| bagelseven.com/42/96/14/42961496c365d05db566420ff80c8be5.js | 172.240.127.234 | 200 OK | 31 kB |
URL GET HTTP/1.1bagelseven.com/42/96/14/42961496c365d05db566420ff80c8be5.js IP172.240.127.234:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjectbagelseven.com Fingerprint82:DE:00:CD:2E:CE:78:BA:9E:88:15:05:06:2A:27:06:91:FB:50:00 ValidityTue, 23 Apr 2024 10:38:49 GMT - Mon, 22 Jul 2024 10:38:48 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash1ddfc9ad0783254b6d800d8d5ab275cc e3e94ce849ac0201a8a48ab98d82a8d5c6d2c783 97479e36774daf7d917906b9d72d1771a66d15fea50180c94ede99d8e7db0830
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /42/96/14/42961496c365d05db566420ff80c8be5.js HTTP/1.1
Host: bagelseven.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 02:21:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ae781fcbb3d8540759a04f3c82b0d23a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| tutlehd4.xyz/online.php?a=638 | 89.248.169.42 | 200 OK | 0 B |
URL HEAD HTTP/2tutlehd4.xyz/online.php?a=638 IP89.248.169.42:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjecttutlehd4.xyz FingerprintCC:35:10:54:EF:6B:D0:3E:DF:B5:25:35:58:1D:E0:D2:7A:8F:E7:41 ValidityTue, 30 Apr 2024 15:28:02 GMT - Mon, 29 Jul 2024 15:28:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /online.php?a=638 HTTP/1.1
Host: tutlehd4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/online.php?a=638
Cookie: PHPSESSID=t6sga5ghug3h1f06jqfg7g6l20; xauth_token=5jnX9%2BoBu6TjHHZNOB5FK4yfN0o1zNR%2BcvP4YNmItKGvvJJAFxpaBsDaO0z51F3U7h3t9TZyItRYOfHccczKAoieYRCXHFQp9JyXE7%2FLp7r1ha0WDpcymPHdV99V5IVTJkyHZLviCQmzj1tlm4bT76QijCG7RdmIIgkHOodeZn6W62J%2FVTXdVeR9%2FZDkK5M%2B1Ci5UfxmTAcOW3tR7vloimNQsFsYI0yv4Phz%2BGM96rZHx9OHzkhPkpWaCsuI9PvpW07EHFvS6lcbI6iKfNXgcCQJJVhOnrprQ4%2FcPx%2FvVfBUCH7CfFAwXZLP9Laz9jk9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 02:21:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
access-control-allow-origin: *, https://tutlehd4.xyz
x-frame-options: https://tutlehd4.xyz
accept-ranges: bytes
access-control-allow-methods: GET, GET
access-control-allow-headers: Range,Xauth, Range,Xauth
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 3.164.222.26 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP3.164.222.26:0
Hash353dbae1e1b45a750770ae51bef13ba7 465917a2a0bbb947e9727e7f08b584a82aa6fb81 9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 02:21:13 GMT
Last-Modified: Sat, 04 May 2024 01:14:41 GMT
Server: ECAcc (ska/F7A5)
X-Cache: Miss from cloudfront
Via: 1.1 eaa28e975df2c0299f68b819ffdbde98.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: PUu1yQXKfeisOG_YAcYMdFVTQYk9Ju6DcsCz16NG2tiZnSSnuR02Lw==
Age: 3992
|
|
| proftrafficcounter.com/stats | 52.29.105.35 | 200 OK | 40 B |
URL GET HTTP/2proftrafficcounter.com/stats IP52.29.105.35:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerAmazon Subjectproftrafficcounter.com FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6 ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash32c1d90f6468483f455842753eab3896 db807289291b556a7ce3045a545e8dcab7e972c2 036493aa0046ea16af4ce50fec2cdf6c70588df0486938893801df707c2f8519
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tutlehd4.xyz
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 02:21:13 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://tutlehd4.xyz
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=3dfd16d1-559b-4ed5-9407-e921c790b6f6:1:1; expires=Tue, 02 May 2034 02:21:13 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| downstairsnegotiatebarren.com/sfp.js | 104.21.35.227 | 200 OK | 28 kB |
URL GET HTTP/2downstairsnegotiatebarren.com/sfp.js IP104.21.35.227:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjectdownstairsnegotiatebarren.com Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hashf4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 02:21:13 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 0b5f027497b71fe8a6bdaa562ea43c39
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 02:21:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HTx4miEcpn3yX9hYBpzeJkInb2tOhvWXJ3sOiwoH7FTDLIw4EXekZ7jAuIyy9e5eiJyqICOgH3n5IAgPIg9wlQw%2Fn64NhyrpuDe2oJKJtLVjCOuAtQrNnH3BC8dhO3ThK6KbBv1brU%2Bl5nJwezj15g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e50420a98b56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| upontogeticr.com/tag.min.js | 139.45.197.244 | 200 OK | 28 kB |
URL GET HTTP/2upontogeticr.com/tag.min.js IP139.45.197.244:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjectupontogeticr.com FingerprintDC:1C:33:DB:94:54:C9:FA:C7:47:00:FC:38:45:0D:E1:12:F9:3F:89 ValidityMon, 08 Apr 2024 15:22:13 GMT - Sun, 07 Jul 2024 15:22:12 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash6161cd5b16afc637789c8a29da15ed13 04f9e513c05079726b06b2154995c4c5c7c09b08 562a877675f8c3df7e1be8c3b2999127466ca8784a0a556810ec018ab6c86e34
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: upontogeticr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 02:21:13 GMT
content-type: text/javascript; charset=utf-8
content-length: 28333
content-encoding: br
x-trace-id: d60597ce12210409a7043c7dee11520e
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 03 May 2024 05:45:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| baskdisk.com/pixel/purst?dl=0&th=0&sc=0&rs=1538&rd=1538&fd=970&bv=24.5.6485&tmpl=70 | 172.240.108.68 | 200 OK | 0 B |
URL GET HTTP/1.1baskdisk.com/pixel/purst?dl=0&th=0&sc=0&rs=1538&rd=1538&fd=970&bv=24.5.6485&tmpl=70 IP172.240.108.68:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjectbaskdisk.com Fingerprint38:F5:31:F3:64:B5:5C:ED:CA:6C:5E:FB:F7:04:F9:CE:A5:3C:74:BC ValidityMon, 29 Apr 2024 12:48:34 GMT - Sun, 28 Jul 2024 12:48:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pixel/purst?dl=0&th=0&sc=0&rs=1538&rd=1538&fd=970&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: baskdisk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 02:21:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| my.rtmark.net/gid.js?userId=008052b206224904f8c310671882afb9 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=008052b206224904f8c310671882afb9 IP139.45.195.8:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash91143186812b102ff38b53e875baa43a 026848832c86698ed222bfd0aa6c049eba739f8b b0b18bc2193a7de5341e7bb0ad257527b1ed7c583ad5cee0ecbb46b99aaadcc2
GET /gid.js?userId=008052b206224904f8c310671882afb9 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tutlehd4.xyz
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 02:21:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://tutlehd4.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008052b206224904f8c310671882afb9; expires=Sun, 04 May 2025 02:21:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| tutlehd4.xyz/favicon.ico | 89.248.169.42 | 404 Not Found | 138 B |
IP89.248.169.42:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjecttutlehd4.xyz FingerprintCC:35:10:54:EF:6B:D0:3E:DF:B5:25:35:58:1D:E0:D2:7A:8F:E7:41 ValidityTue, 30 Apr 2024 15:28:02 GMT - Mon, 29 Jul 2024 15:28:01 GMT
File typeHTML document, ASCII text Hash7389d931c86b3d7bb6b8af46d8c4172b 8d2a4760aa0b47984d11cd1a66448719177fb791 301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f
GET /favicon.ico HTTP/1.1
Host: tutlehd4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/online.php?a=638
Cookie: PHPSESSID=t6sga5ghug3h1f06jqfg7g6l20; xauth_token=5jnX9%2BoBu6TjHHZNOB5FK4yfN0o1zNR%2BcvP4YNmItKGvvJJAFxpaBsDaO0z51F3U7h3t9TZyItRYOfHccczKAoieYRCXHFQp9JyXE7%2FLp7r1ha0WDpcymPHdV99V5IVTJkyHZLviCQmzj1tlm4bT76QijCG7RdmIIgkHOodeZn6W62J%2FVTXdVeR9%2FZDkK5M%2B1Ci5UfxmTAcOW3tR7vloimNQsFsYI0yv4Phz%2BGM96rZHx9OHzkhPkpWaCsuI9PvpW07EHFvS6lcbI6iKfNXgcCQJJVhOnrprQ4%2FcPx%2FvVfBUCH7CfFAwXZLP9Laz9jk9; dom3ic8zudi28v8lr6fgphwffqoz0j6c=3dfd16d1-559b-4ed5-9407-e921c790b6f6%3A1%3A1; pp_main_42961496c365d05db566420ff80c8be5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 04 May 2024 02:21:14 GMT
content-type: text/html
content-length: 138
etag: "66311c63-8a"
X-Firefox-Spdy: h2
|
|
| capaciousdrewreligion.com/advertisers.js | 172.240.127.234 | 200 OK | 0 B |
URL GET HTTP/1.1capaciousdrewreligion.com/advertisers.js IP172.240.127.234:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjectcapaciousdrewreligion.com Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 02:21:14 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c1fe672d441a77efeaf99a6da8aec7f1
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| tutlehd4.xyz/domainprotect.php?domainprotect=1.dlhd.sx | 89.248.169.42 | 200 OK | 8.1 kB |
URL GET HTTP/2tutlehd4.xyz/domainprotect.php?domainprotect=1.dlhd.sx IP89.248.169.42:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjecttutlehd4.xyz FingerprintCC:35:10:54:EF:6B:D0:3E:DF:B5:25:35:58:1D:E0:D2:7A:8F:E7:41 ValidityTue, 30 Apr 2024 15:28:02 GMT - Mon, 29 Jul 2024 15:28:01 GMT
File typegzip compressed data, from Unix Hashd2d374307063a2185df31c36354e384a 7bc7aa4d20d6394fbe17893778913f88e186d076 88e04152743db6eb18bade14faecfee4568773cca5e72fa6140712bbd4aef208
GET /domainprotect.php?domainprotect=1.dlhd.sx HTTP/1.1
Host: tutlehd4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutlehd4.xyz/embed.php?&a=638&s=t6sga5ghug3h1f06jqfg7g6l20&ip=91.90.42.154&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&referer=
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=t6sga5ghug3h1f06jqfg7g6l20; xauth_token=5jnX9%2BoBu6TjHHZNOB5FK4yfN0o1zNR%2BcvP4YNmItKGvvJJAFxpaBsDaO0z51F3U7h3t9TZyItRYOfHccczKAoieYRCXHFQp9JyXE7%2FLp7r1ha0WDpcymPHdV99V5IVTJkyHZLviCQmzj1tlm4bT76QijCG7RdmIIgkHOodeZn6W62J%2FVTXdVeR9%2FZDkK5M%2B1Ci5UfxmTAcOW3tR7vloimNQsFsYI0yv4Phz%2BGM96rZHx9OHzkhPkpWaCsuI9PvpW07EHFvS6lcbI6iKfNXgcCQJJVhOnrprQ4%2FcPx%2FvVfBUCH7CfFAwXZLP9Laz9jk9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 02:21:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
access-control-allow-origin: https://tutlehd4.xyz
x-frame-options: https://tutlehd4.xyz
accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-headers: Range,Xauth
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=3dfd16d1-559b-4ed5-9407-e921c790b6f6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=42961496c365d05db566420ff80c8be5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 | 192.243.61.227 | 200 OK | 1 B |
URL GET HTTP/1.1unseenreport.com/pxf.gif?uuid=3dfd16d1-559b-4ed5-9407-e921c790b6f6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=42961496c365d05db566420ff80c8be5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 IP192.243.61.227:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subject*.unseenreport.com Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13 ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pxf.gif?uuid=3dfd16d1-559b-4ed5-9407-e921c790b6f6&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=42961496c365d05db566420ff80c8be5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 02:21:15 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d08822f5f09019f821a2d9f407f51964
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| tutlehd4.xyz/embed.php?&a=638&s=t6sga5ghug3h1f06jqfg7g6l20&ip=91.90.42.154&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&referer= | 89.248.169.42 | 200 OK | 17 kB |
URL GET HTTP/2tutlehd4.xyz/embed.php?&a=638&s=t6sga5ghug3h1f06jqfg7g6l20&ip=91.90.42.154&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&referer= IP89.248.169.42:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjecttutlehd4.xyz FingerprintCC:35:10:54:EF:6B:D0:3E:DF:B5:25:35:58:1D:E0:D2:7A:8F:E7:41 ValidityTue, 30 Apr 2024 15:28:02 GMT - Mon, 29 Jul 2024 15:28:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /embed.php?&a=638&s=t6sga5ghug3h1f06jqfg7g6l20&ip=91.90.42.154&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&referer= HTTP/1.1
Host: tutlehd4.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/online.php?a=638
Cookie: PHPSESSID=t6sga5ghug3h1f06jqfg7g6l20
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 02:21:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=t6sga5ghug3h1f06jqfg7g6l20; path=/
xauth_token=5jnX9%2BoBu6TjHHZNOB5FK4yfN0o1zNR%2BcvP4YNmItKGvvJJAFxpaBsDaO0z51F3U7h3t9TZyItRYOfHccczKAoieYRCXHFQp9JyXE7%2FLp7r1ha0WDpcymPHdV99V5IVTJkyHZLviCQmzj1tlm4bT76QijCG7RdmIIgkHOodeZn6W62J%2FVTXdVeR9%2FZDkK5M%2B1Ci5UfxmTAcOW3tR7vloimNQsFsYI0yv4Phz%2BGM96rZHx9OHzkhPkpWaCsuI9PvpW07EHFvS6lcbI6iKfNXgcCQJJVhOnrprQ4%2FcPx%2FvVfBUCH7CfFAwXZLP9Laz9jk9
strict-transport-security: max-age=31536000
access-control-allow-origin: *, https://tutlehd4.xyz
x-frame-options: https://tutlehd4.xyz
accept-ranges: bytes
access-control-allow-methods: GET, GET
access-control-allow-headers: Range,Xauth, Range,Xauth
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| upontogeticr.com/5/6360915/?oo=1&aab=1 | 139.45.197.244 | 200 OK | 2.9 kB |
URL GET HTTP/2upontogeticr.com/5/6360915/?oo=1&aab=1 IP139.45.197.244:443
Requested byhttps://tutlehd4.xyz/online.php?a=638 CertificateIssuerLet's Encrypt Subjectupontogeticr.com FingerprintDC:1C:33:DB:94:54:C9:FA:C7:47:00:FC:38:45:0D:E1:12:F9:3F:89 ValidityMon, 08 Apr 2024 15:22:13 GMT - Sun, 07 Jul 2024 15:22:12 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3103), with no line terminators Hash4fbaa630328a1ae5755b4bf4b8e56ec4 8e65e41a01215a979b88916202f92de8db7f6562 790f508b8c3b06aa7c268931bb0de94edbae48c0dee3b77ea975d91821c760d8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/6360915/?oo=1&aab=1 HTTP/1.1
Host: upontogeticr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tutlehd4.xyz
DNT: 1
Connection: keep-alive
Referer: https://tutlehd4.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 02:21:13 GMT
content-type: application/json
x-trace-id: 7d720289c8d234095d29897c976ad10f
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://tutlehd4.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008052b206224904f8c310671882afb9; expires=Sun, 04 May 2025 02:21:13 GMT; path=/; secure; SameSite=None
oaidts=1714789273; expires=Sun, 04 May 2025 02:21:13 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|