501&rtt_var=4471&sent=16&recv=11&lost=0&retrans=0&sent_bytes=5129&recv_bytes=1782&delivery_rate=2168&cwnd=12000&unsent_bytes=0&cid=28321c86febb9a18&ts=643&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js

172.67.171.79

200 OK

14 kB

URL GET
mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (14402)
Size
14 kB (14456 bytes)
Hash
6471dbad18ad444906e7a2bbac930e90
2c1f84caf20c633205f7535b129ae069187ef14d
1fce51354cfb15e01d900a86d9806d476a4ceb7fd409a5f2744e8bb81fab56e8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2976.4e6e9b1254ce313f06c5.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:13 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-3878"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W3HMs52JSEfJa0T%2FPkjPCAsLJLDtTh0K84f18DHdd1XwLMeGtpIHErOqX%2FzVgnkBjeX4ZHOSmARVHiPRLv1GaWYBRv3T0iqy1tHmZl1Q9qpX3eMF7EShgbgn4HpgGjpx0qDPC2g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a31e065687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3987&min_rtt=932&rtt_var=4186&sent=192&recv=36&lost=0&retrans=1&sent_bytes=194430&recv_bytes=5662&delivery_rate=17495&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=5700&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

172.67.171.79

200 OK

11 kB

URL GET
mwrlzyxtgpvfo.work/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/main.949acaf34f3882f511ff.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:10 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
etag: "674840af-2b08"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0uv0PnD2u4o2eyNi%2BrFhwVe0ieu2bedHZYCOBVvFO8Bf60xx5HX%2Fgo%2FQa7vg9LWGmhnjTYos1FMh54hFHSzMxvLZdTBBtJjK8CKglZNQXSELsLuHlK%2BmSbojI3Lf7WKkyLFVKRc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91c7b18d583d5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5988&min_rtt=932&rtt_var=6623&sent=149&recv=24&lost=0&retrans=1&sent_bytes=153042&recv_bytes=3699&delivery_rate=558896&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=2138&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/7784.df07a876b22e3b2a83e9.js

172.67.171.79

200 OK

22 kB

URL GET
mwrlzyxtgpvfo.work/7784.df07a876b22e3b2a83e9.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (21340)
Size
22 kB (21477 bytes)
Hash
a0980d43cea486530c30f9f5e1c1b5e4
deec93f70f8b813b479137075afa6a0a3a25b8bd
4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:14 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-53e5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sF3BgDAiITJPihTMgNd5r0FWJ%2F%2FV5CW18wEyZc8Nt%2FXhYPOzxX6R0XDrSx674fMEPoNyMVX3w9n9D6CPnTJ3TgsbYSeUxe4P64UjPrZiHCz72LtnMQL%2B4ojYNaZ1V8ZFYX5uXew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a618375687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2861&min_rtt=932&rtt_var=2824&sent=225&recv=43&lost=0&retrans=1&sent_bytes=226145&recv_bytes=6736&delivery_rate=24212&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=6108&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js

172.67.171.79

200 OK

14 kB

URL GET
mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (14402)
Size
14 kB (14456 bytes)
Hash
6471dbad18ad444906e7a2bbac930e90
2c1f84caf20c633205f7535b129ae069187ef14d
1fce51354cfb15e01d900a86d9806d476a4ceb7fd409a5f2744e8bb81fab56e8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2976.4e6e9b1254ce313f06c5.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:13 GMT
content-type: application/javascript
cf-ray: 91c7b1a30e025687-OSL
server: cloudflare
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-3878"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dPodblwCvzXj6qWSPncI8LjG6IGpEi04O8EL67%2Bw4ehE6yLxTcDvJI0OnzZjEK5Bz3I5NScLzcp166BISvMipzLiRvXVTjCoS98wHrlrKrc41tnbzGJdVC4rMiteBxSCla0gErY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3643&min_rtt=932&rtt_var=3827&sent=199&recv=37&lost=0&retrans=1&sent_bytes=201925&recv_bytes=5707&delivery_rate=226258&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=5704&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/7784.df07a876b22e3b2a83e9.js

172.67.171.79

200 OK

22 kB

URL GET
mwrlzyxtgpvfo.work/7784.df07a876b22e3b2a83e9.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (21340)
Size
22 kB (21477 bytes)
Hash
a0980d43cea486530c30f9f5e1c1b5e4
deec93f70f8b813b479137075afa6a0a3a25b8bd
4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:14 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-53e5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RezTGrbFkw1V4xX8bxxGqUV1V8rb9hR8kT%2Fsymjb015y2X%2F0mwwq3khEi0Ldf4oq01dpGumuGMvwdatSAASZup2%2BKT6yO01j0V7YmuPf6Vb7QXHCGbglVSJKZJj1tM%2FE%2FseSQHM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a5dffb5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3111&min_rtt=932&rtt_var=3099&sent=217&recv=42&lost=0&retrans=1&sent_bytes=217020&recv_bytes=6690&delivery_rate=2563280&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=6103&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/redirect.js

172.67.171.79

200 OK

325 B

URL GET
mwrlzyxtgpvfo.work/redirect.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
ASCII text, with very long lines (336), with no line terminators
Size
325 B (325 bytes)
Hash
0f4bee764cf7e7080cc0c1a836d6c85a
7cdea3a612218fe6898aa117eb4598d7d0dce420
9d8ec261dba46e501288de7aee04435dfe1d8728b0bf65a4a79c08e5c90a5b54

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /redirect.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:09 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:40 GMT
etag: W/"674840b0-145"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PlgbAFIbbxh9wYs9iSkqHGv2HX4362peDbeD%2B2vKT%2FTQHLVlcB2l4xXaj8GItSE3Y1lSpYi0oITNk40LOod9Bpb%2BNBWYyjKrbRJJD6WoRF2QEBlPNqim5bvbZNvv%2FsgFIyhirss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91c7b1856a375687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8518&min_rtt=1844&rtt_var=6902&sent=29&recv=13&lost=0&retrans=0&sent_bytes=19158&recv_bytes=2094&delivery_rate=1075505&cwnd=24000&unsent_bytes=0&cid=ebe955518256c3b9&ts=923&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/notification.mp3

172.67.171.79

206 Partial Content

11 kB

URL GET
mwrlzyxtgpvfo.work/notification.mp3
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
Size
11 kB (10880 bytes)
Hash
eba09b6a457792c52fc610b5f9f974b3
95e6e0f7648e28ea21bc434054ea59aba3a35aea
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /notification.mp3 HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Fri, 07 Mar 2025 05:29:10 GMT
content-type: audio/mpeg
content-length: 10880
last-modified: Thu, 28 Nov 2024 10:06:40 GMT
etag: "674840b0-2a80"
cache-control: max-age=14400
cf-cache-status: MISS
content-range: bytes 0-10879/10880
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SWjBU%2FT1U1blBdviMJaG%2BWinlbIGwDZOAiv7MizmDIfnumvCEUq19WHmHwZ7B44DCA6RlG%2FSLX4arhmz5JqUfLoQQTJ88%2B%2Fx3up6IBCk9P3dtaGKq8TEtFcs%2BnCwJ5c7RwntZLg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91c7b18d885e5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5411&min_rtt=932&rtt_var=6121&sent=159&recv=25&lost=0&retrans=1&sent_bytes=165016&recv_bytes=3745&delivery_rate=31212&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=2213&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/icon-192x192.png

172.67.171.79

200 OK

3.1 kB

URL GET
mwrlzyxtgpvfo.work/icon-192x192.png
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Size
3.1 kB (3059 bytes)
Hash
1a1650d2c76bfc1ac484646c19e495b9
fe58d66042ce9241226f5da9370230285ff604fc
6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /icon-192x192.png HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:10 GMT
content-type: image/png
content-length: 3059
last-modified: Thu, 28 Nov 2024 10:06:40 GMT
etag: "674840b0-bf3"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGeuzutctMnevgnFV5M709pwJETg06ZLS4MVEAJwEXDSzKY1iLXcNFpNxUs%2BlSufHDbtJ48ZuNbLz13hD9qaBQW6N6xCzP2WecMgur09TsPZ3oPIoWSD%2BAvr76e4gFFLCUdHfmw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91c7b18ec9495687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5274&min_rtt=932&rtt_var=5334&sent=171&recv=27&lost=0&retrans=1&sent_bytes=178172&recv_bytes=3837&delivery_rate=698657&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=2420&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/5905.db5d2749ecb90aaf2752.js

172.67.171.79

200 OK

140 kB

URL GET
mwrlzyxtgpvfo.work/5905.db5d2749ecb90aaf2752.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140233 bytes)
Hash
fdd268f67cf5c4f79320041e3d156e98
d66194ee702467dd19130dee59bd824990f5bc71
36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:14 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-223c9"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRcixpr3bB69FIKaYh6uT0XHDxwWenLhjdixXCxLpfvwMNksPCMRCEC%2BVX2XSn6R87WlA6EPM3Tok2wDtmf8tzIp6%2F9iWq9HKeHH1F1DqS4Rjq8gQlR0Yp6uBu5q%2BY6v4dwi9D0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a8d9f35687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1988&min_rtt=932&rtt_var=1386&sent=317&recv=53&lost=0&retrans=1&sent_bytes=329175&recv_bytes=8201&delivery_rate=86328&cwnd=85200&unsent_bytes=0&cid=ebe955518256c3b9&ts=6579&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/

172.67.171.79

200 OK

3.7 kB

URL User Request GET
mwrlzyxtgpvfo.work/
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
HTML document, ASCII text, with very long lines (3851), with no line terminators
Size
3.7 kB (3707 bytes)
Hash
2ef1f957132db6d0b66e2ea0b798827c
87a0f638e0820cca70da97c57cd3c04aa1548e61
0e9a8df830730c1e43335c671d66f3fada5d44229f534a034ca68695e7aa6611

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 07 Mar 2025 05:29:08 GMT
content-type: text/html
last-modified: Sat, 14 Dec 2024 10:26:51 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZMuEoLRQHrhdKM3ZUn2%2Fx%2Fr9Zhfvo6qmxbdgn8xbcib4ID%2FWmxA1CuQrjd4PxZYUzOxq47g4ngVd0as3Hdm3ma1pd4jX%2FWaEBlKYFrEoPGPrACDpwAOHxptW6w9X%2Byr9S0F4vM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b17f7fc3569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=626&min_rtt=482&rtt_var=271&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3221&recv_bytes=1128&delivery_rate=7784946&cwnd=254&unsent_bytes=0&cid=49a8abdb3d5f5c9f&ts=466&x=0"
X-Firefox-Spdy: h2

GET mwrlzyxtgpvfo.work/7784.df07a876b22e3b2a83e9.js

172.67.171.79

200 OK

22 kB

URL GET
mwrlzyxtgpvfo.work/7784.df07a876b22e3b2a83e9.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (21340)
Size
22 kB (21477 bytes)
Hash
a0980d43cea486530c30f9f5e1c1b5e4
deec93f70f8b813b479137075afa6a0a3a25b8bd
4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /7784.df07a876b22e3b2a83e9.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:14 GMT
content-type: application/javascript
cf-ray: 91c7b1a638675687-OSL
server: cloudflare
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-53e5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PleIG6r2X0r85vX%2BnGwawxjBgx271CNshVSZGiUjC0SoBM%2FtLEiN%2FuDU2D8or2Qknuu%2BYKqMvDnu%2Fn6EuSbpb1s65d7NqorAKNuI6ln4nP5%2Faa0eO6x42TgoaM9NZD1QAx5CzCs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2651&min_rtt=932&rtt_var=2538&sent=233&recv=44&lost=0&retrans=1&sent_bytes=235269&recv_bytes=6782&delivery_rate=4782419&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=6119&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/5905.db5d2749ecb90aaf2752.js

172.67.171.79

200 OK

140 kB

URL GET
mwrlzyxtgpvfo.work/5905.db5d2749ecb90aaf2752.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140233 bytes)
Hash
fdd268f67cf5c4f79320041e3d156e98
d66194ee702467dd19130dee59bd824990f5bc71
36e5ef6880e869bdf9ef2119932dbac7330513aefc50839cc2a6fdde7b519967

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /5905.db5d2749ecb90aaf2752.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:14 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-223c9"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XBFCRFMDCCTdv3oz2K03iWZ5IfQ343Uh8a3IakMewXBLNFJ9ypDxXNI5%2BNTeCP2yCZF4HqzWtUUp6AA52pOBGGBeNL4t8yJiXKtOEmjD1cSRHmzWUTj5kmuPWLGoI9PC74bFGOQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a8ea005687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2343&min_rtt=932&rtt_var=1956&sent=285&recv=50&lost=0&retrans=1&sent_bytes=291405&recv_bytes=8065&delivery_rate=4009402&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=6574&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.171.79

200 OK

66 kB

URL GET
mwrlzyxtgpvfo.work/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65591 bytes)
Hash
4441938ee433d3657c20d454d352a336
dd67121d7fda7c17be196f60c72dfa06bcb5bc6f
659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:15 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-10037"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xyexIBeux3wSdOJmOM3nPXNH%2FVXADuTy5CGlRBd7PR8VhJ18wuWbgEv95%2BgPLutR4UlhoOzzHLXLerhFJI2OpInwJ9%2FYPa1bWaCzp%2FPfUBoFoAt%2FWugio%2Bq1%2FGVgzZ5w2RenDfs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1abbc565687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1916&min_rtt=932&rtt_var=717&sent=405&recv=60&lost=0&retrans=1&sent_bytes=428253&recv_bytes=9551&delivery_rate=55455&cwnd=85200&unsent_bytes=0&cid=ebe955518256c3b9&ts=7029&x=1", cfExtPri, cfHdrFlush;dur=0

GET mwrlzyxtgpvfo.work/main.d54bfa037348b154a941.js

172.67.171.79

200 OK

296 kB

URL GET
mwrlzyxtgpvfo.work/main.d54bfa037348b154a941.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type

Size
296 kB (296503 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /main.d54bfa037348b154a941.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:09 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-48637"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=negc762%2FJsnhhAMq%2FoBxfZTNOZfShBlxI8gOfd52RHR6XJj1YPS2VRawJCGzP9Z2rEPNEHwLTAJ%2FDQyNAfxzh84UzwelsZlTJOv0wXr5smUgHa5Y87z1kyI1xaAEuAIT45ivNRc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1857a385687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6872&min_rtt=1303&rtt_var=6749&sent=45&recv=15&lost=0&retrans=0&sent_bytes=35433&recv_bytes=2180&delivery_rate=10488225&cwnd=24000&unsent_bytes=0&cid=ebe955518256c3b9&ts=1122&x=1", cfExtPri, cfHdrFlush;dur=0

GET hu.bafanglaicai.app/script.js

104.21.42.79

200 OK

2.6 kB

URL GET
hu.bafanglaicai.app/script.js
IP
104.21.42.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectbafanglaicai.app
Fingerprint93:17:34:23:39:28:CD:22:67:8D:DE:BC:2C:EE:36:F5:04:BD:3B:31
ValidityMon, 17 Feb 2025 10:30:37 GMT - Sun, 18 May 2025 11:27:49 GMT

File type
JavaScript source, ASCII text, with very long lines (2662), with no line terminators
Size
2.6 kB (2577 bytes)
Hash
6cdaf836f824e10f1a7e125a6df339f5
7c85697dcd8a6a3a88c48394893f0f8f228d3de2
cf8d4f03f3ca04b73e86ba9a5649a7d431ea510f7c7bd11df59639ef86c70618

HTTP Headers

GET /script.js HTTP/1.1
Host: hu.bafanglaicai.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 07 Mar 2025 05:29:09 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 91c7b185ba5cb517-OSL
server: cloudflare
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
cache-control: public, max-age=14400
last-modified: Wed, 28 Aug 2024 02:52:03 GMT
etag: W/"a11-19196e5b838"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1d4ac8cfXqVPgUz7mF73%2FJ6gm%2Bnv4CaiG%2FLL1Xf0wDpJfejObLNr67FL%2F%2BrcUHH58yQGD%2FdctqAoj5%2F89nbKkGZrfOmbWtSvQtZ3QdnTDuf5ploL9h0C5jyL5l68kVVxwCEt6KzA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5666&min_rtt=499&rtt_var=10363&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3215&recv_bytes=1071&delivery_rate=7702127&cwnd=254&unsent_bytes=0&cid=738bee5fb5862b42&ts=474&x=0"
X-Firefox-Spdy: h2

GET mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js

172.67.171.79

200 OK

14 kB

URL GET
mwrlzyxtgpvfo.work/2976.4e6e9b1254ce313f06c5.js
IP
172.67.171.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mwrlzyxtgpvfo.work/
Certificate
IssuerGoogle Trust Services
Subjectmwrlzyxtgpvfo.work
FingerprintCB:33:32:83:BC:7B:ED:EA:FB:DC:F0:FC:5C:4A:1F:19:33:9B:0C:97
ValidityWed, 19 Feb 2025 04:49:41 GMT - Tue, 20 May 2025 05:47:24 GMT

File type
JavaScript source, ASCII text, with very long lines (14402)
Size
14 kB (14456 bytes)
Hash
6471dbad18ad444906e7a2bbac930e90
2c1f84caf20c633205f7535b129ae069187ef14d
1fce51354cfb15e01d900a86d9806d476a4ceb7fd409a5f2744e8bb81fab56e8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2976.4e6e9b1254ce313f06c5.js HTTP/1.1
Host: mwrlzyxtgpvfo.work
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mwrlzyxtgpvfo.work/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 07 Mar 2025 05:29:13 GMT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 10:06:39 GMT
vary: Accept-Encoding
etag: W/"674840af-3878"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JrdSIIdp7VAtaFSEsOPb0y9s2syAGVV5NyWlcGGrpdtuXngwkO%2F75mmH1loV8es2OljAG786C5FwcPJ9QB34QdWXjiV77yBhEzSLoGkNq7nTpljRksuSzCrvXDSpMVSUrGn6Ebw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91c7b1a32e0f5687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3407&min_rtt=932&rtt_var=3343&sent=208&recv=39&lost=0&retrans=1&sent_bytes=209472&recv_bytes=6050&delivery_rate=3262316&cwnd=48000&unsent_bytes=0&cid=ebe955518256c3b9&ts=5716&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (29)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP