| auto-connexion.org/OVH/auth/login.php | 188.114.97.1 | 403 Forbidden | 167 B |
URL User Request GET HTTP/3auto-connexion.org/OVH/auth/login.php IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectauto-connexion.org FingerprintEF:E6:C6:44:15:4B:07:BB:B6:A9:4A:1D:E2:1E:07:4C:26:C8:A5:EA ValiditySun, 14 Apr 2024 21:30:53 GMT - Sat, 13 Jul 2024 21:30:52 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /OVH/auth/login.php HTTP/1.1
Host: auto-connexion.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Wed, 17 Apr 2024 09:06:47 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 17 Apr 2024 10:06:47 GMT
Location: https://auto-connexion.org/OVH/auth/login.php
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DD69hwTPMTQJl4g99KKmld516kzqKl0l4Zh0fDfWqtBxPTa3bU5FTaGSiefaO0sDH0iGQe9ylTSoRpV0IuUsJ3lXIFBWfTafgbVIhlcjXigqZovK9qqI8Fz3wG7Bci3sKpQ7uFQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 875b42d6da2a92a4-CPH
alt-svc: h2=":443"; ma=60
|
|
| auto-connexion.org/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=875b42d73cf492e5 | 188.114.96.1 | | 118 kB |
URL auto-connexion.org/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=875b42d73cf492e5 IP188.114.96.1:0
CertificateIssuerLet's Encrypt Subjectauto-connexion.org FingerprintEF:E6:C6:44:15:4B:07:BB:B6:A9:4A:1D:E2:1E:07:4C:26:C8:A5:EA ValiditySun, 14 Apr 2024 21:30:53 GMT - Sat, 13 Jul 2024 21:30:52 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size118 kB (117637 bytes) Hash3c9679b735bcb00b3e50b47663cac2bb d84265bf6ac1c098c680f47fe437190c7c8c0c7d c937d2d34f25b0cf33c06261e0c17b8264db2d4a7ecfe1fabcdb315b53b15a1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=875b42d73cf492e5 HTTP/1.1
Host: auto-connexion.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto-connexion.org/OVH/auth/login.php?__cf_chl_rt_tk=GAeZCfORlB.4WF7m1Kuvv71wO54mNXq.8sgvWU3HZ58-1713344807-0.0.1.1-1322
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:06:47 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRB6ggPCacwT6PXfTKD6Ni%2FGhFUF6%2B2PqmoJLy%2FmmyaLQ4vnyD7gJ%2BdPSyja3zGJPOZqTIuSEc5fbEGdO2imkW7xWkM3Y0uJgqu43AzXnaHljp9Z9pVxZyHd5j%2Bm131tPwdaogo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b42d7ee7692e5-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| auto-connexion.org/cdn-cgi/challenge-platform/scripts/jsd/main.js | 188.114.96.1 | 302 Found | 0 B |
URL GET HTTP/3auto-connexion.org/cdn-cgi/challenge-platform/scripts/jsd/main.js IP188.114.96.1:443
Requested byhttps://auto-connexion.org/OVH/auth/login.php CertificateIssuerLet's Encrypt Subjectauto-connexion.org FingerprintEF:E6:C6:44:15:4B:07:BB:B6:A9:4A:1D:E2:1E:07:4C:26:C8:A5:EA ValiditySun, 14 Apr 2024 21:30:53 GMT - Sat, 13 Jul 2024 21:30:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: auto-connexion.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=c148e3a367e8008; cf_clearance=MGHFDhV78ftqYEteY7z3dOXj.0yJzhUn4mfn02BX7_M-1713344807-1.0.1.1-wkjnsI1GXd12ocTNqcCwNv2lZapJS6GWErMTdegtQusjMbQXv9vrFzfVLFEJsJ5lnt23RbZJLqndPCR01VkmWQ; MWT_IpRaOC4S8EtSJbKAQw2Wtlo=vOwh96vVLt6ef2up0Rhbjnc_X0A; Ep70MNR3SG1y9PFSn3BShl0DyFk=1713344810; lk85pHhAnryhUlMjW6H1ga25n7c=1713431210; k5gVwgmnhTkxzq-R3fL28c2pTfQ=dG_ebMKhN6je26omQ0Jp4vB778g; hSMkBf3GNOP4BDuO4s6a9Duafnk=ftplJocvolnwXhVLbRiRY_-2UIQ; 1of9Nj2p3_bGGmNOD7mNvcMM22c=lkLPZiL_UVgRTxwDers97UXe5XU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 17 Apr 2024 09:06:55 GMT
content-length: 0
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f5avTYGShBaifdNV4%2FDX1aV1r4ua640vUMI9rpSMwpxXhnBDnXb%2BE6YRJSNPRzLCjHRvLE8tyc6iwUXtDdst0Pp6fEjE4CpQ3yO2uo4U8oEIn7VunLtn74F38yriIWVYbQ%2Fv%2F7E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b430838d56de8-CPH
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=875b42dd68128f5f | 104.17.2.184 | | 121 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=875b42dd68128f5f IP104.17.2.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size121 kB (121060 bytes) Hashc36966b816bb22e34a46ea1c6ece97d2 1491bc754d53e8a49ce4030927fd8da77a91da57 fc73a26e8e4a351e4ea59e830a3562de37be54ea955564cf183ac76acc8cb47c
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=875b42dd68128f5f HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ix53h/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:06:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 875b42debb1c8f5f-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| auto-connexion.org/cdn-cgi/challenge-platform/scripts/jsd/main.js | 188.114.96.1 | 302 Found | 0 B |
URL GET HTTP/3auto-connexion.org/cdn-cgi/challenge-platform/scripts/jsd/main.js IP188.114.96.1:443
Requested byhttps://auto-connexion.org/OVH/auth/login.php CertificateIssuerLet's Encrypt Subjectauto-connexion.org FingerprintEF:E6:C6:44:15:4B:07:BB:B6:A9:4A:1D:E2:1E:07:4C:26:C8:A5:EA ValiditySun, 14 Apr 2024 21:30:53 GMT - Sat, 13 Jul 2024 21:30:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: auto-connexion.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=c148e3a367e8008; cf_clearance=MGHFDhV78ftqYEteY7z3dOXj.0yJzhUn4mfn02BX7_M-1713344807-1.0.1.1-wkjnsI1GXd12ocTNqcCwNv2lZapJS6GWErMTdegtQusjMbQXv9vrFzfVLFEJsJ5lnt23RbZJLqndPCR01VkmWQ; MWT_IpRaOC4S8EtSJbKAQw2Wtlo=vOwh96vVLt6ef2up0Rhbjnc_X0A; Ep70MNR3SG1y9PFSn3BShl0DyFk=1713344810; lk85pHhAnryhUlMjW6H1ga25n7c=1713431210; k5gVwgmnhTkxzq-R3fL28c2pTfQ=dG_ebMKhN6je26omQ0Jp4vB778g; hSMkBf3GNOP4BDuO4s6a9Duafnk=ftplJocvolnwXhVLbRiRY_-2UIQ; 1of9Nj2p3_bGGmNOD7mNvcMM22c=lkLPZiL_UVgRTxwDers97UXe5XU; Na29JMVJucGi6iEtm6u0jG7vdDk=xGvcNAUiktZj2YWAIWEVXrdZ9fc; Yjb7nPs6fauvM9xtubUpxPWH7g8=1713344813; AJDc22tnRfITVMbA8iG8VukoRtY=1713431213; mny_kGDNUXTddrsVvVXr6jBeKM8=xUXpWh-5O7EI4pqNpcD8jj_rfQI; JmLGxBkt48wap2i3hGTwMicul2E=pGsBSnNhhoimZ6LJFW54dIsIYRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 17 Apr 2024 09:06:56 GMT
content-length: 0
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LfjkLCsSS%2BTD6ck6PNQuNM6hxN3bo4vlq2agqOvHc%2FG1nzBH%2BpSnSKTIj8p7LVT5IQ3BZ%2Fc2irR9oR%2B7xRFcyXUqWnEjpg8D0kkyDgNyiIgTAAMj%2BgKxlyp%2B5OgUnLKoQf2U9I0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b430d1a736de8-CPH
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/634999112:1713343376:deKTTrs311t_9IfOmjuToPw4Ajr3i1Ku74q0xUT-J8Q/875b42dd68128f5f/525990a71bd6ae6 | 104.17.2.184 | | 8.6 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/634999112:1713343376:deKTTrs311t_9IfOmjuToPw4Ajr3i1Ku74q0xUT-J8Q/875b42dd68128f5f/525990a71bd6ae6 IP104.17.2.184:0
File typeASCII text, with very long lines (3496), with no line terminators Hash1a991225d22fde1cfa820f434512739f 8f6b57182eb0cdd9029c25ddc56b665f735a7490 332f73ceeee12ce6c6e0a8d4c9b61d517f9c8f56c57fc08f5917db0d4edd4d9a
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/634999112:1713343376:deKTTrs311t_9IfOmjuToPw4Ajr3i1Ku74q0xUT-J8Q/875b42dd68128f5f/525990a71bd6ae6 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ix53h/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 525990a71bd6ae6
Content-Length: 35644
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:06:54 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: CNwLZdQ0wVWkIKxaIHw5Xy0DzRz5ky97Pgsw5gq4OxkJXkth8K3F4x6l540915Z/3DUFStRjTqgmdcIXUfAyH8IqDX7VLHqETwShmgnQl6nvFPyGgYn5dn8+OKy+gnd+$niU83ByES3+M2t2ftY+saA==
cf-chl-out-s: EvIEKOd6xyDS4SHWa9or77KrU1rkIJL4qXFp3qRZ0IjMKpTPurVGYJ2L4g+DAm0hQFSZiWaAbgEWU0l/06/mec/InUALhO9+zdUIFMGUflPcnrRTDsexlmyhSYtrPykiP97C8mfVGB15FeQu41sWFqCr5P9n1S2knQajPCYSub59yUJqF5GN7NYuRcDgWPt7uH86ygedCpqD4snpXYMI1b/qJgkjF+h3V9VBAEf/4OLNzeHsvj7i3zcggf8NwTjzcEWGflLkQr2Ddeahax6eFVkMaQWd83B3fz224PpEIrcY+GzGy3LEcrINPJzODIB9ys64ZjMQFh3BN37axqWeIaNk0iFILSArStdF5SGsOjS7xDuADEvXGSyJ31udBE8UgyR/JZv+1C8mXY2br33QJtYw1GGo2JS/FTqa4OqrBOZdFXbtlcbslvvRpzRpUEnM9N9Lc/ZE0amjUHYxJudcP0H9hMWXwFMsl0YkpYGD8XB7p92F7/0X7O0eAz6DjPymd+OTL4CzyuFTMHztzX8LLiEEWlXXDlZm9pc3UHaTWtj2y7qLXj5RQg4CX6eiO25w8iCjCNStOERi/IWdVWuptvoAeJeriP0oOEq7JFiMvxvaICMM5EEeePx7732NmTC3$LYppTg8Cd7EAoC9KO0yiIw==
server: cloudflare
cf-ray: 875b42ffbb498f5f-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| auto-connexion.org/OVH/auth/login.php | 188.114.96.1 | 403 Forbidden | 10 kB |
URL User Request GET HTTP/3auto-connexion.org/OVH/auth/login.php IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectauto-connexion.org FingerprintEF:E6:C6:44:15:4B:07:BB:B6:A9:4A:1D:E2:1E:07:4C:26:C8:A5:EA ValiditySun, 14 Apr 2024 21:30:53 GMT - Sat, 13 Jul 2024 21:30:52 GMT
File typeHTML document, ASCII text, with very long lines (1125), with CRLF line terminators Hash9be701b73c886e3bc8842196489fc600 525e79f0e9c52cfc20412ac645f99f279d0e3a6e dbf0bf80b89bbeebf34c01bb0ecbfa8910d1e4be15853915a91d572eac14914f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /OVH/auth/login.php HTTP/1.1
Host: auto-connexion.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auto-connexion.org/OVH/auth/login.php
Cookie: cf_chl_3=c148e3a367e8008; cf_clearance=MGHFDhV78ftqYEteY7z3dOXj.0yJzhUn4mfn02BX7_M-1713344807-1.0.1.1-wkjnsI1GXd12ocTNqcCwNv2lZapJS6GWErMTdegtQusjMbQXv9vrFzfVLFEJsJ5lnt23RbZJLqndPCR01VkmWQ; MWT_IpRaOC4S8EtSJbKAQw2Wtlo=vOwh96vVLt6ef2up0Rhbjnc_X0A; Ep70MNR3SG1y9PFSn3BShl0DyFk=1713344810; lk85pHhAnryhUlMjW6H1ga25n7c=1713431210; k5gVwgmnhTkxzq-R3fL28c2pTfQ=dG_ebMKhN6je26omQ0Jp4vB778g; hSMkBf3GNOP4BDuO4s6a9Duafnk=ftplJocvolnwXhVLbRiRY_-2UIQ; 1of9Nj2p3_bGGmNOD7mNvcMM22c=lkLPZiL_UVgRTxwDers97UXe5XU; Na29JMVJucGi6iEtm6u0jG7vdDk=xGvcNAUiktZj2YWAIWEVXrdZ9fc; Yjb7nPs6fauvM9xtubUpxPWH7g8=1713344813; AJDc22tnRfITVMbA8iG8VukoRtY=1713431213; mny_kGDNUXTddrsVvVXr6jBeKM8=xUXpWh-5O7EI4pqNpcD8jj_rfQI; JmLGxBkt48wap2i3hGTwMicul2E=pGsBSnNhhoimZ6LJFW54dIsIYRQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
date: Wed, 17 Apr 2024 09:06:56 GMT
content-type: text/html
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5OAXbXLnG9LIM9tpeFxIiHWWrDWGkMFjzp4kIoStQyDk2VtYqEnJs7o%2Fivw4wP4G2mqYc2vgBEbHjm%2BH0G18MpHkpe18FeL4XwySCtIcA8LJhpKb%2BJupyqtvHPA4Z6LPOkcWda8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b430b0eaf6de8-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| auto-connexion.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js | 188.114.96.1 | 200 OK | 7.9 kB |
URL GET HTTP/3auto-connexion.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js IP188.114.96.1:443
Requested byhttps://auto-connexion.org/OVH/auth/login.php CertificateIssuerLet's Encrypt Subjectauto-connexion.org FingerprintEF:E6:C6:44:15:4B:07:BB:B6:A9:4A:1D:E2:1E:07:4C:26:C8:A5:EA ValiditySun, 14 Apr 2024 21:30:53 GMT - Sat, 13 Jul 2024 21:30:52 GMT
File typeJavaScript source, ASCII text, with very long lines (7860), with no line terminators Hash73b49cd9612774e99922e76461307d71 91b35306d1744ab9179effc36b4801bdfa062b7b f77ee8ca8d632c45ee8426073d97a8971459af2960723dab8cc0ec31dc769144
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js HTTP/1.1
Host: auto-connexion.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=c148e3a367e8008; cf_clearance=MGHFDhV78ftqYEteY7z3dOXj.0yJzhUn4mfn02BX7_M-1713344807-1.0.1.1-wkjnsI1GXd12ocTNqcCwNv2lZapJS6GWErMTdegtQusjMbQXv9vrFzfVLFEJsJ5lnt23RbZJLqndPCR01VkmWQ; MWT_IpRaOC4S8EtSJbKAQw2Wtlo=vOwh96vVLt6ef2up0Rhbjnc_X0A; Ep70MNR3SG1y9PFSn3BShl0DyFk=1713344810; lk85pHhAnryhUlMjW6H1ga25n7c=1713431210; k5gVwgmnhTkxzq-R3fL28c2pTfQ=dG_ebMKhN6je26omQ0Jp4vB778g; hSMkBf3GNOP4BDuO4s6a9Duafnk=ftplJocvolnwXhVLbRiRY_-2UIQ; 1of9Nj2p3_bGGmNOD7mNvcMM22c=lkLPZiL_UVgRTxwDers97UXe5XU; Na29JMVJucGi6iEtm6u0jG7vdDk=xGvcNAUiktZj2YWAIWEVXrdZ9fc; Yjb7nPs6fauvM9xtubUpxPWH7g8=1713344813; AJDc22tnRfITVMbA8iG8VukoRtY=1713431213; mny_kGDNUXTddrsVvVXr6jBeKM8=xUXpWh-5O7EI4pqNpcD8jj_rfQI; JmLGxBkt48wap2i3hGTwMicul2E=pGsBSnNhhoimZ6LJFW54dIsIYRQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:06:56 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACeAiNY80alB0gK14z5W%2BjEZNogT6t1vLEjcZjtuXfTE8Zd0od12BQu%2FvuZHle63O0T0LfxnTHSjcDHNLWIo6J8uf6e%2BaaAM3Z4WVolbyHFmn9ynRs6rvhAb1fS2BWkJAXYz%2BRw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b430d6b1a6de8-CPH
alt-svc: h3=":443"; ma=86400
|
|
| auto-connexion.org/favicon.ico | 188.114.96.1 | 403 Forbidden | 162 B |
URL GET HTTP/3auto-connexion.org/favicon.ico IP188.114.96.1:443
Requested byhttps://auto-connexion.org/OVH/auth/login.php CertificateIssuerLet's Encrypt Subjectauto-connexion.org FingerprintEF:E6:C6:44:15:4B:07:BB:B6:A9:4A:1D:E2:1E:07:4C:26:C8:A5:EA ValiditySun, 14 Apr 2024 21:30:53 GMT - Sat, 13 Jul 2024 21:30:52 GMT
File typeHTML document, ASCII text, with no line terminators Hash0ef2b9f28f9ebfb072330d8ddb4184e3 2bcca27f05bad1fd9ec50da70c2baec44ec44eec aedf5b700f95f8a96ad1130238f32ef291176aeac3709806424a6ad409a93805
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: auto-connexion.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://auto-connexion.org/OVH/auth/login.php
Cookie: cf_chl_3=c148e3a367e8008; cf_clearance=MGHFDhV78ftqYEteY7z3dOXj.0yJzhUn4mfn02BX7_M-1713344807-1.0.1.1-wkjnsI1GXd12ocTNqcCwNv2lZapJS6GWErMTdegtQusjMbQXv9vrFzfVLFEJsJ5lnt23RbZJLqndPCR01VkmWQ; MWT_IpRaOC4S8EtSJbKAQw2Wtlo=vOwh96vVLt6ef2up0Rhbjnc_X0A; Ep70MNR3SG1y9PFSn3BShl0DyFk=1713344810; lk85pHhAnryhUlMjW6H1ga25n7c=1713431210; k5gVwgmnhTkxzq-R3fL28c2pTfQ=dG_ebMKhN6je26omQ0Jp4vB778g; hSMkBf3GNOP4BDuO4s6a9Duafnk=ftplJocvolnwXhVLbRiRY_-2UIQ; 1of9Nj2p3_bGGmNOD7mNvcMM22c=lkLPZiL_UVgRTxwDers97UXe5XU; Na29JMVJucGi6iEtm6u0jG7vdDk=xGvcNAUiktZj2YWAIWEVXrdZ9fc; Yjb7nPs6fauvM9xtubUpxPWH7g8=1713344813; AJDc22tnRfITVMbA8iG8VukoRtY=1713431213; mny_kGDNUXTddrsVvVXr6jBeKM8=xUXpWh-5O7EI4pqNpcD8jj_rfQI; JmLGxBkt48wap2i3hGTwMicul2E=pGsBSnNhhoimZ6LJFW54dIsIYRQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Wed, 17 Apr 2024 09:06:56 GMT
content-type: text/html
x-content-type-options: nosniff, nosniff
x-xss-protection: 1; mode=block, 1; mode=block
cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
pragma: public
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YOwjuv%2Bc100oDzG7bV8gLQrPqx1lIXzLVmnzduFVPF38qv6B3r9Ae3gYARJzuj1HW4iEs%2B0YGbFkuBrgAnVO7PomwJodIcVwho0bp4MWkSXRvzmUugV5AEyiaayg1GjNOqvS0VU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b430d0a576de8-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| auto-connexion.org/cdn-cgi/challenge-platform/h/b/jsd/r/875b430b0eaf6de8 | 188.114.96.1 | 200 OK | 0 B |
URL POST HTTP/3auto-connexion.org/cdn-cgi/challenge-platform/h/b/jsd/r/875b430b0eaf6de8 IP188.114.96.1:443
Requested byhttps://auto-connexion.org/OVH/auth/login.php CertificateIssuerLet's Encrypt Subjectauto-connexion.org FingerprintEF:E6:C6:44:15:4B:07:BB:B6:A9:4A:1D:E2:1E:07:4C:26:C8:A5:EA ValiditySun, 14 Apr 2024 21:30:53 GMT - Sat, 13 Jul 2024 21:30:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/jsd/r/875b430b0eaf6de8 HTTP/1.1
Host: auto-connexion.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12180
Origin: https://auto-connexion.org
DNT: 1
Connection: keep-alive
Referer: https://auto-connexion.org/OVH/auth/login.php
Cookie: cf_chl_3=c148e3a367e8008; cf_clearance=MGHFDhV78ftqYEteY7z3dOXj.0yJzhUn4mfn02BX7_M-1713344807-1.0.1.1-wkjnsI1GXd12ocTNqcCwNv2lZapJS6GWErMTdegtQusjMbQXv9vrFzfVLFEJsJ5lnt23RbZJLqndPCR01VkmWQ; MWT_IpRaOC4S8EtSJbKAQw2Wtlo=vOwh96vVLt6ef2up0Rhbjnc_X0A; Ep70MNR3SG1y9PFSn3BShl0DyFk=1713344810; lk85pHhAnryhUlMjW6H1ga25n7c=1713431210; k5gVwgmnhTkxzq-R3fL28c2pTfQ=dG_ebMKhN6je26omQ0Jp4vB778g; hSMkBf3GNOP4BDuO4s6a9Duafnk=ftplJocvolnwXhVLbRiRY_-2UIQ; 1of9Nj2p3_bGGmNOD7mNvcMM22c=lkLPZiL_UVgRTxwDers97UXe5XU; Na29JMVJucGi6iEtm6u0jG7vdDk=xGvcNAUiktZj2YWAIWEVXrdZ9fc; Yjb7nPs6fauvM9xtubUpxPWH7g8=1713344813; AJDc22tnRfITVMbA8iG8VukoRtY=1713431213; mny_kGDNUXTddrsVvVXr6jBeKM8=xUXpWh-5O7EI4pqNpcD8jj_rfQI; JmLGxBkt48wap2i3hGTwMicul2E=pGsBSnNhhoimZ6LJFW54dIsIYRQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:06:56 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=8TmlIdyF_A4munzvfMuUdf2Y8l1vqsR3iPC93_TcbfA-1713344816-1.0.1.1-wyTQDxQFC_Zbp9_KasA4pXWd1cxdoLldX0XI3e1ktMPwJ2s5m1ll6hHhoVUJ6NheUGFFYlPqIf2CDw7j.HgKhQ; path=/; expires=Thu, 17-Apr-25 09:06:56 GMT; domain=.auto-connexion.org; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wwYyGwKlqL%2BrjJMOv1Uxv5h1FUc2R05czq0N8Q3dDSpwcH61jGXq4q7AHM5g9VNUWjQXiDslbhGxDTeaCSynoGVkgGZMtwzR1Ijswhj14UGCq6MrstcYm8uGQPd52LNRswVv2ik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b430e7cc96de8-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|