| xitlali.fr/ojczeb/fgtea/jml/sbpd/ |  172.67.195.68 | 302 Found | 118 B |
URL User Request GET HTTP/2xitlali.fr/ojczeb/fgtea/jml/sbpd/ IP172.67.195.68:443
CertificateIssuerGoogle Trust Services Subjectxitlali.fr Fingerprint6D:62:4E:51:81:EB:53:35:9D:96:F2:F8:D8:33:CE:5A:8C:4C:9B:0D ValidityThu, 30 Jan 2025 12:48:37 GMT - Wed, 30 Apr 2025 13:47:11 GMT
File typeHTML document, ASCII text, with no line terminators Hashb0f623103cd51d764412d46f8a7e0816 3c88223adef88d7cb3ef5536b4b398ef54f31781 fe40b26bcb3f34ba8f180d33623bb3b109597ba9b3f5596ba1bc6b665b8dcb67
GET /ojczeb/fgtea/jml/sbpd/ HTTP/1.1
Host: xitlali.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 01 Feb 2025 20:31:20 GMT
content-type: text/html; charset=UTF-8
location: https://worthyboxersympathy.com/api/users?token=L2hqMXhidHF6dnA_a2V5PWQxZTRiYzY3YTczOThlNTJkNmEwZDg0MGI2NzZlY2Qz
set-cookie: PHPSESSID=nv79glpfkaklb03rkorc4k8thp; path=/
_subid=1sjos4f1v9a13h; expires=Sun, 02 Feb 2025 20:31:20 GMT; Max-Age=86400; path=/; domain=.xitlali.fr
c019d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjY3XCI6MTczODQ0MTg4MH0sXCJjYW1wYWlnbnNcIjp7XCIxMVwiOjE3Mzg0NDE4ODB9LFwidGltZVwiOjE3Mzg0NDE4ODB9In0.PPhPhnhJfwz7TmHcT9RRd5PfoklA0GA8APfOFFhW8Q0; expires=Sun, 02 Feb 2025 20:31:20 GMT; Max-Age=86400; path=/; domain=.xitlali.fr
_token=uuid_1sjos4f1v9a13h_1sjos4f1v9a13h679e8498c85a03.65553184; expires=Sun, 02 Feb 2025 20:31:20 GMT; Max-Age=86400; path=/; domain=.xitlali.fr
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5L0XX6F%2BzmJ0F0vZWQ6T1k74z5cPYVZD2E48Agoa2pWMb0%2B8pZ%2BxgjT3Vcjr%2FhCXmNCJk%2BZXPBvkEVMDJ5ZcCxmpxAI08yMRrsSzndJ4AJQpaPZF9qSfG7SxmSUM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b4b45a7e425684-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5884&min_rtt=448&rtt_var=10883&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3272&recv_bytes=1261&delivery_rate=6895238&cwnd=254&unsent_bytes=0&cid=c11f4a85f5b7beaf&ts=185&x=0"
X-Firefox-Spdy: h2
|
| worthyboxersympathy.com/favicon.ico |  172.240.108.76 | 200 OK | 0 B |
URL GET HTTP/1.1worthyboxersympathy.com/favicon.ico IP172.240.108.76:443
Requested byhttps://worthyboxersympathy.com/api/users?token=L2hqMXhidHF6dnA_a2V5PWQxZTRiYzY3YTczOThlNTJkNmEwZDg0MGI2NzZlY2Qz CertificateIssuerLet's Encrypt Subjectworthyboxersympathy.com Fingerprint69:DE:59:9E:B3:A5:5A:96:F8:B6:96:33:61:50:A2:7C:58:ED:BD:9F ValidityMon, 16 Dec 2024 12:53:35 GMT - Sun, 16 Mar 2025 12:53:34 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: worthyboxersympathy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worthyboxersympathy.com/api/users?token=L2hqMXhidHF6dnA_a2V5PWQxZTRiYzY3YTczOThlNTJkNmEwZDg0MGI2NzZlY2Qz
Cookie: u_pl23250389=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 01 Feb 2025 20:31:21 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 189c3573378f4fce7777322e9ab2373f
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
|
| worthyboxersympathy.com/api/users?token=L2hqMXhidHF6dnA_a2V5PWQxZTRiYzY3YTczOThlNTJkNmEwZDg0MGI2NzZlY2Qz | 172.240.108.76 | 200 OK | 118 B |
URL User Request GET HTTP/1.1worthyboxersympathy.com/api/users?token=L2hqMXhidHF6dnA_a2V5PWQxZTRiYzY3YTczOThlNTJkNmEwZDg0MGI2NzZlY2Qz IP172.240.108.76:443
CertificateIssuerLet's Encrypt Subjectworthyboxersympathy.com Fingerprint69:DE:59:9E:B3:A5:5A:96:F8:B6:96:33:61:50:A2:7C:58:ED:BD:9F ValidityMon, 16 Dec 2024 12:53:35 GMT - Sun, 16 Mar 2025 12:53:34 GMT
File typeHTML document, ASCII text, with no line terminators Hashf27a6605cecb455a5e513507b214304b 8acbe09daafdc3adc0d57c5f5d8f93cd6186d55c f5cd5731dbf2e0185b4161ba81031fe68d04849a91d1a0ff8c713d6077292266
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /api/users?token=L2hqMXhidHF6dnA_a2V5PWQxZTRiYzY3YTczOThlNTJkNmEwZDg0MGI2NzZlY2Qz HTTP/1.1
Host: worthyboxersympathy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 01 Feb 2025 20:31:21 GMT
Content-Type: text/html
Content-Length: 118
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: u_pl23250389=1; expires=Sun, 02 Feb 2025 20:31:21 GMT; path=/
x-envoy-upstream-service-time: 0
x-envoy-decorator-operation: go-banner.modules.svc.cluster.local:9090/*
Host: worthyboxersympathy.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3baab5f9a34030325bfc12c257631072
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
|