| mcnlcs9q9.cfd/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.79.250 | | 0 B |
URL mcnlcs9q9.cfd/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.79.250:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: mcnlcs9q9.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 24 Apr 2024 06:21:38 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BkgUGh8x10s9YzwOtrudQoz98CFNGML9TqYV1%2BpL3xbpY5F9GPlmd4Lq3vwcc68xKhyI46UDdgPLeXVpr3uUg%2Bpjeyv3FLDE8IirjeGFA25RM09KZrsdlN8b2zrf3PE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8793fe8e3ae656a4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| mcnlcs9q9.cfd/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js | 104.21.79.250 | | 14 kB |
URL mcnlcs9q9.cfd/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js IP104.21.79.250:0
File typeJavaScript source, ASCII text, with very long lines (7865), with no line terminators Hash8eb7c340cce0e3b0d2f9b0b2cacee35f b6e26b612c23a9a1c0c394f3404b96a0cadf412f aa713a3d879134e7cebab4f9e9517f5b79a775e55de5c30c35ad92df755a5adc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1
Host: mcnlcs9q9.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 06:21:38 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qY7ABDc5%2BxTw1Z%2BatV48h7o4gw4C8WHlNOB%2Fq6pPNPSItN6Jlj%2B0c2Bj1jtu6HDXjGmRndbJKUslLu5FKvQa4TMxtmybo0Iqvm4mYvDNqMd8Lw4PnmPTkgL6VRnTaSfB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8793fe8e4b0456a4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| mcnlcs9q9.cfd/cdn-cgi/challenge-platform/h/b/jsd/r/8793fe8a5c2756b5 | 104.21.79.250 | | 0 B |
URL mcnlcs9q9.cfd/cdn-cgi/challenge-platform/h/b/jsd/r/8793fe8a5c2756b5 IP104.21.79.250:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/jsd/r/8793fe8a5c2756b5 HTTP/1.1
Host: mcnlcs9q9.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12291
Origin: https://mcnlcs9q9.cfd
DNT: 1
Connection: keep-alive
Referer: https://mcnlcs9q9.cfd/?38_4=946fc7d7d849b49ba88c488674161d34&s=Grand_Theft_Auto_V[wifi4gamescom]rar&t=52
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 06:21:39 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=Pw9EY4D_M.6VbtesDK7P9y2i4Bok6cEW9L.iv5iLBFs-1713939699-1.0.1.1-zI6LqhYQ93f92X8FXGg9nNpUkWP4U2v50u7QxQuKS3.x9Uwp818UBUekU3lDfN_9LgHaavHF7dZLbUMNZpLknw; path=/; expires=Thu, 24-Apr-25 06:21:39 GMT; domain=.mcnlcs9q9.cfd; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5M6a7OAl3c9fLASMNHMvPHKNhJC07i3KVmXrnn2IetXwt6UzfFbWTnm%2FWXdz0QOri%2BY5OQW%2Fc5j%2Fa8cCqYfR0fRVJ8d67oO5bledEixau%2B4DR3MTbpj4lQfDYkEor8YE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8793fe8f6c1b56a4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| | 45.63.94.214 | 200 OK | 933 B |
URL User Request GET HTTP/1.1IP45.63.94.214:443
CertificateIssuerLet's Encrypt Subjectpaste.rs FingerprintF7:B9:DD:A2:C4:24:97:56:FB:B1:71:34:21:EF:5E:D9:7D:2F:35:54 ValidityFri, 01 Mar 2024 11:00:10 GMT - Thu, 30 May 2024 11:00:09 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (310), with CRLF, LF line terminators Hash58672799d3ea60f24a6e88a08265e94f 1da17e6f9492df269f27a912e487bd71e01639c5 920503650cc1d212cc57d9c9211dec2cc26cabf42e9e6d5d993b8b9040365b32
GET /9y6pk.txt HTTP/1.1
Host: paste.rs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 06:21:43 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
permissions-policy: interest-cohort=()
Strict-Transport-Security: max-age=31536000; includeSubdomains;
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
|
|
| paste.rs/normalize.min.css | 45.63.94.214 | 200 OK | 785 B |
URL GET HTTP/1.1paste.rs/normalize.min.css IP45.63.94.214:443
Requested byhttps://paste.rs/9y6pk.txt CertificateIssuerLet's Encrypt Subjectpaste.rs FingerprintF7:B9:DD:A2:C4:24:97:56:FB:B1:71:34:21:EF:5E:D9:7D:2F:35:54 ValidityFri, 01 Mar 2024 11:00:10 GMT - Thu, 30 May 2024 11:00:09 GMT
File typeASCII text, with very long lines (1615) Hash69396fe173580a71758e10efed1bce99 e152dab6dd95ce21705c3eb76e0f8b211cd396fe ee733a13231e0683bf55cfd944f5d2bd445e6ea91488348df313cc37e8f4b031
GET /normalize.min.css HTTP/1.1
Host: paste.rs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.rs/9y6pk.txt
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 06:21:43 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
permissions-policy: interest-cohort=()
Strict-Transport-Security: max-age=31536000; includeSubdomains;
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
|
|
| paste.rs/code.min.css | 45.63.94.214 | 200 OK | 601 B |
IP45.63.94.214:443
Requested byhttps://paste.rs/9y6pk.txt CertificateIssuerLet's Encrypt Subjectpaste.rs FingerprintF7:B9:DD:A2:C4:24:97:56:FB:B1:71:34:21:EF:5E:D9:7D:2F:35:54 ValidityFri, 01 Mar 2024 11:00:10 GMT - Thu, 30 May 2024 11:00:09 GMT
File typeASCII text, with very long lines (600) Hashf9e00b13ff6209511276001f4febc1a0 f9e466bdaa58097315c3d4206478ceb3cca17b9a 2eaa8b7de74f45409f7d72e96d0d81d0509e670af7c7b0445c8a8af6435ac58b
GET /code.min.css HTTP/1.1
Host: paste.rs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.rs/9y6pk.txt
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 06:21:43 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 601
Connection: close
permissions-policy: interest-cohort=()
Strict-Transport-Security: max-age=31536000; includeSubdomains;
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
X-XSS-Protection: 1; mode=block
|
|
| gdfm54qor.click/?aD1mMjE4MjA0NmM5M2Y4ZGQwYjRlMmEzM2M5MmI0YmUwYiZ1c2VyPTE3OSZzaWQ9NzkmdHlwZT1jJmFkY29kZT0yJnRtcD01&file=Grand_Theft_Auto_V[wifi4games.com].rar | 104.21.22.12 | | 2.0 kB |
URL gdfm54qor.click/?aD1mMjE4MjA0NmM5M2Y4ZGQwYjRlMmEzM2M5MmI0YmUwYiZ1c2VyPTE3OSZzaWQ9NzkmdHlwZT1jJmFkY29kZT0yJnRtcD01&file=Grand_Theft_Auto_V[wifi4games.com].rar IP104.21.22.12:0
File typeJavaScript source, ASCII text, with very long lines (1118), with CRLF, LF line terminators Hash88bbc88cc460f280edcf8714d116a903 7edb4ee7cb4eda6e3b2eaccf126bc57a8439edf7 eaa905975009301fbb02508556d8b38368eb972a8184acde09ab49deedccc634
GET /?aD1mMjE4MjA0NmM5M2Y4ZGQwYjRlMmEzM2M5MmI0YmUwYiZ1c2VyPTE3OSZzaWQ9NzkmdHlwZT1jJmFkY29kZT0yJnRtcD01&file=Grand_Theft_Auto_V[wifi4games.com].rar HTTP/1.1
Host: gdfm54qor.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 06:21:38 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.27
access-control-allow-origin: *
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ii81aGJOZURXN05KZXo3bnU0bFY4UXc9PSIsInZhbHVlIjoieGdPUWx3ajhXTUZCTFNCNGFrTVJhYzM4SnNGVitFUy9NbDJWL1BzdEFaMzBudmYxS1pnUXhwRnJYajVjWUFWZmJ5Uk5pc1d0blErbjZSVnM0SFVOU25zdGdmZDBkbkdUVWZPUndhQmlDaC82OU05dEhZeGRMUi81N240SjZKb2QiLCJtYWMiOiIwMmFkZDFkZGQ5NGM0MmEwYzRkOTVjYzZjNWEyMWYxNDcwYmVjMGM3M2VjYTUwNmM1NGM3OWJjNmNiYjYwOTU0IiwidGFnIjoiIn0%3D; expires=Wed, 24-Apr-2024 08:21:37 GMT; Max-Age=7200; path=/; samesite=lax; secure
laravel_session=eyJpdiI6InB2bVVUSFBjTzRLL0tPNEtRK0ZveUE9PSIsInZhbHVlIjoibkxaa1JhUGpENC9sRUlNN25QOURQaENBZTRWZXFHTnh0dFpWUnRIckZLQzRhamJTS1BLajhtSGZIWTFvYnBIOG5yNVBpbVZ0bUVXZGtYOWQzNzBxOGk1N01pVENCSlo3REdSYm1xcVdYd05Zd0JTQ2dTa2U1b0JGOW5mWDIydTEiLCJtYWMiOiIxOWM5NmQ2OTBiMmE2YzcyZDIyMzhmOWU2MGVmZGNiNzFmODA0MWJlMGM0NWI5NTE2ZGM0NDgyZWYxNTkwZWIyIiwidGFnIjoiIn0%3D; expires=Wed, 24-Apr-2024 08:21:37 GMT; Max-Age=7200; path=/; httponly; samesite=lax; secure
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QkEV71VJ8K5eH3Umqe8NqXNcufbo60e7TrrcTfVqURPIuvOeec45xhdTBIjg90RSqnDFpVdu3361WISN28jv6OjZtlxlk%2B5Zeved8KuoMGWuJ8UFdd8mJ%2BDpWVuoJ1NHPX8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8793fe8579ec56c1-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| href.li/?https://paste.rs/9y6pk.txt | 192.0.78.26 | | 6.3 kB |
URL href.li/?https://paste.rs/9y6pk.txt IP192.0.78.26:0
File typeHTML document, ASCII text Hash2b9e491ae70f50ad7a4ba3a7ff5db6ec 054bf4624fec695cfee36cb14dfc6fe7a872e927 1d017edb260bc7b40d660b7928fbe985caf7dc1615d0503676d20bc5e1a6556b
GET /?https://paste.rs/9y6pk.txt HTTP/1.1
Host: href.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mcnlcs9q9.cfd/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 06:21:42 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: br
x-ac: 3.arn _dca MISS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| paste.rs/favicon-16x16.png | 45.63.94.214 | 200 OK | 985 B |
URL GET HTTP/1.1paste.rs/favicon-16x16.png IP45.63.94.214:443
Requested byhttps://paste.rs/9y6pk.txt CertificateIssuerLet's Encrypt Subjectpaste.rs FingerprintF7:B9:DD:A2:C4:24:97:56:FB:B1:71:34:21:EF:5E:D9:7D:2F:35:54 ValidityFri, 01 Mar 2024 11:00:10 GMT - Thu, 30 May 2024 11:00:09 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash507cfefbe150830a9f205bda55db09e0 35bed9c0e45ab505c25a72d552f1d46bb98726e3 96f1c3002626227e500be9adda44360d46a7eb40851e509ac0452d24073865a5
GET /favicon-16x16.png HTTP/1.1
Host: paste.rs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.rs/9y6pk.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 06:21:44 GMT
Content-Type: image/png
Content-Length: 985
Connection: close
permissions-policy: interest-cohort=()
Strict-Transport-Security: max-age=31536000; includeSubdomains;
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
X-XSS-Protection: 1; mode=block
|
|