IP 104.21.112.1:0
File typeXML 1.0 document, ASCII text, with no line terminators Hashe7a9350210b4dba641f6020447c96045 581accef4a8b7fbed97291fe7dd4e113f794ec80 08142330655deb1526dcc56795c92eb5c13012f75b599d5ac68db4027953ed80
| Analyzer | Verdict | Alert |
|---|
| ClamAV | malicious | Win.Malware.Agent3100026061/CRDF-1 |
GET / HTTP/1.1
Host: bt.dns-finder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 22 Jan 2025 15:00:03 GMT
Content-Type: application/xml; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: AFIdbgSs5rM_RCA3-_6UjnN8cOrpQF_rDkS9kdcItmAoCDN6F43B4cRFxG8p8ZYGMw20sTrCSyP2C-4
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Expires: Wed, 22 Jan 2025 15:00:03 GMT
Cache-Control: private, max-age=0
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=301Jl5SzxFxxGdzk%2Bibj9n4SHNRumsQFKRR85dQZC4eKLi0oelX1aAbMvqtzoLUk3jRq9XtVthihSS25uK4znu09nd2yVrXDlSVHw1BlVqZuux%2Ftepm5T0agGCSs4zhoYpcl6w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9060694f4db1b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=468&min_rtt=468&rtt_var=234&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
| bt.dns-finder.com/favicon.ico | 104.21.112.1 | 403 Forbidden | 108 B |
URL bt.dns-finder.com/favicon.ico IP104.21.112.1:0
File typeXML 1.0 document, ASCII text, with no line terminators Hashe7a9350210b4dba641f6020447c96045 581accef4a8b7fbed97291fe7dd4e113f794ec80 08142330655deb1526dcc56795c92eb5c13012f75b599d5ac68db4027953ed80
| Analyzer | Verdict | Alert |
|---|
| ClamAV | malicious | Win.Malware.Agent3100026061/CRDF-1 |
GET /favicon.ico HTTP/1.1
Host: bt.dns-finder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://bt.dns-finder.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 22 Jan 2025 15:00:03 GMT
Content-Type: application/xml; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: AFIdbgTlwKeYsB6k7wV0KmCKFt4PvaVtBYhEr-wNN7Bhtbb7OhopO8_SRYoVGaXZTyjy7J51wW-AQzM
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Expires: Wed, 22 Jan 2025 15:00:03 GMT
Cache-Control: private, max-age=0
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ChCBXrukHERS5oeTTJJ59J1DXmvHVcdjXHGUxEBlvqEYWOrbH9ZTbevkJKnq3vRT%2FSKAhlgXIE39CcbJXGnBDabqOzboPDSCYAB7dEI22cceeGYRWyYZvR02T4%2BPtbQTM09lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 90606951d95db511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=483&min_rtt=468&rtt_var=156&sent=4&recv=6&lost=0&retrans=0&sent_bytes=1187&recv_bytes=737&delivery_rate=5080701&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|