| bv9rhgrjdov.click/cdn-cgi/images/cf-no-screenshot-error.png |  104.21.14.239 | 200 OK | 3.2 kB |
URL GET bv9rhgrjdov.click/cdn-cgi/images/cf-no-screenshot-error.png IP104.21.14.239:80
Requested byhttp://bv9rhgrjdov.click/
File typePNG image data, 178 x 175, 8-bit colormap, non-interlaced Hash0d768cbc261841d3affc933b9ac3130e aff136a4c761e1df1ada7e5d9a6ed0ebea74a4b7 1c53772285052e52bb7c12ad46a85a55747ed7bf66963fe1993fcef91ff5b0d0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Sinkholed / Blocked | | Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | low | ETPRO INFO HTTP Request to a *.click domain |
GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1
Host: bv9rhgrjdov.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://bv9rhgrjdov.click/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 May 2025 14:45:26 GMT
Content-Type: image/png
Content-Length: 3213
Connection: keep-alive
Last-Modified: Tue, 06 May 2025 09:55:49 GMT
ETag: "6819dca5-c8d"
Server: cloudflare
CF-RAY: 93e275c89c309d5d-AMS
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 11 May 2025 16:45:26 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
|
|
| | 104.21.14.239 | 403 Forbidden | 4.6 kB |
IP104.21.14.239:443
CertificateIssuerGoogle Trust Services Subjectbv9rhgrjdov.click Fingerprint19:88:20:15:39:42:EC:8E:29:C2:FF:0B:A6:02:B6:E0:0A:06:12:AC ValiditySat, 26 Apr 2025 19:51:42 GMT - Fri, 25 Jul 2025 20:50:23 GMT
File typeHTML document, ASCII text, with very long lines (396) Hash4742ae0b85e73824ea54dca88d9b9deb d21ce534f1624a213167f3977f02bb52ce5705c2 8d5427054122dd0660768152e85fd6c6b7457b3b774e57e808d5782c679bf374
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | low | ETPRO INFO HTTP Request to a *.click domain |
GET / HTTP/1.1
Host: bv9rhgrjdov.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Sun, 11 May 2025 14:45:26 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=s%2FfbEnyuROOZUduWwdzqgtwUMg6LwRZnlogDs%2FmRk0XTlWbcI5%2FOpC23AhRTlla99dRD0Xw%2BmE0dsTff%2B99c4yBYr1IatpHAX1vVo%2B9PDCXRqGFcmCHohsAhmp0jTGAykZyMow%3D%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 93e275c5ea3717dd-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| | 104.21.14.239 | 403 Forbidden | 4.5 kB |
IP104.21.14.239:80
File typeHTML document, ASCII text, with very long lines (394) Hashcfa3a9e1cb21d30144f868cee5611e0e 1b79ae5c4ee8b7f26da183b761795921e264582c 80dffd4b89a279240e8696d09d6b7f156757d4a9ce0619f3d2103444e41cadf1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | low | ETPRO INFO HTTP Request to a *.click domain |
GET / HTTP/1.1
Host: bv9rhgrjdov.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sun, 11 May 2025 14:45:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Sun, 11 May 2025 14:45:41 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=33Tp7xQ4NstM8LkYr5CXiCojE%2BAtYMbNRPynkq1NzpGA024N%2BmJ7pPDhVfRZJrcquuXV33zvqTI2Ofx0D0lsLAO6dCB0cpPnmUv1pUSQnU90IuQKPw35XXBUyu2gUwkFYLZkyw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 93e275c70d2ed4d1-AMS
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=19496&min_rtt=19496&rtt_var=9748&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=402&delivery_rate=0&cwnd=176&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| bv9rhgrjdov.click/cdn-cgi/styles/cf.errors.css | 104.21.14.239 | 200 OK | 24 kB |
URL GET bv9rhgrjdov.click/cdn-cgi/styles/cf.errors.css IP104.21.14.239:80
Requested byhttp://bv9rhgrjdov.click/
File typeASCII text, with very long lines (24050) Hash5e8c69a459a691b5d1b9be442332c87d f24dd1ad7c9080575d92a9a9a2c42620725ef836 84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | low | ETPRO INFO HTTP Request to a *.click domain |
GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: bv9rhgrjdov.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bv9rhgrjdov.click/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 May 2025 14:45:26 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2025 09:55:49 GMT
ETag: W/"6819dca5-5df3"
Server: cloudflare
CF-RAY: 93e275c80856d4d1-AMS
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 11 May 2025 16:45:26 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
|
|
| bv9rhgrjdov.click/favicon.ico | 104.21.14.239 | 403 Forbidden | 4.5 kB |
URL GET bv9rhgrjdov.click/favicon.ico IP104.21.14.239:80
Requested byhttp://bv9rhgrjdov.click/
File typeHTML document, ASCII text, with very long lines (394) Hash10406d5cba8ed0bde457f49d2bed921b 4e9f6c593973e11c0c12311842d9965979a40368 81c8cf4e96f051c7edd25d6a2beaa34b2bdbf6eaeed453d00a9ceb6aa68ee35f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | low | ETPRO INFO HTTP Request to a *.click domain |
GET /favicon.ico HTTP/1.1
Host: bv9rhgrjdov.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://bv9rhgrjdov.click/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sun, 11 May 2025 14:45:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Sun, 11 May 2025 14:45:41 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69duR%2BFjfbiuvHuKCAtpft3EUrxLZHZLhcwPRJd0TwiBvhy7Gj2GuUgtK0g3Gd9PvIDYyV%2FjXYngGQd9Ufhp9AF189cbPU2i2MnMVqAmES771gjafXmqU8C52%2FPGASshhU%2FSsw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 93e275c859b0d4d1-AMS
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=19652&min_rtt=19496&rtt_var=1095&sent=9&recv=13&lost=0&retrans=0&sent_bytes=7668&recv_bytes=1130&delivery_rate=366192&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| bv9rhgrjdov.click/cdn-cgi/images/browser-bar.png?1376755637 | 104.21.14.239 | 200 OK | 715 B |
URL GET bv9rhgrjdov.click/cdn-cgi/images/browser-bar.png?1376755637 IP104.21.14.239:80
Requested byhttp://bv9rhgrjdov.click/
File typePNG image data, 960 x 53, 8-bit colormap, non-interlaced Hash226dcb8f6144bdaafdfbd8f2f354be64 3785cc5b3bf52f8e398177b0ff1020b24aa86b8c 8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Sinkholed / Blocked | | Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | low | ETPRO INFO HTTP Request to a *.click domain |
GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1
Host: bv9rhgrjdov.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://bv9rhgrjdov.click/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 May 2025 14:45:26 GMT
Content-Type: image/png
Content-Length: 715
Connection: keep-alive
Last-Modified: Tue, 06 May 2025 09:55:49 GMT
ETag: "6819dca5-2cb"
Server: cloudflare
CF-RAY: 93e275c89f42907e-AMS
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 11 May 2025 16:45:26 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
|
|