URL User Request GET HTTP/1.1 IP
Certificate IssuerGoGetSSL
Subjectu.to
Fingerprint5F:34:9B:CA:9B:9B:07:E0:65:E5:80:E3:F9:98:A2:66:0C:E3:59:A8
ValidityTue, 24 Oct 2023 00:00:00 GMT - Thu, 24 Oct 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5e736b5f89b8202fe70c2150f5afca60
41d4352d159c6e0baec70199bf8b598d3bcfacf9
6301ee7104588bec67030932fe123c28635c76f3b1f6d37a2d79a98b2aebebc7
GET /Ri8eIA HTTP/1.1
Host: u.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.8.0
Date: Wed, 29 Nov 2023 00:40:55 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: lng=en; path=/; expires=Thu, 28-Nov-2024 00:40:55 GMT; domain=.u.to;
Location: https://abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com/archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip
abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com/archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip
200 OK 625 kB URL User Request GET HTTP/2 abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com/archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip
IP
Certificate IssuerSectigo Limited
Subject*.usrfiles.com
Fingerprint15:F4:65:90:B4:A0:48:C6:7D:B3:74:65:0C:F1:AF:70:66:E6:AD:40
ValidityWed, 26 Jul 2023 00:00:00 GMT - Mon, 22 Jan 2024 23:59:59 GMT
File type Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size 625 kB (625381 bytes)
Hash a51647307e94aa71ba9b4d860ab63ee1
cb93981e00abbfeace3c65b74951a0a3e9130efe
2ed59bb027b77d959153fcec36f4a65551391ab624c313f1ce90561c17bc1988
Analyzer Verdict Alert VirusTotal malicious
GET /archives/abb8c9_cd41354a031b4903a4fcd7814ab8817a.zip HTTP/1.1
Host: abb8c91b-cfd2-4ae6-ba53-16579fe1acb1.usrfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-zip-compressed
content-length: 625381
server: openresty/1.21.4.1
date: Sun, 19 Nov 2023 16:12:13 GMT
expires: Sun, 19 Nov 2023 17:12:13 GMT
cache-control: public, max-age=15552000, immutable
last-modified: Sun, 19 Nov 2023 16:12:06 GMT
etag: "a51647307e94aa71ba9b4d860ab63ee1"
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Length
timing-allow-origin: *
x-seen-by: gcp.us-central-1.media-router-f89dc7b48-lm8jn
x-robots-tag: noindex, nofollow
via: 1.1 google, 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 0igFQmVg-TRNVeAiz0VQnwIOIsZp0bvJiV3zQKiMOsvLBOAv0t064Q==
age: 808125
X-Firefox-Spdy: h2
uniqueincs.com/free-wordpress-blog-themes/
301 Moved Permanently 625 kB URL User Request GET HTTP/2 uniqueincs.com/free-wordpress-blog-themes/
IP
Certificate IssuerGoogle Trust Services LLC
Subjectuniqueincs.com
Fingerprint7D:11:2D:BD:19:9F:0F:5D:07:6D:CD:BF:00:B9:CC:04:FC:9B:A3:F8
ValidityFri, 17 Nov 2023 08:55:21 GMT - Thu, 15 Feb 2024 08:55:20 GMT
Size 625 kB (625381 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /free-wordpress-blog-themes/ HTTP/1.1
Host: uniqueincs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Wed, 29 Nov 2023 00:40:58 GMT
location: https://u.to/Ri8eIA
cache-control: max-age=3600
expires: Wed, 29 Nov 2023 01:40:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QEBg%2B5Yg7hSk%2Ft9294N9g%2FB8etRE8vdi5ctoJDWDmGodfzc1aFnSbO%2F7EQBGfXKZPc8oOP6J%2FbA1FnZO8KZOF2730V933g5G1uYOVLkqhBNgOByVnEpZ0tOuzFtGOlBOVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d6cd674f3bb4f1-OSL
X-Firefox-Spdy: h2
188.114.97.1
195.216.243.155
54.230.111.49