| fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 |  142.250.178.99 | 200 OK | 15 kB |
URL GET fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.178.99:443
Requested byhttps://ul4.rxguzqe.es/3VNrMehQ/#Mngraves@slurpmail.net CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8 ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15344, version 1.0 Hash5d4aeb4e5f5ef754e307d7ffaef688bd 06db651cdf354c64a7383ea9c77024ef4fb4cef8 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ul4.rxguzqe.es
DNT: 1
Connection: keep-alive
Referer: https://ul4.rxguzqe.es/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Apr 2025 12:58:05 GMT
expires: Tue, 14 Apr 2026 12:58:05 GMT
cache-control: public, max-age=31536000
age: 21155
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ul4.rxguzqe.es/favicon.ico |  104.21.7.130 | 404 Not Found | 0 B |
URL GET ul4.rxguzqe.es/favicon.ico IP104.21.7.130:443
Requested byhttps://ul4.rxguzqe.es/3VNrMehQ/#Mngraves@slurpmail.net CertificateIssuerGoogle Trust Services Subjectrxguzqe.es FingerprintFD:E7:0E:7F:4A:FD:F3:51:20:B4:5A:98:8B:26:92:B3:5F:4F:73:9E ValidityWed, 09 Apr 2025 07:13:25 GMT - Tue, 08 Jul 2025 08:11:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /favicon.ico HTTP/1.1
Host: ul4.rxguzqe.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ul4.rxguzqe.es/3VNrMehQ/
Cookie: XSRF-TOKEN=eyJpdiI6ImZ5b2lBbXdWN3dsUnFMdkZYOEkxR1E9PSIsInZhbHVlIjoiM1cySEJEMXg3d3JzREppbVlYaU5EcnlMSUVnZUM1UjN3aHJVNkozVk56WnZlekRpcjV2V014YWIxMzVzTUkyQm5lZkRqa2QwMGdKUGFnNWQ0TUJCQTdDMlkxdzJpSlVoRWQ4VnNEVS8vaWJzeHQ1dDZ4SDFiazdCbUFIMThxS1UiLCJtYWMiOiI1NjUwYjg2NzU1MmI5MzkxYzUzOTY5YjJiMTk2ZTIwMWUyNGZjN2RhMGNjZjc0ZDMxNDU2Y2Q0M2RkNGQ3OWI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkxZWU4ydGcvTUUvYzNpZFJvMDNoWnc9PSIsInZhbHVlIjoiNnd0NlBaUndrNUlON2FnUlYzU0cvRGFxWlc4Tml2UEZ1M2t2WEJJOWJrZExrNkVRZFJIWTRHdnBUWGZNVFlacVlGT1pZZ1J0VWZ3b2VMamhrNzNCL3NQYS9mZWdmNlpuY0hvSStnK1FWMFg5bUlmTWk1S3drQndNSkUrSXVYOVEiLCJtYWMiOiI4NWQzZmQ2NDQ2ODhkOTBhZGMyMTU1ZDU3ZWMxYzcyOTE3YmE0ODY0OTdlZDc5OGUyZWU4ODAxNDg2MmI1MTMxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Mon, 14 Apr 2025 18:50:41 GMT
content-type: text/html; charset=UTF-8
cf-ray: 930563e53bbf18ef-FRA
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5wBo4CYPQea5RweeMPuzhbJKPga1h4bbGhr66x%2BP954Wy4JFfMAP6T55kmsMzZHdKst3qek3LF4eMSmZRr5Js%2B1aY6PZkVqpcN1A45r0%2FDIAHJhUyvFVWdZB0nH%2BDJy387Py"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=15743&min_rtt=15736&rtt_var=5915&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2099&delivery_rate=256079&cwnd=252&unsent_bytes=0&cid=a1cac017fabfd1c8&ts=37&x=0", cfL4;desc="?proto=QUIC&rtt=31178&min_rtt=26581&rtt_var=15318&sent=13&recv=10&lost=0&retrans=0&sent_bytes=3789&recv_bytes=1876&delivery_rate=1168&cwnd=12000&unsent_bytes=0&cid=4b68c94ef4cec6e7&ts=1354&x=16"
cache-control: max-age=14400
cf-cache-status: EXPIRED
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/recaptcha/api2/logo_48.png | 172.217.21.163 | 200 OK | 2.2 kB |
URL GET www.gstatic.com/recaptcha/api2/logo_48.png IP172.217.21.163:443
Requested byhttps://ul4.rxguzqe.es/3VNrMehQ/#Mngraves@slurpmail.net CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8 ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT
File typePNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Hashef9941290c50cd3866e2ba6b793f010d 4736508c795667dcea21f8d864233031223b7832 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ul4.rxguzqe.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 11 Apr 2025 13:55:36 GMT
expires: Fri, 18 Apr 2025 13:55:36 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 276905
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| m.exactag.com/ai.aspx?uwc=d9959719bc4xtimr0b07205bbd26a23a8d2e6b6b4f9&url=http:towsila.com/dayo/xfhfco/4sewo8/bmdyYXZlc0BzbHVycG1haWwubmV0 |  85.14.248.71 | 302 Found | 0 B |
URL User Request GET m.exactag.com/ai.aspx?uwc=d9959719bc4xtimr0b07205bbd26a23a8d2e6b6b4f9&url=http:towsila.com/dayo/xfhfco/4sewo8/bmdyYXZlc0BzbHVycG1haWwubmV0 IP85.14.248.71:443
CertificateIssuerSectigo Limited Subject*.exactag.com FingerprintAD:1E:76:07:59:FF:5D:3E:A2:0D:40:A5:22:9F:26:40:B6:66:D1:A7 ValidityFri, 06 Sep 2024 00:00:00 GMT - Fri, 26 Sep 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ai.aspx?uwc=d9959719bc4xtimr0b07205bbd26a23a8d2e6b6b4f9&url=http:towsila.com/dayo/xfhfco/4sewo8/bmdyYXZlc0BzbHVycG1haWwubmV0 HTTP/1.1
Host: m.exactag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mo, 14 Apr 2025 06:50:38 GMT
Location: http:towsila.com/dayo/xfhfco/4sewo8/bmdyYXZlc0BzbHVycG1haWwubmV0
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: *
X-ET-Code: 20
X-ET-Camp: 0
X-ET-Monitoring: 1
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Strict-Transport-Security: max-age=31536000
Date: Mon, 14 Apr 2025 18:50:38 GMT
Connection: close
Content-Length: 0
cross-origin-resource-policy: cross-origin
X-Xss-Protection: 0
X-Content-Type-Options: nosniff
|
|
| towsila.com/dayo/xfhfco/4sewo8/bmdyYXZlc0BzbHVycG1haWwubmV0 | 198.23.62.204 | 200 OK | 0 B |
URL User Request GET towsila.com/dayo/xfhfco/4sewo8/bmdyYXZlc0BzbHVycG1haWwubmV0 IP198.23.62.204:80
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dayo/xfhfco/4sewo8/bmdyYXZlc0BzbHVycG1haWwubmV0 HTTP/1.1
Host: towsila.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 14 Apr 2025 18:50:38 GMT
Server: Apache
refresh: 0;url=https://ul4.rxguzqe.es/3VNrMehQ/#Mngraves@slurpmail.net
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| ul4.rxguzqe.es/3VNrMehQ/#Mngraves@slurpmail.net | 104.21.7.130 | 200 OK | 403 kB |
URL User Request GET ul4.rxguzqe.es/3VNrMehQ/#Mngraves@slurpmail.net IP104.21.7.130:443
CertificateIssuerGoogle Trust Services Subjectrxguzqe.es FingerprintFD:E7:0E:7F:4A:FD:F3:51:20:B4:5A:98:8B:26:92:B3:5F:4F:73:9E ValidityWed, 09 Apr 2025 07:13:25 GMT - Tue, 08 Jul 2025 08:11:54 GMT
File typeHTML document, ASCII text, with very long lines (65364) Size403 kB (403137 bytes) Hashb6784c338be77b0ecb9e80c58079035c e83218e41c3fa99307ffbbe2671d1e803c06a3c1 de5c349e8dbb523e3bbe88db3fc5b9ec5535fe7f4808fef0dd6146645b6050d9
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Anti-debugging code | | urlquery | phishing | Phishing - Tycoon Phishing Kit |
GET /3VNrMehQ/ HTTP/1.1
Host: ul4.rxguzqe.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 14 Apr 2025 18:50:39 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2BbpmK6reM3Ybkd%2BJChgO6%2F1AyW9wJVoW9jnNMWDKW0LWiEmC4sNkH2psKJoCX7IgUPkIgMlWMvNA%2BjzzxgGWmkc2XnlSEy%2BsVf8LVZCGcllolruMdb2uE5Vf8M6gZoyM31s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6ImZ5b2lBbXdWN3dsUnFMdkZYOEkxR1E9PSIsInZhbHVlIjoiM1cySEJEMXg3d3JzREppbVlYaU5EcnlMSUVnZUM1UjN3aHJVNkozVk56WnZlekRpcjV2V014YWIxMzVzTUkyQm5lZkRqa2QwMGdKUGFnNWQ0TUJCQTdDMlkxdzJpSlVoRWQ4VnNEVS8vaWJzeHQ1dDZ4SDFiazdCbUFIMThxS1UiLCJtYWMiOiI1NjUwYjg2NzU1MmI5MzkxYzUzOTY5YjJiMTk2ZTIwMWUyNGZjN2RhMGNjZjc0ZDMxNDU2Y2Q0M2RkNGQ3OWI5IiwidGFnIjoiIn0%3D; expires=Mon, 14-Apr-2025 20:50:39 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkxZWU4ydGcvTUUvYzNpZFJvMDNoWnc9PSIsInZhbHVlIjoiNnd0NlBaUndrNUlON2FnUlYzU0cvRGFxWlc4Tml2UEZ1M2t2WEJJOWJrZExrNkVRZFJIWTRHdnBUWGZNVFlacVlGT1pZZ1J0VWZ3b2VMamhrNzNCL3NQYS9mZWdmNlpuY0hvSStnK1FWMFg5bUlmTWk1S3drQndNSkUrSXVYOVEiLCJtYWMiOiI4NWQzZmQ2NDQ2ODhkOTBhZGMyMTU1ZDU3ZWMxYzcyOTE3YmE0ODY0OTdlZDc5OGUyZWU4ODAxNDg2MmI1MTMxIiwidGFnIjoiIn0%3D; expires=Mon, 14-Apr-2025 20:50:39 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 930563db982b4f72-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15978&min_rtt=15945&rtt_var=4543&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1398&delivery_rate=251289&cwnd=251&unsent_bytes=0&cid=ba685e5c8a512582&ts=239&x=0", cfL4;desc="?proto=TCP&rtt=25800&min_rtt=19763&rtt_var=14365&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3196&recv_bytes=1132&delivery_rate=219693&cwnd=255&unsent_bytes=0&cid=489d501929e467b4&ts=497&x=0"
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.66.137 | 200 OK | 90 kB |
URL GET code.jquery.com/jquery-3.6.0.min.js IP151.101.66.137:443
Requested byhttps://ul4.rxguzqe.es/3VNrMehQ/#Mngraves@slurpmail.net CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ul4.rxguzqe.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 14 Apr 2025 18:50:40 GMT
age: 3325844
x-served-by: cache-lga21931-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1741346
x-timer: S1744656640.417953,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|