| secure01-redirect.net/gc12/PvqDq929BSx_A_D_M1n_a.php | 34.162.170.92 | 200 OK | 20 B |
URL User Request GET HTTP/1.1secure01-redirect.net/gc12/PvqDq929BSx_A_D_M1n_a.php IP34.162.170.92:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
CertificateIssuerLet's Encrypt Subjectregotlocnut.com Fingerprint4A:56:F6:05:05:0E:E3:B5:C9:1D:70:B2:F1:84:71:24:9D:76:CC:87 ValidityFri, 02 Feb 2024 07:08:00 GMT - Thu, 02 May 2024 07:07:59 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer | Verdict | Alert | ThreatFox | malicious | Loki Password Stealer (PWS) | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /gc12/PvqDq929BSx_A_D_M1n_a.php HTTP/1.1
Host: secure01-redirect.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
server: nginx
date: Fri, 29 Mar 2024 13:53:54 GMT
content-type: text/html
transfer-encoding: chunked
set-cookie: btst=d41b268dc1468c794b502e0e5c0580c7|127.0.0.1|1711720434|1711720434|0|1|0; path=/; domain=.secure01-redirect.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
snkz=127.0.0.1; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
content-encoding: gzip
|
| secure01-redirect.net/favicon.ico | 34.162.170.92 | 200 OK | 20 B |
URL GET HTTP/1.1secure01-redirect.net/favicon.ico IP34.162.170.92:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
Requested byhttps://secure01-redirect.net/gc12/PvqDq929BSx_A_D_M1n_a.php CertificateIssuerLet's Encrypt Subjectregotlocnut.com Fingerprint4A:56:F6:05:05:0E:E3:B5:C9:1D:70:B2:F1:84:71:24:9D:76:CC:87 ValidityFri, 02 Feb 2024 07:08:00 GMT - Thu, 02 May 2024 07:07:59 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer | Verdict | Alert | ThreatFox | malicious | Loki Password Stealer (PWS) | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: secure01-redirect.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://secure01-redirect.net/gc12/PvqDq929BSx_A_D_M1n_a.php
Cookie: btst=d41b268dc1468c794b502e0e5c0580c7|127.0.0.1|1711720434|1711720434|0|1|0; snkz=127.0.0.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
server: nginx
date: Fri, 29 Mar 2024 13:53:55 GMT
content-type: text/html
transfer-encoding: chunked
set-cookie: btst=d41b268dc1468c794b502e0e5c0580c7|127.0.0.1|1711720435|1711720434|0|2|0; path=/; domain=.secure01-redirect.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
content-encoding: gzip
|