Report - surlz.com/K4ncU

Report Overview

Visited public
2024-12-24 04:30:40
Tags
URL
surlz.com/K4ncU
Finishing URL
wurlz.com/vhCSq
IP / ASN
202.10.43.25
#58487 CV. Rumahweb Indonesia
Title
AmpliTube 5 amp simulation and guitar gear modeling software - WurlZ | Url Shortener, Bio Pages & QR Codes

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2024-12-18	1.1 kB	98 kB	216.58.207.227
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16	2024-12-18	2.4 kB	620 kB	216.58.211.14
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2024-12-18	926 B	117 kB	142.250.74.106
surlz.com	unknown	2024-10-05	2021-02-17	2024-12-19	469 B	442 B	202.10.43.25
www.googletagmanager.com	75	2011-11-11	2012-10-04	2024-12-18	416 B	111 kB	142.250.74.168
wurlz.com	unknown	2024-06-10	2021-05-22	2024-12-21	5.1 kB	190 kB	202.10.43.25
yurlz.com	unknown	2024-03-17	2020-03-13	2024-12-08	387 B	1.4 kB	203.175.9.42

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed
2024-12-24	medium	wurlz.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	wurlz.com/static/bundle.pack.js	ScriptElement	332 kB	2023-03-07	2025-05-26
Pretty URL wurlz.com/static/bundle.pack.js IP 202.10.43.25 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41 Last Seen2025-05-26 21:32 Times Seen129 Hash b7a0b4d8ad643025de822486283a2bbf 28b0afdd6b9ccf94645ac0ed5c55aa35c7dc892c fc981871b8271bea9270a3af4f77bb50d37101e555dd6801fe7ecf9e26a9b12b Loading...

	wurlz.com/vhCSq	ScriptElement	271 B	2024-12-24	2024-12-24
Pretty URL wurlz.com/vhCSq IP 202.10.43.25 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-24 04:30 Last Seen2024-12-24 04:30 Times Seen1 Hash b239890d0adf99ecfe48e06e6a068945 e34377e64b3f095bf69fa2732fd8498a3eec24ce 408cae42e45c3e29042392962beb9ca48894bb7416c5a54544605c8f6445e87a Loading...

	wurlz.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzvURqnN7XWAIROf2f0Q-7GMaIk_w/m=web_iab_tcf_v2_wall_executable	ScriptElement	411 kB	2024-12-24	2024-12-24
Pretty URL wurlz.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzvURqnN7XWAIROf2f0Q-7GMaIk_w/m=web_iab_tcf_v2_wall_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 04:30 Last Seen2024-12-24 04:30 Times Seen1 Hash cd4bf02bc4c0632cfe8e78e1f328dde2 e3f98b0d841e08dba9d75dd11071eae56314ad3c 53bdc1f1c84c2e231baa8aeb69de8f9d00c603f0453177ab621851fe00d458d8 Loading...

	wurlz.com/vhCSq	ScriptElement	153 B	2024-08-14	2024-12-24
Pretty URL wurlz.com/vhCSq IP 202.10.43.25 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-14 05:33 Last Seen2024-12-24 04:30 Times Seen9 Hash 1fab68e115c43c299e2beb6c2aa5e563 c9744d2f2082e32b9c3fa7dc5910bdfdc9e1d533 ffecb7795b868f9526faa6a22266d7ebb15fae78bd11240c36a68e2e941d9c3d Loading...

	wurlz.com/vhCSq	ScriptElement	429 B	2023-03-07	2025-05-27
Pretty URL wurlz.com/vhCSq IP 202.10.43.25 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:02 Last Seen2025-05-27 20:04 Times Seen2770 Hash eafaa0be830db11da3770638100b686f db325dc427493ed0c2988ef229573b7093425466 96adbda6f380d09bfd780e4143e165a48037b43421d3964980a4343aedc644ab Loading...

	wurlz.com/vhCSq	ScriptElement	57 B	2023-03-07	2025-05-27
Pretty URL wurlz.com/vhCSq IP 202.10.43.25 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06 Last Seen2025-05-27 19:46 Times Seen9758 Hash 2a2781f9bb6302c2f96df0d1e96ef524 796bb90146495848c0c479533c367edadb94f1a9 1b60af0ce49d65e8b1006457c16883d60e53a0054bb157c57c3b03a82ee9964d Loading...

	wurlz.com/static/frontend/js/app.js	ScriptElement	11 kB	2023-11-09	2024-12-24
Pretty URL wurlz.com/static/frontend/js/app.js IP 202.10.43.25 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 08:18 Last Seen2024-12-24 04:30 Times Seen6 Hash 2a8772d1e9b2bdb8a5c39567421e43a8 d599585223cd2eb49ae0f9e60a08b99789ace2b4 deccfdf30f85ad472350ab8c2fbbfe59c98f359106975f63df25e44bafee2959 Loading...

	yurlz.com/script.js	ScriptElement	2.3 kB	2024-06-02	2024-12-24
Pretty URL yurlz.com/script.js IP 203.175.9.42 ASN #58487 CV. Rumahweb Indonesia Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-02 17:03 Last Seen2024-12-24 04:30 Times Seen15 Hash e9f4fffa121358f2554120d2091e6bb4 7c7509f82ae170fe2a0733bc3a9729ddcb523c79 b0594ebd942c125dec5ca6f3997ff913cf391e65bbdb83617c7670a23a48adb4 Loading...

	wurlz.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable	ScriptElement	202 kB	2024-12-24	2024-12-24
Pretty URL wurlz.com/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 04:30 Last Seen2024-12-24 04:30 Times Seen1 Hash 123941947771d19430dd6162cab48425 9d9be42b5fba35f75e1684db154e736268178622 057f09028cff2c9a5e31b287c5804d4a7d8a4424f41cd966e282e414623a87b7 Loading...

	wurlz.com/vhCSq	ScriptElement	118 B	2023-03-07	2025-05-26
Pretty URL wurlz.com/vhCSq IP 202.10.43.25 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:41 Last Seen2025-05-26 21:32 Times Seen121 Hash 982efd2020ed171ec78a895f2b736e3d 0526cf2fa9d5215f46785b00fe92618b6aa54dd6 e001849b5104424cb522367dd4d3ac91f5d52f763cdfdcdeaf2d0f78441c80ea Loading...

	www.googletagmanager.com/gtag/js?id=G-RCT5CLH0J5	ScriptElement	331 kB	2024-12-24	2024-12-24
Pretty URL www.googletagmanager.com/gtag/js?id=G-RCT5CLH0J5 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-24 04:30 Last Seen2024-12-24 04:30 Times Seen1 Hash a8296a999144b7f13e6b3f077abf35f3 e4f0fde1a8f1fc33e49a4200b577cdd4de58ad84 e4025f14f541625d82affb1cfe12f1645dd977831cef3bac12fda57ea1d4c914 Loading...

	wurlz.com/static/server.min.js	ScriptElement	6.6 kB	2024-03-24	2025-05-13
Pretty URL wurlz.com/static/server.min.js IP 202.10.43.25 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-24 14:49 Last Seen2025-05-13 19:48 Times Seen45 Hash 75615ee1407a7b254fdf4e1611993374 b0bc74b4b9c6fe3cbd94d136a240a8c98a174bf4 99ed7bb31293008bb7c66efdec7c8ac4403d229e69d4631c68775ad4a75af674 Loading...

HTTP Transactions (20)

URL IP Response Size

surlz.com/K4ncU

202.10.43.25

200 OK

68 B

URL
surlz.com/K4ncU
IP
202.10.43.25:0
ASN
#0

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
68 B (68 bytes)
Hash
2d9533db59caf438ed27bb9971fa96a3
535ed6cdb6164bb5b3a4abcf91003a3a91cb89aa
63d0fc432fb839fe49530cc18dd470478461da7ac2e59c75521dfd4e8e08e338

HTTP Headers

GET /K4ncU HTTP/1.1
Host: surlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-length: 68
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Dec 2024 04:30:14 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-RCT5CLH0J5

142.250.74.168

200 OK

110 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RCT5CLH0J5
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintFA:A6:D6:5C:A6:DC:BE:D1:9A:34:42:70:3B:66:13:21:40:A4:C9:E4
ValidityMon, 02 Dec 2024 08:35:56 GMT - Mon, 24 Feb 2025 08:35:55 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
110 kB (109861 bytes)
Hash
a8296a999144b7f13e6b3f077abf35f3
e4f0fde1a8f1fc33e49a4200b577cdd4de58ad84
e4025f14f541625d82affb1cfe12f1645dd977831cef3bac12fda57ea1d4c914

HTTP Headers

GET /gtag/js?id=G-RCT5CLH0J5 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Dec 2024 04:30:17 GMT
expires: Tue, 24 Dec 2024 04:30:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 109861
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wurlz.com/content/bootstrap.min.css

202.10.43.25

200 OK

20 kB

URL GET HTTP/2
wurlz.com/content/bootstrap.min.css
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
20 kB (20356 bytes)
Hash
abe91756d18b7cd60871a2f47c1e8192
7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /content/bootstrap.min.css HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 31 Dec 2024 04:30:16 GMT
content-type: text/css
last-modified: Sun, 22 Dec 2024 17:24:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 20356
date: Tue, 24 Dec 2024 04:30:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

wurlz.com/static/frontend/libs/fontawesome/all.min.css

202.10.43.25

200 OK

22 kB

URL GET HTTP/2
wurlz.com/static/frontend/libs/fontawesome/all.min.css
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
ASCII text, with very long lines (52276)
Size
22 kB (21871 bytes)
Hash
9a99091cf45671ab2ee178fc3896a494
043f09bf20c5478aaca2abb5b3f4b034a20cca6a
58fdbb37ecb0c8a4d514714e322edef085c1f9d71e703b3925b054437f446166

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/frontend/libs/fontawesome/all.min.css HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 31 Dec 2024 04:30:16 GMT
content-type: text/css
last-modified: Tue, 15 Aug 2023 23:51:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 21871
date: Tue, 24 Dec 2024 04:30:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

wurlz.com/content/style.css

202.10.43.25

200 OK

204 B

URL GET HTTP/2
wurlz.com/content/style.css
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
204 B (204 bytes)
Hash
94278d01669d752c5c039cd092ab5c39
4e87712779d5e46c90508c480344b4632d164799
c9b654eb780f221ee5198fca9566d9dd7f7206dad772f22d59c1624fb6f8c235

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /content/style.css HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 31 Dec 2024 04:30:16 GMT
content-type: text/css
last-modified: Sun, 22 Dec 2024 17:24:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 204
date: Tue, 24 Dec 2024 04:30:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

wurlz.com/content/main.css?v=1.0

202.10.43.25

200 OK

19 kB

URL GET HTTP/2
wurlz.com/content/main.css?v=1.0
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
19 kB (18662 bytes)
Hash
c39ec12f53fd1bf812f93336e6da8dfa
a32a09cb11df42c65ae85b49c31c80a3bf9163fc
07a55b4ff29f34ab118a6a505b44854e737835cc8a71e2b50238565b21912d1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /content/main.css?v=1.0 HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 31 Dec 2024 04:30:16 GMT
content-type: text/css
last-modified: Sun, 22 Dec 2024 17:24:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18662
date: Tue, 24 Dec 2024 04:30:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

wurlz.com/content/LOGO.png

202.10.43.25

200 OK

9.4 kB

URL GET HTTP/2
wurlz.com/content/LOGO.png
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
PNG image data, 300 x 90, 8-bit/color RGBA, non-interlaced
Size
9.4 kB (9429 bytes)
Hash
3affa878aca955b1883ba71953c4ff3c
3bf49e2965745601f24b4eaea3ce09883cbde26d
1bcb50ede530731cc44358433079e0d242269379eedab795d73220c7973ef16d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /content/LOGO.png HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 31 Dec 2024 04:30:16 GMT
content-type: image/png
last-modified: Tue, 17 Sep 2024 18:19:21 GMT
accept-ranges: bytes
content-length: 9429
date: Tue, 24 Dec 2024 04:30:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

yurlz.com/script.js

203.175.9.42

200 OK

851 B

URL GET HTTP/2
yurlz.com/script.js
IP
203.175.9.42:443
ASN
#58487 CV. Rumahweb Indonesia

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectyurlz.com
Fingerprint31:19:91:11:81:F8:40:B2:E3:5E:C6:F7:A9:A6:49:EA:E3:44:C2:8A
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2256), with no line terminators
Size
851 B (851 bytes)
Hash
e9f4fffa121358f2554120d2091e6bb4
7c7509f82ae170fe2a0733bc3a9729ddcb523c79
b0594ebd942c125dec5ca6f3997ff913cf391e65bbdb83617c7670a23a48adb4

HTTP Headers

GET /script.js HTTP/1.1
Host: yurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
set-cookie: PHPSESSID=19edbe3c06c87c6b2e8924aadaf1d185; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/javascript;charset=UTF-8
content-length: 851
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Dec 2024 04:30:18 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

wurlz.com/static/bundle.pack.js

202.10.43.25

200 OK

92 kB

URL GET HTTP/2
wurlz.com/static/bundle.pack.js
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
92 kB (91814 bytes)
Hash
b7a0b4d8ad643025de822486283a2bbf
28b0afdd6b9ccf94645ac0ed5c55aa35c7dc892c
fc981871b8271bea9270a3af4f77bb50d37101e555dd6801fe7ecf9e26a9b12b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/bundle.pack.js HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/javascript
last-modified: Thu, 28 Oct 2021 10:50:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 91814
date: Tue, 24 Dec 2024 04:30:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

wurlz.com/static/frontend/js/app.js

202.10.43.25

200 OK

2.9 kB

URL GET HTTP/2
wurlz.com/static/frontend/js/app.js
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
2.9 kB (2943 bytes)
Hash
2a8772d1e9b2bdb8a5c39567421e43a8
d599585223cd2eb49ae0f9e60a08b99789ace2b4
deccfdf30f85ad472350ab8c2fbbfe59c98f359106975f63df25e44bafee2959

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/frontend/js/app.js HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/javascript
last-modified: Tue, 22 Aug 2023 04:20:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2943
date: Tue, 24 Dec 2024 04:30:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

wurlz.com/static/server.min.js

202.10.43.25

200 OK

1.7 kB

URL GET HTTP/2
wurlz.com/static/server.min.js
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6640), with no line terminators
Size
1.7 kB (1720 bytes)
Hash
75615ee1407a7b254fdf4e1611993374
b0bc74b4b9c6fe3cbd94d136a240a8c98a174bf4
99ed7bb31293008bb7c66efdec7c8ac4403d229e69d4631c68775ad4a75af674

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/server.min.js HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/javascript
last-modified: Sat, 27 Jan 2024 11:59:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1720
date: Tue, 24 Dec 2024 04:30:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

wurlz.com/content/favicon.png

202.10.43.25

200 OK

5.3 kB

URL GET HTTP/3
wurlz.com/content/favicon.png
IP
202.10.43.25:443
ASN
#0

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
PNG image data, 86 x 86, 8-bit/color RGBA, non-interlaced
Size
5.3 kB (5316 bytes)
Hash
7dbcdf74f9de5b502cc44283842da1a7
56fe3c6196c5d2f975eb2ad15a9f428ee9e55dee
eb0fc9683b20171ce883362deeab1341db539f39be83ffd65348767e7e669e7e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /content/favicon.png HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/vhCSq
Cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; short_6227=1; _ga_RCT5CLH0J5=GS1.1.1735014618.1.0.1735014618.0.0.0; _ga=GA1.1.490072758.1735014619
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Tue, 31 Dec 2024 04:30:18 GMT
content-type: image/png
last-modified: Sun, 08 Sep 2024 17:02:08 GMT
accept-ranges: bytes
content-length: 5316
date: Tue, 24 Dec 2024 04:30:18 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wurlz.com
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 03:56:30 GMT
expires: Sun, 21 Dec 2025 03:56:30 GMT
cache-control: public, max-age=31536000
age: 261229
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint40:A7:D7:D3:7D:FA:BE:34:C0:7E:6F:F7:9F:55:52:22:92:07:C7:EF
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wurlz.com
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Dec 2024 03:56:30 GMT
expires: Sun, 21 Dec 2025 03:56:30 GMT
cache-control: public, max-age=31536000
age: 261230
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/el/AGSKWxU621DfQCIsYbrXBOYbDBDhm7uh4LdZuTDdG6XmP6_u9NeC3aod6uPEJICidjut1e8zM5ftq6nsRMsLvBsQdK8q6Pl6kWar8RVf7sIGEDsC7YTI7llmSeB1RP0v8b3sv4cW0lHe

216.58.211.14

204 No Content

0 B

URL POST HTTP/3
fundingchoicesmessages.google.com/el/AGSKWxU621DfQCIsYbrXBOYbDBDhm7uh4LdZuTDdG6XmP6_u9NeC3aod6uPEJICidjut1e8zM5ftq6nsRMsLvBsQdK8q6Pl6kWar8RVf7sIGEDsC7YTI7llmSeB1RP0v8b3sv4cW0lHe
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxU621DfQCIsYbrXBOYbDBDhm7uh4LdZuTDdG6XmP6_u9NeC3aod6uPEJICidjut1e8zM5ftq6nsRMsLvBsQdK8q6Pl6kWar8RVf7sIGEDsC7YTI7llmSeB1RP0v8b3sv4cW0lHe HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 192
Origin: https://wurlz.com
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://wurlz.com
access-control-allow-credentials: true
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 24 Dec 2024 04:30:20 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'nonce-oZOLZkjg4YaU076fqPOtGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw05BicEqfwRoCxB_qL7P-AGKGr1dYOYBYiJvjzscVu9kEGmYt1lRyScovjE_OzytJzSvRTUwp1gWxizKTSkvyi1DYqWUgFTn56emZeenxRgZGJoZGhkZ6BmbxBQYAv-EqRA"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fundingchoicesmessages.google.com/el/AGSKWxU621DfQCIsYbrXBOYbDBDhm7uh4LdZuTDdG6XmP6_u9NeC3aod6uPEJICidjut1e8zM5ftq6nsRMsLvBsQdK8q6Pl6kWar8RVf7sIGEDsC7YTI7llmSeB1RP0v8b3sv4cW0lHe

216.58.211.14

204 No Content

0 B

URL POST HTTP/3
fundingchoicesmessages.google.com/el/AGSKWxU621DfQCIsYbrXBOYbDBDhm7uh4LdZuTDdG6XmP6_u9NeC3aod6uPEJICidjut1e8zM5ftq6nsRMsLvBsQdK8q6Pl6kWar8RVf7sIGEDsC7YTI7llmSeB1RP0v8b3sv4cW0lHe
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxU621DfQCIsYbrXBOYbDBDhm7uh4LdZuTDdG6XmP6_u9NeC3aod6uPEJICidjut1e8zM5ftq6nsRMsLvBsQdK8q6Pl6kWar8RVf7sIGEDsC7YTI7llmSeB1RP0v8b3sv4cW0lHe HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 168
Origin: https://wurlz.com
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://wurlz.com
access-control-allow-credentials: true
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 24 Dec 2024 04:30:20 GMT
content-security-policy: script-src 'nonce-r5GN8H8oFVE1EvBRR4vBMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0pBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiJvjzscVu9kEZkxaoKXkkpRfGJ-cn1eSmleim5hSrAtiF2UmlZbkF6GwU8tAKnLy09Mz89LjjQyMTAyNDI30DMziCwwAxbQqVg"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

wurlz.com/vhCSq

202.10.43.25

200 OK

14 kB

URL User Request GET HTTP/2
wurlz.com/vhCSq
IP
202.10.43.25:443
ASN
#0

Certificate
IssuerSectigo Limited
Subjectwurlz.com
FingerprintBE:24:93:8E:FF:0C:F4:60:D6:C6:E2:E3:98:FE:0A:A9:37:CC:42:8D
ValiditySat, 28 Sep 2024 00:00:00 GMT - Sun, 28 Sep 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (557), with CRLF, LF line terminators
Size
14 kB (13992 bytes)
Hash
9f41aa4987b4e3ccebb75de6497cbd9e
5b2ed44c5cd9f3655b887f4d82612d7baed76335
cc85c310eb4050bfcd0173d5474e6c4e2b2fceecc594cba91f01dde4e510422b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vhCSq HTTP/1.1
Host: wurlz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surlz.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=855595029b8fa3a6704be885528dc61f; path=/; secure
short_6227=1; expires=Tue, 24-Dec-2024 04:45:16 GMT; Max-Age=900; path=/; HttpOnly; secure
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Dec 2024 04:30:16 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/i/pub-4855156325436986?ers=1

216.58.211.14

200 OK

202 kB

URL GET HTTP/2
fundingchoicesmessages.google.com/i/pub-4855156325436986?ers=1
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2775)
Size
202 kB (201645 bytes)
Hash
123941947771d19430dd6162cab48425
9d9be42b5fba35f75e1684db154e736268178622
057f09028cff2c9a5e31b287c5804d4a7d8a4424f41cd966e282e414623a87b7

HTTP Headers

GET /i/pub-4855156325436986?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 24 Dec 2024 04:30:19 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'nonce-wvIAa63R4-yysImhuzANuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw15BikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcNz-uGI3m8CMvh3XGZU0kvIL45Pz80qKMpNKS_KL0pLTUotTi8pSi-KNDIxMDI0MjfQMDOMLDACjoUXV"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.106

200 OK

117 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans_old:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto_old:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint30:E5:7E:29:A5:A1:81:DB:C8:A8:49:80:67:40:12:AB:30:C0:34:8D
ValidityMon, 02 Dec 2024 08:36:58 GMT - Mon, 24 Feb 2025 08:36:57 GMT

File type
ASCII text, with very long lines (1572)
Size
117 kB (116709 bytes)
Hash
f6026bae332c9046bfa76934f398c6bc
c9a0450aafc63ec7ca2a09b22058c2fae609b354
cf68e417b18de9291584a8df2b4c7aa67e651d11b2f6bc67336d28269c0f15e0

HTTP Headers

GET /css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans_old:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto_old:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 24 Dec 2024 04:30:19 GMT
date: Tue, 24 Dec 2024 04:30:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fundingchoicesmessages.google.com/f/AGSKWxXSqg9p-P67Wyjlxh4LRu28TfvXDrhkIhXt1hth8fYlaHtcP2kwaYcyjC0khjRCe-4jkMJf_VC53vz2ApuA-I4K7niDYyty4gqcGKCpLwB2PHurgOsHl8PQFvEskBD_zaNEgK9D?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM1MDE0NjE5LDY0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93dXJsei5jb20vdmhDU3EiLG51bGwsW1s4LCJJTXo1N3ljNWhWdyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0

216.58.211.14

200 OK

411 kB

URL GET HTTP/3
fundingchoicesmessages.google.com/f/AGSKWxXSqg9p-P67Wyjlxh4LRu28TfvXDrhkIhXt1hth8fYlaHtcP2kwaYcyjC0khjRCe-4jkMJf_VC53vz2ApuA-I4K7niDYyty4gqcGKCpLwB2PHurgOsHl8PQFvEskBD_zaNEgK9D?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM1MDE0NjE5LDY0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93dXJsei5jb20vdmhDU3EiLG51bGwsW1s4LCJJTXo1N3ljNWhWdyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://wurlz.com/vhCSq
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type

Size
411 kB (411399 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /f/AGSKWxXSqg9p-P67Wyjlxh4LRu28TfvXDrhkIhXt1hth8fYlaHtcP2kwaYcyjC0khjRCe-4jkMJf_VC53vz2ApuA-I4K7niDYyty4gqcGKCpLwB2PHurgOsHl8PQFvEskBD_zaNEgK9D?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM1MDE0NjE5LDY0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93dXJsei5jb20vdmhDU3EiLG51bGwsW1s4LCJJTXo1N3ljNWhWdyJdLFs5LCJlbi1VUyJdLFsxOSwiMSJdXV0 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wurlz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 24 Dec 2024 04:30:19 GMT
content-security-policy: script-src 'nonce-MhS9Mr8B0pik4w8B59oyvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmII1JBikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcNz-uGI3m8CKHZfPMylpJOUXxifn55UUZSaVluQXpSWnpRanFpWlFsUbGRiZGBoZGukZGMYXGAAAsu9GJQ"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML