Report - rivoluter.brujah.xyz/login.php

Report Overview

Visited public
2025-03-27 18:54:29
Tags
botpanel malware
Submit Tags
URL
rivoluter.brujah.xyz/login.php
Finishing URL
rivoluter.brujah.xyz/login.php
IP / ASN
142.4.219.195
#16276 OVH SAS
Title
ANS Player
Malware - Botnet panel

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rivoluter.brujah.xyz	unknown	2023-10-05	2025-03-27	2025-03-27	6.4 kB	688 kB	142.4.219.195
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-26	1.6 kB	123 kB	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-26	508 B	25 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-27 18:54:07	medium	142.4.219.195	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	rivoluter.brujah.xyz/js/sb-admin-2.min.js	ScriptElement	1.3 kB	2024-08-21	2025-05-13
Pretty URL rivoluter.brujah.xyz/js/sb-admin-2.min.js IP 142.4.219.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 07:46 Last Seen2025-05-13 09:05 Times Seen3 Hash 8952d29ea9ec62c3855344103465bdbd eab00d12511793be0a8dca062d88bf55ecb9a859 acb9c8a91e6798409e13736b3ec67aaf26a4fab96b43e7d8abcbc05da354426b Loading...

	rivoluter.brujah.xyz/vendor/jquery-easing/jquery.easing.min.js	ScriptElement	2.5 kB	2023-03-07	2025-07-02
Pretty URL rivoluter.brujah.xyz/vendor/jquery-easing/jquery.easing.min.js IP 142.4.219.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-02 05:41 Times Seen2993 Hash e2d41e5c8fed838d9014fea53d45ce75 bde98133f735398b27339c423a817e755329f7d1 1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349 Loading...

	rivoluter.brujah.xyz/js/sb-admin.min.js	ScriptElement	936 B	2023-08-30	2025-03-27
Pretty URL rivoluter.brujah.xyz/js/sb-admin.min.js IP 142.4.219.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-30 12:32 Last Seen2025-03-27 18:54 Times Seen4 Hash 2a93bcb5ad24e0fac3804d796aba0ab0 13c33f3fbeaaaef4c231db79be89cee4bb0612c4 2544c1b634843030964b83452798f2345de33873c77044dcabf5b065eb9159e6 Loading...

	rivoluter.brujah.xyz/js/jquery.datetimepicker.js	ScriptElement	38 kB	2023-08-30	2025-03-27
Pretty URL rivoluter.brujah.xyz/js/jquery.datetimepicker.js IP 142.4.219.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-30 12:32 Last Seen2025-03-27 18:54 Times Seen6 Hash d80a7135a39ec84ba66dabf76251a9a1 6bdef45b5f2aaa93d3eee2384d68dc91c7a7fb39 26542eba5145c21d8d16a1b8164e2847754cad67ed318f05022e7eb8592cc6f0 Loading...

	rivoluter.brujah.xyz/login.php	ScriptElement	402 B	2025-03-27	2025-03-27
Pretty URL rivoluter.brujah.xyz/login.php IP 142.4.219.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-27 18:54 Last Seen2025-03-27 18:54 Times Seen1 Hash 74ed7a0c1449b2c45a568690f1916e52 5a494f45e67f83f251704123d22eb49102cd47b8 519e5ad288c697b183f622a47227441e41cd7121e3533055d222b19916dfaba2 Loading...

	rivoluter.brujah.xyz/login.php	ScriptElement	89 B	2025-03-27	2025-03-27
Pretty URL rivoluter.brujah.xyz/login.php IP 142.4.219.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-27 18:54 Last Seen2025-03-27 18:54 Times Seen1 Hash 7d43cc9e61c6cd42bca398ce9aa176f1 aca56339f394886dcf4cc252cae4ac6449e2900a 8003614b4609fc1c26395f3a938ae803038efec6e43afbe51893b2a0d5b8146f Loading...

	rivoluter.brujah.xyz/login.php	ScriptElement	139 B	2025-03-27	2025-03-27
Pretty URL rivoluter.brujah.xyz/login.php IP 142.4.219.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-27 18:54 Last Seen2025-03-27 18:54 Times Seen1 Hash 69964b50bfc4e65d4a9f0d7af985ad72 55bdad9a8df5e27d2d5cb9d4e31e83934bd86690 d48df2e191ce24ad868e110cec0a0c59febf30924705955ea726b39908c6200c Loading...

	rivoluter.brujah.xyz/vendor/jquery-easing/jquery.easing.min.js	ScriptElement	2.5 kB	2023-03-07	2025-07-02
Pretty URL rivoluter.brujah.xyz/vendor/jquery-easing/jquery.easing.min.js IP 142.4.219.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-02 05:41 Times Seen2993 Hash e2d41e5c8fed838d9014fea53d45ce75 bde98133f735398b27339c423a817e755329f7d1 1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349 Loading...

HTTP Transactions (18)

URL IP Response Size

GET rivoluter.brujah.xyz/login.php

142.4.219.195

200 OK

3.7 kB

URL User Request GET
rivoluter.brujah.xyz/login.php
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
HTML document, ASCII text, with very long lines (4047), with no line terminators
Size
3.7 kB (3696 bytes)
Hash
a94e946a071e85387c8e41e2118c06a7
29dc9aa55f8dd7b2e0a575e2f3d8fef1c44bf60f
83b5e1914efe84728f569e6829bbfc575a92f2ca20218c4874ce92d193c48f49

HTTP Headers

GET /login.php HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/7.3.33
content-type: text/html; charset=UTF-8
content-length: 1563
content-encoding: br
vary: Accept-Encoding
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET rivoluter.brujah.xyz/vendor/bootstrap/js/bootstrap.bundle.min.js

142.4.219.195

200 OK

81 kB

URL GET
rivoluter.brujah.xyz/vendor/bootstrap/js/bootstrap.bundle.min.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
data
Size
81 kB (81090 bytes)
Hash
2056168e23a41958386c2bff9e4cd1bc
7d24724aeccbc6f7446f53f0c1bf5c123845eb90
c95940b8071c39436c4bcd0b34464daf8f9ede40e99443f7be45182127b73cc2

HTTP Headers

GET /vendor/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:27:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 23186
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed

GET rivoluter.brujah.xyz/vendor/jquery-easing/jquery.easing.min.js

142.4.219.195

200 OK

2.5 kB

URL GET
rivoluter.brujah.xyz/vendor/jquery-easing/jquery.easing.min.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
JavaScript source, ASCII text, with very long lines (2544), with no line terminators
Size
2.5 kB (2532 bytes)
Hash
e3d9ed017478136907b65b25d28917ed
7fe0315d6ee6d96e7cf130975ad74575fbe18250
005f6e23dddef3e016ab9a0ceec453f144c56239b5a0e40b3b3a9f0324bfa144

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /vendor/jquery-easing/jquery.easing.min.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:26:32 GMT
accept-ranges: bytes
content-length: 2532
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed

GET fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.35

200 OK

39 kB

URL GET
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rivoluter.brujah.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 19:49:12 GMT
expires: Sat, 21 Mar 2026 19:49:12 GMT
cache-control: public, max-age=31536000
age: 515096
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET rivoluter.brujah.xyz/vendor/bootstrap/js/bootstrap.bundle.min.js

142.4.219.195

200 OK

81 kB

URL GET
rivoluter.brujah.xyz/vendor/bootstrap/js/bootstrap.bundle.min.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
data
Size
81 kB (81090 bytes)
Hash
2056168e23a41958386c2bff9e4cd1bc
7d24724aeccbc6f7446f53f0c1bf5c123845eb90
c95940b8071c39436c4bcd0b34464daf8f9ede40e99443f7be45182127b73cc2

HTTP Headers

GET /vendor/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:08 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:27:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 23186
date: Thu, 27 Mar 2025 18:54:08 GMT
server: LiteSpeed

GET rivoluter.brujah.xyz/vendor/jquery-easing/jquery.easing.min.js

142.4.219.195

200 OK

2.5 kB

URL GET
rivoluter.brujah.xyz/vendor/jquery-easing/jquery.easing.min.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
JavaScript source, ASCII text, with very long lines (2544), with no line terminators
Size
2.5 kB (2532 bytes)
Hash
e3d9ed017478136907b65b25d28917ed
7fe0315d6ee6d96e7cf130975ad74575fbe18250
005f6e23dddef3e016ab9a0ceec453f144c56239b5a0e40b3b3a9f0324bfa144

Detections

Analyzer	Verdict	Alert
urlquery	malware	Malware - Botnet panel

HTTP Headers

GET /vendor/jquery-easing/jquery.easing.min.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:08 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:26:32 GMT
accept-ranges: bytes
content-length: 2532
date: Thu, 27 Mar 2025 18:54:08 GMT
server: LiteSpeed

GET rivoluter.brujah.xyz/vendor/jquery/jquery.min.js

142.4.219.195

200 OK

90 kB

URL GET
rivoluter.brujah.xyz/vendor/jquery/jquery.min.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
data
Size
90 kB (89478 bytes)
Hash
4b56c09efe98cb4f1370c6c2fe6a3a90
4b8249845e42b67c0e829684a7749d1e54cf043c
6777d4395ac9d31e35c822e54a918f5e3bf8a9b59637c78b2ffbbb91b6fcda1a

HTTP Headers

GET /vendor/jquery/jquery.min.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:27:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 32644
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed

GET rivoluter.brujah.xyz/js/sb-admin-2.min.js

142.4.219.195

200 OK

1.3 kB

URL GET
rivoluter.brujah.xyz/js/sb-admin-2.min.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
JavaScript source, ASCII text, with very long lines (1346), with no line terminators
Size
1.3 kB (1272 bytes)
Hash
5f03ad116e3dac5bce2bce996fe7066c
d82e8f2493c12c1c25fa20930d96eaf35f8622e2
de75890f162cfae3de7c50d0f9c56a3fe7519571900bbdaccb657071cc4995b8

HTTP Headers

GET /js/sb-admin-2.min.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:26:16 GMT
accept-ranges: bytes
content-length: 1272
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed

GET rivoluter.brujah.xyz/js/jquery.datetimepicker.js

142.4.219.195

200 OK

39 kB

URL GET
rivoluter.brujah.xyz/js/jquery.datetimepicker.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type

Size
39 kB (38658 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/jquery.datetimepicker.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:26:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10566
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed

GET fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.35

200 OK

39 kB

URL GET
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rivoluter.brujah.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Mar 2025 19:49:12 GMT
expires: Sat, 21 Mar 2026 19:49:12 GMT
cache-control: public, max-age=31536000
age: 515096
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET rivoluter.brujah.xyz/favicon.ico

142.4.219.195

404 Not Found

796 B

URL GET
rivoluter.brujah.xyz/favicon.ico
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
HTML document, ASCII text, with very long lines (827), with no line terminators
Size
796 B (796 bytes)
Hash
ba278b4b4bd7abdc1006afafa87c076c
d5e52393da72c10ff4dff4e321f3fb07fad69a00
f8ebaa071d9024e80bb3c48681326ca17bb3b8f88ea2e7872b98b9f3459b73f2

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 796
date: Thu, 27 Mar 2025 18:54:08 GMT
server: LiteSpeed

GET fonts.gstatic.com/s/nunito/v26/XRXX3I6Li01BKofIMNaDRs4.woff2

142.250.74.35

200 OK

42 kB

URL GET
fonts.gstatic.com/s/nunito/v26/XRXX3I6Li01BKofIMNaDRs4.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 41800, version 1.0
Size
42 kB (41800 bytes)
Hash
3ea99ad21ca9121d85ab7e668fe557e4
a3c34cafeee04cc309f965899b0b879793e59795
2a4ba0bfd05a144b759af1564fae807d80463489344ed2cf2d0f7fb5635e967a

HTTP Headers

GET /s/nunito/v26/XRXX3I6Li01BKofIMNaDRs4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rivoluter.brujah.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 41800
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Mar 2025 09:17:45 GMT
expires: Fri, 27 Mar 2026 09:17:45 GMT
cache-control: public, max-age=31536000
age: 34583
last-modified: Thu, 14 Sep 2023 00:02:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET rivoluter.brujah.xyz/vendor/jquery/jquery.min.js

142.4.219.195

200 OK

90 kB

URL GET
rivoluter.brujah.xyz/vendor/jquery/jquery.min.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
data
Size
90 kB (89478 bytes)
Hash
4b56c09efe98cb4f1370c6c2fe6a3a90
4b8249845e42b67c0e829684a7749d1e54cf043c
6777d4395ac9d31e35c822e54a918f5e3bf8a9b59637c78b2ffbbb91b6fcda1a

HTTP Headers

GET /vendor/jquery/jquery.min.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:08 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:27:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 32644
date: Thu, 27 Mar 2025 18:54:08 GMT
server: LiteSpeed

GET rivoluter.brujah.xyz/vendor/fontawesome-free/css/all.min.css

142.4.219.195

200 OK

59 kB

URL GET
rivoluter.brujah.xyz/vendor/fontawesome-free/css/all.min.css
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
data
Size
59 kB (58939 bytes)
Hash
b3eb497c502e7c3f0a4779fca7301280
fcffeeca1c1af7fd05a4afc6bbc22ce56dfbbfe6
d4b6f6fb2fa1fcb1c2e94c9e612ab929fdedd0025a93ea43b693992d1aa9a5e7

HTTP Headers

GET /vendor/fontawesome-free/css/all.min.css HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 13:27:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12953
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET rivoluter.brujah.xyz/css/sb-admin-9.css

142.4.219.195

200 OK

221 kB

URL GET
rivoluter.brujah.xyz/css/sb-admin-9.css
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
ASCII text, with very long lines (629), with CRLF line terminators
Size
221 kB (220808 bytes)
Hash
d6ee574184558724fd55dafc5c5de107
dc125a0916e0d6755764fd82fd37a32b4946ed02
0ad87066972062e0ed8a711acead1f20c527c6706fef558eb98730d0783dbcb2

HTTP Headers

GET /css/sb-admin-9.css HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 13:26:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 32295
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed

GET fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i

142.250.74.10

200 OK

24 kB

URL GET
fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT

File type
ASCII text
Size
24 kB (24059 bytes)
Hash
af11c3dd8c017098d9d02f60451819b7
da1671adf59ec98920f53b64191ce17baa9d2077
cc1a4058011a8d05fe59381bd35dd4775a9cf073d94537c9fd1807b191b4841f

HTTP Headers

GET /css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 27 Mar 2025 18:54:07 GMT
date: Thu, 27 Mar 2025 18:54:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET rivoluter.brujah.xyz/img/logo.png

142.4.219.195

200 OK

12 kB

URL GET
rivoluter.brujah.xyz/img/logo.png
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
12 kB (11948 bytes)
Hash
3d90bc46be2f16f23e83c0c4c28b231a
606c767d4200e33dc13b1706cf6a7e9c302bcefb
2d713b0f588adf55e631b13d8a117e1428031bd0a71699a6db710a373d74abd4

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: image/png
last-modified: Wed, 22 Jun 2022 13:27:56 GMT
accept-ranges: bytes
content-length: 11948
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed

GET rivoluter.brujah.xyz/js/sb-admin.min.js

142.4.219.195

200 OK

936 B

URL GET
rivoluter.brujah.xyz/js/sb-admin.min.js
IP
142.4.219.195:443
ASN
#16276 OVH SAS

Requested by
https://rivoluter.brujah.xyz/login.php
Certificate
IssuerLet's Encrypt
Subjectrivoluter.brujah.xyz
Fingerprint8A:84:F4:E3:64:C6:21:A0:29:FF:38:17:D6:15:D3:7B:B4:0C:04:77
ValidityTue, 25 Mar 2025 19:43:47 GMT - Mon, 23 Jun 2025 19:43:46 GMT

File type
ASCII text, with very long lines (982), with no line terminators
Size
936 B (936 bytes)
Hash
ac6fb10fb82310403383705407759564
f481b9f80bef54e168fc16eee3800dcc9bbede35
92591992114e07f2e09c0541fbba60f3741ba81d0b2d8e8a9e1a7f0bcdedb49c

HTTP Headers

GET /js/sb-admin.min.js HTTP/1.1
Host: rivoluter.brujah.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rivoluter.brujah.xyz/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31557600
expires: Sat, 28 Mar 2026 00:54:07 GMT
content-type: application/javascript
last-modified: Wed, 22 Jun 2022 13:26:16 GMT
accept-ranges: bytes
content-length: 936
date: Thu, 27 Mar 2025 18:54:07 GMT
server: LiteSpeed

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN