| qwpsgqyzrzcr.life/script/ut.js?cb=1734316164191 |  188.114.97.1 | 200 OK | 24 kB |
URL User Request GET HTTP/2qwpsgqyzrzcr.life/script/ut.js?cb=1734316164191 IP188.114.97.1:443
CertificateIssuerGoogle Trust Services Subjectqwpsgqyzrzcr.life Fingerprint76:59:08:83:5E:6C:CC:CC:83:F9:58:42:14:BE:8F:E4:B6:33:C4:E0 ValidityMon, 09 Dec 2024 16:05:25 GMT - Sun, 09 Mar 2025 16:05:24 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators Hash4afa2ac99f97331dc98263d49022a958 60bb7c7c45ff14e8df86ef9e0b9a7a55a7d2baca a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /script/ut.js?cb=1734316164191 HTTP/1.1
Host: qwpsgqyzrzcr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 16 Dec 2024 05:36:04 GMT
content-type: text/javascript
x-goog-generation: 1733127707295818
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66473
x-goog-hash: crc32c=VBET1w==, md5=SvoqyZ+XMx3JgmPUkCKpWA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: AFiumC446i0jmfqQ7anwbp0-57T8Thc2gjhNR_OjiNEQLp470tAqtsEfnIIPn1nCs_-ntuNsnQz7xY4
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Mon, 16 Dec 2024 05:27:44 GMT
cache-control: public, max-age=14400
age: 2996
last-modified: Mon, 02 Dec 2024 08:21:47 GMT
etag: W/"4afa2ac99f97331dc98263d49022a958"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6kNizmT0Pf4orUfmYeL12vzAnGJ15haF%2BKtTv03lCNdiL%2Fq6wu0%2FMxnZRP2rPQfhCeNQyuNxwjmbqast%2FespftqruCjbo8IXF3wQA73dbWvAoYPhP7nf%2FHSNcJSFW7K7yF%2BxDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2c504dccd00b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=530&min_rtt=472&rtt_var=166&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3290&recv_bytes=1270&delivery_rate=7313131&cwnd=253&unsent_bytes=0&cid=e02bff08e385bbed&ts=30&x=0"
X-Firefox-Spdy: h2
|
| qwpsgqyzrzcr.life/favicon.ico | 188.114.97.1 | 403 Forbidden | 11 kB |
URL GET HTTP/3qwpsgqyzrzcr.life/favicon.ico IP188.114.97.1:443
Requested byhttps://qwpsgqyzrzcr.life/script/ut.js?cb=1734316164191 CertificateIssuerGoogle Trust Services Subjectqwpsgqyzrzcr.life Fingerprint76:59:08:83:5E:6C:CC:CC:83:F9:58:42:14:BE:8F:E4:B6:33:C4:E0 ValidityMon, 09 Dec 2024 16:05:25 GMT - Sun, 09 Mar 2025 16:05:24 GMT
File typeXML 1.0 document, ASCII text, with no line terminators Hashe7a9350210b4dba641f6020447c96045 581accef4a8b7fbed97291fe7dd4e113f794ec80 08142330655deb1526dcc56795c92eb5c13012f75b599d5ac68db4027953ed80
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed | | ClamAV | malicious | Win.Malware.Agent3100026061/CRDF-1 |
GET /favicon.ico HTTP/1.1
Host: qwpsgqyzrzcr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qwpsgqyzrzcr.life/script/ut.js?cb=1734316164191
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
date: Mon, 16 Dec 2024 05:36:05 GMT
content-type: application/xml; charset=UTF-8
x-guploader-uploadid: AFiumC5_4qnaxTmVGw86sPMapATMczy7ePivc7P1UN_dDnlomtjdvsKYSSe0dz2tU9jQvRm4Op-Wek0
access-control-allow-origin: *
expires: Mon, 16 Dec 2024 05:36:05 GMT
cache-control: private, max-age=0
cf-cache-status: BYPASS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2FFCpm1yucjmZtXtvtXlqD1hxOoJnb6kKPAZCyEKU%2FQoKD5rn0hyJROTVWfoqLcuLp0%2BCMHG771IJ7X%2F11m5XSvVgmm7BTasM8yL19nF1aIIUsAIiL5RW8BaldwO1SkcxhaFsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f2c5050aaf5b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18716&min_rtt=4943&rtt_var=11691&sent=12&recv=8&lost=0&retrans=0&sent_bytes=4116&recv_bytes=1227&delivery_rate=120155&cwnd=12000&unsent_bytes=0&cid=f81e7c19972c5148&ts=614&x=1", cfExtPri, cfHdrFlush;dur=0
|
104.21.94.224
192.169.69.25