Report - www.backbonebanners.com/click.php?url=https://tinyurl.com/3a3js5jz/?DPem

Report Overview

Submitted URL
www.backbonebanners.com/click.php?url=https://tinyurl.com/3a3js5jz/?DPem
IP
35.185.42.76
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2024-03-29 05:43:50
Access
public
Website Title
Blockchain
Final URL
wirycuxary.top/transfers/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
54

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
wirycuxary.top	unknown	unknown	No data	No data	12 kB	203 kB	91.215.85.133
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-03-29	1.5 kB	109 kB	216.58.207.227
ok.me	163685	2009-07-24	2014-10-19	2024-02-28	472 B	6.0 kB	5.61.23.4
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-03-29	471 B	24 kB	142.250.74.106
tinyurl.com	10084	2002-01-27	2012-05-21	2024-03-27	482 B	6.9 kB	104.20.138.65
www.backbonebanners.com	unknown	2004-12-31	2012-10-30	2023-08-24	526 B	480 B	35.185.42.76
guryfuytu.top	unknown	2023-07-30	2023-07-31	2024-03-22	493 B	493 B	193.143.1.175
welenyfogote.top	unknown	2023-08-14	2023-08-15	2024-03-28	496 B	801 B	193.143.1.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	guryfuytu.top	Sinkholed
2024-03-29	medium	welenyfogote.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed
2024-03-29	medium	wirycuxary.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	wirycuxary.top/transfers/	16 B	2023-03-07	2024-03-29
Pretty URL wirycuxary.top/transfers/ IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:39:23 Last Seen2024-03-29 06:43:57 Times Seen246 Hash ef37ef2bd1c618c3155283322e452ee9 0a39188b4b24c69f163d53bd5af56495f29f60b1 81d4e4adc1ae7a4d4c474647432d1602d8763e4df4c5f5fbcc556634fa9fac2e Loading...

	wirycuxary.top/transfers/assets/popper/popper.min.js	19 kB	2023-03-07	2024-04-25
Pretty URL wirycuxary.top/transfers/assets/popper/popper.min.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:31 Last Seen2024-04-25 18:58:31 Times Seen2013 Hash 3621381129597bf34d48a9e2623e05c9 edb00146d1636c247c7afaa61f11aad0c0fc5120 3675f226f985b64eea6ae8544d5496a32d19993aae1ac4a3fa101263ef3206f7 Loading...

	wirycuxary.top/transfers/assets/bootstrap/js/bootstrap.min.js	56 kB	2023-03-07	2024-04-27
Pretty URL wirycuxary.top/transfers/assets/bootstrap/js/bootstrap.min.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:56 Last Seen2024-04-27 20:25:53 Times Seen2294 Hash 6895e8cd60b62646ce12426015888f58 de908c9ed184d74eb525fa7a30449b67fc3a1c14 eb795deda8983fa5310627c9584cf3f3b95d272567113500059018b3941cb267 Loading...

	wirycuxary.top/transfers/assets/smoothscroll/smooth-scroll.js	26 kB	2023-03-08	2024-04-18
Pretty URL wirycuxary.top/transfers/assets/smoothscroll/smooth-scroll.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:50:57 Last Seen2024-04-18 08:11:42 Times Seen128 Hash fe29604742445d8c3099def402762a66 62624b445315e5cac20ef0fb77a32047ecc38e88 c91f338f6adfb67bcf0ef83e714b8ab54799f47111d589e380590d063b8bf273 Loading...

	wirycuxary.top/transfers/assets/touchswipe/jquery.touch-swipe.min.js	20 kB	2023-03-07	2024-04-19
Pretty URL wirycuxary.top/transfers/assets/touchswipe/jquery.touch-swipe.min.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-19 11:28:16 Times Seen1349 Hash f60ff05469d1757996d85f4172d4ff4d 69c8c9f0e0fbd9bd9fd1df6c1a18067256d46c73 a10d7edb8fd307f469beaaa75a725e4bdae24a1b867f5bc7960f01e25c99d8e1 Loading...

	wirycuxary.top/transfers/assets/dropdown/js/navbar-dropdown.js	3.5 kB	2023-03-09	2024-03-29
Pretty URL wirycuxary.top/transfers/assets/dropdown/js/navbar-dropdown.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:08:36 Last Seen2024-03-29 06:43:57 Times Seen112 Hash e0064c189b8e7f1523108d56e6910608 1ed0aa4d0802c2d9f8f9bace041b73ca2a3cd7b5 37234ac494ee7d7ffc1ac3f66c44a41ef041c1cc373d07ff2e059dc7f820a2f8 Loading...

	wirycuxary.top/transfers/assets/theme/js/script.js	45 kB	2024-02-06	2024-03-29
Pretty URL wirycuxary.top/transfers/assets/theme/js/script.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-06 14:35:56 Last Seen2024-03-29 06:43:57 Times Seen71 Hash b54737b80d9b8f96177040395357f151 f85744add2effebc7e625a91f7d6ef532963c0f2 fab8662fb85c110434438daddddb16a64598909189c83fc050f7c52a6710faa8 Loading...

	wirycuxary.top/transfers/assets/web/assets/jquery/jquery.min.js	96 kB	2023-03-07	2024-04-28
Pretty URL wirycuxary.top/transfers/assets/web/assets/jquery/jquery.min.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:51 Last Seen2024-04-28 17:30:21 Times Seen10086 Hash 5790ead7ad3ba27397aedfa3d263b867 8130544c215fe5d1ec081d83461bf4a711e74882 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0 Loading...

	wirycuxary.top/transfers/assets/tether/tether.min.js	23 kB	2023-03-07	2024-04-22
Pretty URL wirycuxary.top/transfers/assets/tether/tether.min.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:00 Last Seen2024-04-22 12:07:44 Times Seen730 Hash 3e50b6f75ff4128f2478b1d44f80fdfb 345421c0dfc6ca09aea15cec021617d701e4827f 0a0416e386e436583f5f49242104677e6b16b1aa693d86f32d76845e26081f96 Loading...

	wirycuxary.top/transfers/assets/dropdown/js/nav-dropdown.js	19 kB	2023-03-09	2024-03-29
Pretty URL wirycuxary.top/transfers/assets/dropdown/js/nav-dropdown.js IP 91.215.85.133 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:08:36 Last Seen2024-03-29 06:43:57 Times Seen113 Hash f5b18f456d714f5fd3417a1bb278ceed b1fc495f69ae7b20858e609e50992c5bcab77ed5 d9e800dab50c202621225b605347fedc067286e5fce53a90523f5e4fa404f331 Loading...

HTTP Transactions (34)

URL IP Response Size

www.backbonebanners.com/click.php?url=https://tinyurl.com/3a3js5jz/?DPem

35.185.42.76

302 Moved Temporarily

20 B

URL User Request GET HTTP/1.1
www.backbonebanners.com/click.php?url=https://tinyurl.com/3a3js5jz/?DPem
IP
35.185.42.76:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuercPanel, Inc.
Subjectbackbonebanners.com
Fingerprint26:67:63:B5:5B:65:85:8B:2F:23:80:54:9A:C4:28:41:90:9E:5A:35
ValidityTue, 27 Feb 2024 00:00:00 GMT - Mon, 27 May 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /click.php?url=https://tinyurl.com/3a3js5jz/?DPem HTTP/1.1
Host: www.backbonebanners.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Date: Fri, 29 Mar 2024 05:43:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=nktj6besp1gdipcqkm1jvl59u1; path=/
Location: https://tinyurl.com/3a3js5jz/?DPem
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

guryfuytu.top/?u=b4v274&o=c4x2&label=sp

193.143.1.175

302 Found

0 B

URL User Request GET HTTP/1.1
guryfuytu.top/?u=b4v274&o=c4x2&label=sp
IP
193.143.1.175:443
ASN
#198953 Proton66 OOO

Certificate
IssuerLet's Encrypt
Subjectguryfuytu.top
FingerprintE4:D0:11:DE:8A:A4:6F:FA:1A:92:8A:33:FB:A6:07:BC:01:79:16:24
ValiditySun, 17 Mar 2024 16:15:07 GMT - Sat, 15 Jun 2024 16:15:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?u=b4v274&o=c4x2&label=sp HTTP/1.1
Host: guryfuytu.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 29 Mar 2024 05:43:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 29 Mar 2024 05:43:25 GMT
Location: https://welenyfogote.top/?u=b4v274&o=c4x2&label=sp
Set-Cookie: l=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=guryfuytu.top
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.33
Access-Control-Allow-Origin: *

welenyfogote.top/?u=b4v274&o=c4x2&label=sp

193.143.1.225

302 Found

33 B

URL User Request GET HTTP/1.1
welenyfogote.top/?u=b4v274&o=c4x2&label=sp
IP
193.143.1.225:443
ASN
#198953 Proton66 OOO

Certificate
IssuerLet's Encrypt
Subjectwelenyfogote.top
FingerprintDF:66:EB:7A:3D:9A:14:12:FE:4A:38:C8:38:03:44:39:A6:87:E6:06
ValiditySun, 17 Mar 2024 18:28:57 GMT - Sat, 15 Jun 2024 18:28:56 GMT

File type
ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
d8f33f83c4b16989b1d94766b0a82f17
7a644a61fa53e3cb949e0fb724e921546476ed8e
0c73080a5e8ae00a80849147c3170cb924a7c3b385bc695c1bab22c3369de32b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?u=b4v274&o=c4x2&label=sp HTTP/1.1
Host: welenyfogote.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 29 Mar 2024 05:43:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 33
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 29 Mar 2024 05:43:26 GMT
Location: https://wirycuxary.top/transfers/
Set-Cookie: l=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=welenyfogote.top
u=b4v274; expires=Mon, 29-Apr-2024 05:43:26 GMT; Max-Age=2678400; path=/; domain=welenyfogote.top
o=c4x2; expires=Mon, 29-Apr-2024 05:43:26 GMT; Max-Age=2678400; path=/; domain=welenyfogote.top
l=sp; expires=Mon, 29-Apr-2024 05:43:26 GMT; Max-Age=2678400; path=/; domain=welenyfogote.top
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.33
Access-Control-Allow-Origin: *

wirycuxary.top/transfers/

91.215.85.133

200 OK

1.6 kB

URL User Request GET HTTP/1.1
wirycuxary.top/transfers/
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.6 kB (1597 bytes)
Hash
0c5e6983ab54e0888b377e58a71f9688
a137ed1a661932f8b1dd1fa873bb0e7507e6cac0
bd473561d3fbe7ce81b41bd5a999c60f2ca297db19c8ffff8163d7feaffd986f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/ HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

wirycuxary.top/transfers/css/main.css

91.215.85.133

200 OK

5.5 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/css/main.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
assembler source, ASCII text
Size
5.5 kB (5454 bytes)
Hash
36717d42145f73ab9a5b638447c89ed7
90a37995be6afa124a867dc834eb278422b573a6
2956f9fca926778706350dfa140f50f9170a221a04fbf1ca5b25fc8b58db746e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/css/main.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-6e09"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/css/animate.min.css

91.215.85.133

200 OK

4.0 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/css/animate.min.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text, with very long lines (55097)
Size
4.0 kB (3975 bytes)
Hash
9adccc20459b1bc27bf7f16ab577f25d
056ff7cc4c7ca17c4a52a3d88dcc56242e5cf16f
5a42daf1921ea54fa43ac117b6ed1d6255337d0aa523e5185ca84351d03c05fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/css/animate.min.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-d7da"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/bootstrap/css/bootstrap-reboot.min.css

91.215.85.133

200 OK

1.6 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/bootstrap/css/bootstrap-reboot.min.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text, with very long lines (3455)
Size
1.6 kB (1569 bytes)
Hash
fff5a1c5610b4e8909de23f2200d936b
eb722bcb0f5d507acb789c44c5ab058e26de7e2c
e9493663951399b6e85a64aae34b39277c0d0ede93cc852fb1ee540179160a32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/bootstrap/css/bootstrap-reboot.min.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-efc"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/web/assets/mobirise-icons/mobirise-icons.css

91.215.85.133

200 OK

1.6 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/web/assets/mobirise-icons/mobirise-icons.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text
Size
1.6 kB (1551 bytes)
Hash
45513502ed224380b51c22890c2fbf99
356d42262a9e7693a75f67c0d8f259b8914f2033
7e4bef0411e315409d57f6290b7764ec7de88cbbed6ee613899fc22841a41829

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/web/assets/mobirise-icons/mobirise-icons.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-1da7"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.css

91.215.85.133

200 OK

1.5 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text
Size
1.5 kB (1538 bytes)
Hash
f8c523e601ac63d061b0111a5312c787
0405a5c54f3b5ca1b60dfa2443282ffe22cc8551
e06bd4d7a4ea00fce6bf90a8f92ec3fcbc80c0ae745d66c3960dff397367fbaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-1e6b"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/tether/tether.min.css

91.215.85.133

200 OK

125 B

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/tether/tether.min.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text, with no line terminators
Size
125 B (125 bytes)
Hash
62155a3948cbf17b1bf4b407c90ab84f
4c02e993cdc345d428bfe41afa8a5676e7c717b8
cb84c37000f8fe3e68e24799be081febdf02afd39cec967e80631ac76dea9950

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/tether/tether.min.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-ed"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/dropdown/css/style.css

91.215.85.133

200 OK

1.7 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/dropdown/css/style.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text
Size
1.7 kB (1708 bytes)
Hash
b3e4bc9550bad8fd01585b601e968d14
d2aa0eb868183ae7daa24e4d5ae59c3b3218eb70
38892acc026f0badcbb38eb0b148470f4e57821ae04c892a2cee50b5e0968d35

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/dropdown/css/style.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-1f2e"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/theme/css/style.css

91.215.85.133

200 OK

2.6 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/theme/css/style.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text
Size
2.6 kB (2645 bytes)
Hash
f1a89a47d766e26a5dfdeb971acdb275
b446493632afcfcf6aa5e3e23b9b7f2a49030ac2
e623bc0e69606581c8d60505ff374ada074d6afb486211d6781673f8304a6773

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/theme/css/style.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-2b1f"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/bootstrap/css/bootstrap-grid.min.css

91.215.85.133

200 OK

6.0 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/bootstrap/css/bootstrap-grid.min.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text, with very long lines (48220)
Size
6.0 kB (6023 bytes)
Hash
91b629ae41ccbef306fd92762ec80759
d47d179730b15f6cfe6992f5baac524899b73865
e6d573b7daafdee530dc4204ffb40f9bd192b3f65ed11a0bf02b18b909bca8a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/bootstrap/css/bootstrap-grid.min.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-bd68"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/mobirise/css/mbr-additional.css

91.215.85.133

200 OK

6.4 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/mobirise/css/mbr-additional.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text
Size
6.4 kB (6372 bytes)
Hash
7f8038ac642373223450f94126d5b94f
ff9eae159029697ecbbdb187e79fb31ce98dd598
4bb3196bd5a92498b5cf808ba87a115f814d375c5dd2d46f30e99daacb878f77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/mobirise/css/mbr-additional.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-a4b4"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/popper/popper.min.js

91.215.85.133

200 OK

6.8 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/popper/popper.min.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text, with very long lines (18860)
Size
6.8 kB (6836 bytes)
Hash
3621381129597bf34d48a9e2623e05c9
edb00146d1636c247c7afaa61f11aad0c0fc5120
3675f226f985b64eea6ae8544d5496a32d19993aae1ac4a3fa101263ef3206f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/popper/popper.min.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-4a32"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/tether/tether.min.js

91.215.85.133

200 OK

6.9 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/tether/tether.min.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text, with very long lines (23217), with no line terminators
Size
6.9 kB (6888 bytes)
Hash
3e50b6f75ff4128f2478b1d44f80fdfb
345421c0dfc6ca09aea15cec021617d701e4827f
0a0416e386e436583f5f49242104677e6b16b1aa693d86f32d76845e26081f96

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/tether/tether.min.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-5ab1"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/bootstrap/js/bootstrap.min.js

91.215.85.133

200 OK

15 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/bootstrap/js/bootstrap.min.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text, with very long lines (55494)
Size
15 kB (14722 bytes)
Hash
6895e8cd60b62646ce12426015888f58
de908c9ed184d74eb525fa7a30449b67fc3a1c14
eb795deda8983fa5310627c9584cf3f3b95d272567113500059018b3941cb267

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-d9df"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/smoothscroll/smooth-scroll.js

91.215.85.133

200 OK

7.1 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/smoothscroll/smooth-scroll.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text
Size
7.1 kB (7067 bytes)
Hash
fe29604742445d8c3099def402762a66
62624b445315e5cac20ef0fb77a32047ecc38e88
c91f338f6adfb67bcf0ef83e714b8ab54799f47111d589e380590d063b8bf273

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/smoothscroll/smooth-scroll.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-63e1"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/bootstrap/css/bootstrap.min.css

91.215.85.133

200 OK

23 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/bootstrap/css/bootstrap.min.css
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
ASCII text, with very long lines (65324)
Size
23 kB (23337 bytes)
Hash
f411c136e2bb302ada2120b3eb1d5bc3
3ae9bb0e7929489abd23736ae892939c8fe98645
6b3bef53dc4a96ec07149d02a60b5fd026332bbce0b4ece79f3c55e3ddb85f5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: text/css
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-2565e"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/dropdown/js/nav-dropdown.js

91.215.85.133

200 OK

4.1 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/dropdown/js/nav-dropdown.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text
Size
4.1 kB (4094 bytes)
Hash
f5b18f456d714f5fd3417a1bb278ceed
b1fc495f69ae7b20858e609e50992c5bcab77ed5
d9e800dab50c202621225b605347fedc067286e5fce53a90523f5e4fa404f331

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/dropdown/js/nav-dropdown.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-49e1"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/dropdown/js/navbar-dropdown.js

91.215.85.133

200 OK

966 B

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/dropdown/js/navbar-dropdown.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text
Size
966 B (966 bytes)
Hash
e0064c189b8e7f1523108d56e6910608
1ed0aa4d0802c2d9f8f9bace041b73ca2a3cd7b5
37234ac494ee7d7ffc1ac3f66c44a41ef041c1cc373d07ff2e059dc7f820a2f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/dropdown/js/navbar-dropdown.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-db3"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/theme/js/script.js

91.215.85.133

200 OK

9.4 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/theme/js/script.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text, with very long lines (378)
Size
9.4 kB (9410 bytes)
Hash
b54737b80d9b8f96177040395357f151
f85744add2effebc7e625a91f7d6ef532963c0f2
fab8662fb85c110434438daddddb16a64598909189c83fc050f7c52a6710faa8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/theme/js/script.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-b03b"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/web/assets/jquery/jquery.min.js

91.215.85.133

200 OK

34 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/web/assets/jquery/jquery.min.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text, with very long lines (32047)
Size
34 kB (33543 bytes)
Hash
5790ead7ad3ba27397aedfa3d263b867
8130544c215fe5d1ec081d83461bf4a711e74882
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/web/assets/jquery/jquery.min.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-176bb"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/touchswipe/jquery.touch-swipe.min.js

91.215.85.133

200 OK

5.1 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/touchswipe/jquery.touch-swipe.min.js
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
JavaScript source, ASCII text, with very long lines (20000)
Size
5.1 kB (5086 bytes)
Hash
f60ff05469d1757996d85f4172d4ff4d
69c8c9f0e0fbd9bd9fd1df6c1a18067256d46c73
a10d7edb8fd307f469beaaa75a725e4bdae24a1b867f5bc7960f01e25c99d8e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/touchswipe/jquery.touch-swipe.min.js HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: application/javascript; charset=UTF-8
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65e23f47-4fbc"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

wirycuxary.top/transfers/assets/images/0-200x200.png

91.215.85.133

200 OK

1.8 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/images/0-200x200.png
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
1.8 kB (1826 bytes)
Hash
a0e2de14830c68d40c7f9e7dcc069f59
03d978fbd2ad6113cc4a9aa2d0512ec4bd248c3e
0c6aacdbc5a4fec3ec21dc198685b2fe0ee91ce36497cbdf09cc276da0f5feb1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/images/0-200x200.png HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: image/png
Content-Length: 1826
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Connection: keep-alive
ETag: "65e23f47-722"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

wirycuxary.top/transfers/assets/images/bitcoin_PNG47.png

91.215.85.133

200 OK

9.3 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/images/bitcoin_PNG47.png
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
PNG image data, 400 x 400, 8-bit colormap, non-interlaced
Size
9.3 kB (9299 bytes)
Hash
4d472d4891e10dfc280618fb51202280
233020be00df93b91963049555ed85870c612937
8ed171fdb1a12de5615dbfbb253d1a17456f23210c0ce477a13a392ec67bc6bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/images/bitcoin_PNG47.png HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: image/png
Content-Length: 9299
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Connection: keep-alive
ETag: "65e23f47-2453"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

wirycuxary.top/transfers/assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.ttf?m1l4yr

91.215.85.133

200 OK

37 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.ttf?m1l4yr
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, MobiriseIcons
Size
37 kB (37288 bytes)
Hash
5b036c7c99f6647ab343574a58f39f42
267dbc52fb5b0fdc8466f10442cec0f83103a7aa
41bf22ab5040c05bdf335fa1331ab1ffe6077eb38756a3016a40cd45aa644cb9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.ttf?m1l4yr HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: font/ttf
Content-Length: 37288
Connection: keep-alive
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
ETag: "91a8-6129f82113181"
Accept-Ranges: bytes

fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35448, version 1.0
Size
35 kB (35448 bytes)
Hash
5c138044f30b8c78119264cd744e686a
7605e014180d49087785350bd1906c16c389690d
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445

HTTP Headers

GET /s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wirycuxary.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35448
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:27:03 GMT
expires: Fri, 28 Mar 2025 17:27:03 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Jun 2023 16:14:39 GMT
content-type: font/woff2
age: 44184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35448, version 1.0
Size
35 kB (35448 bytes)
Hash
5c138044f30b8c78119264cd744e686a
7605e014180d49087785350bd1906c16c389690d
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445

HTTP Headers

GET /s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wirycuxary.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35448
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:27:03 GMT
expires: Fri, 28 Mar 2025 17:27:03 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Jun 2023 16:14:39 GMT
content-type: font/woff2
age: 44184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35448, version 1.0
Size
35 kB (35448 bytes)
Hash
5c138044f30b8c78119264cd744e686a
7605e014180d49087785350bd1906c16c389690d
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445

HTTP Headers

GET /s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wirycuxary.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35448
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:27:03 GMT
expires: Fri, 28 Mar 2025 17:27:03 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Jun 2023 16:14:39 GMT
content-type: font/woff2
age: 44184
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wirycuxary.top/transfers/assets/images/0-200x200.png

91.215.85.133

200 OK

1.8 kB

URL GET HTTP/1.1
wirycuxary.top/transfers/assets/images/0-200x200.png
IP
91.215.85.133:443
ASN
#200593 Prospero Ooo

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerLet's Encrypt
Subjectwirycuxary.top
FingerprintDA:00:73:5C:B5:E5:10:AC:C6:8F:65:97:67:92:BD:84:61:38:4F:38
ValidityWed, 27 Mar 2024 09:33:22 GMT - Tue, 25 Jun 2024 09:33:21 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
1.8 kB (1826 bytes)
Hash
a0e2de14830c68d40c7f9e7dcc069f59
03d978fbd2ad6113cc4a9aa2d0512ec4bd248c3e
0c6aacdbc5a4fec3ec21dc198685b2fe0ee91ce36497cbdf09cc276da0f5feb1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /transfers/assets/images/0-200x200.png HTTP/1.1
Host: wirycuxary.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/transfers/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 29 Mar 2024 05:43:27 GMT
Content-Type: image/png
Content-Length: 1826
Last-Modified: Fri, 01 Mar 2024 20:49:11 GMT
Connection: keep-alive
ETag: "65e23f47-722"
Expires: Sat, 30 Mar 2024 05:43:27 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

ok.me/50CG1?DPem

5.61.23.4

301 Moved Permanently

5.7 kB

URL User Request GET HTTP/2
ok.me/50CG1?DPem
IP
5.61.23.4:443
ASN
#47764 LLC VK

Certificate
IssuerGlobalSign nv-sa
Subject*.ok.ru
Fingerprint66:20:81:B9:D0:20:96:BF:13:93:E6:76:FF:C4:19:BD:F6:29:0E:A3
ValidityWed, 04 Oct 2023 08:36:03 GMT - Wed, 02 Oct 2024 09:21:02 GMT

File type

Size
5.7 kB (5693 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /50CG1?DPem HTTP/1.1
Host: ok.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: apache
date: Fri, 29 Mar 2024 05:43:25 GMT
location: https://guryfuytu.top/?u=b4v274&o=c4x2&label=sp
set-cookie: uid=4927d4bf-1880-493d-adf9-417bbf6d01ff; Path=/; Expires=Sat, 29-Mar-2025 05:43:25 GMT; Max-Age=31536000; HttpOnly
expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500,500i,700,700i,900,900i

142.250.74.106

200 OK

24 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Rubik:300,300i,400,400i,500,500i,700,700i,900,900i
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://wirycuxary.top/transfers/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
ASCII text, with very long lines (634)
Size
24 kB (23675 bytes)
Hash
2f17d8ff98d047db694a811822635a8d
9a6c6b33aa6edcb1eacb8b607efdbdacaf06d321
8a31df8d18238a6a3d2576f75269557bf14420053bcff52afad6c057093c4aa4

HTTP Headers

GET /css?family=Rubik:300,300i,400,400i,500,500i,700,700i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wirycuxary.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 29 Mar 2024 05:43:27 GMT
date: Fri, 29 Mar 2024 05:43:27 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

tinyurl.com/3a3js5jz/?DPem

104.20.138.65

301 Moved Permanently

5.7 kB

URL User Request GET HTTP/2
tinyurl.com/3a3js5jz/?DPem
IP
104.20.138.65:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintEE:D2:54:E3:C8:3F:A2:1C:5A:ED:9C:96:DF:BD:97:48:71:E5:B1:50
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
5.7 kB (5693 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /3a3js5jz/?DPem HTTP/1.1
Host: tinyurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 29 Mar 2024 05:43:25 GMT
content-type: text/html; charset=UTF-8
location: https://ok.me/50CG1?DPem
referrer-policy: unsafe-url
x-robots-tag: noindex
x-tinyurl-redirect-type: redirect
cache-control: max-age=0, must-revalidate, no-cache, no-store, private
x-tinyurl-redirect: eyJpdiI6ImZOenZTaXNRVnI3bXNDV1BJdEYxNlE9PSIsInZhbHVlIjoiQ0FNWnFpalJPR25uTkFGTHZBQUtDOU5SK3kraWVjUkRza1VRMFYzM0p1R01pUHFqUGJWM0RTamswU2N5Y2RXUmYrTlZqaXRnOFFHSWpkYlYydytvSlE9PSIsIm1hYyI6ImIxMzFjNTA0MzdjNzcxM2VkNWU1NzEwMGQwMTBiNTA1MWE1ZjdlMDIzZDZmYjRhMGE3OWU3NjQ1NDgyMTE2N2UiLCJ0YWciOiIifQ==
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
set-cookie: __cf_bm=VSwG0UIHIcb3_bi27JKE52PVX3CrHqHjs99YLnnj8UE-1711691005-1.0.1.1-s4Mk2lmE5B_hlCVIo90ixwg.RhLLTdTi91_ewYk.6I7NTLGtheHof53CRxhZQI9JWYOPM735rcr7Yd5UwONU0A; path=/; expires=Fri, 29-Mar-24 06:13:25 GMT; domain=.tinyurl.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 86bd8acc4f2b56cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML