Report - crdpro.cc/attachments/45211

Report Overview

Visited public
2024-09-01 13:00:10
Tags
URL
crdpro.cc/attachments/45211
Finishing URL
crdpro.cc/attachments/45211
IP / ASN
109.120.177.13
#0
Title
Log in | CrdPro - Your Path to Financial Freedom

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pic-cc.com	unknown	2024-01-14	2021-01-29 10:55:05	2024-03-14 11:37:21	423 B	25 kB	188.114.96.1
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-31 18:12:11	981 B	2.7 kB	23.33.119.57
newassets.hcaptcha.com	11055	2018-01-12	2021-03-22 11:55:22	2024-08-31 18:15:14	2.7 kB	1.6 MB	104.19.230.21
api2.hcaptcha.com	unknown	2018-01-12	2023-05-02 16:13:46	2024-08-31 22:31:59	610 B	1.5 kB	104.19.230.21
hcaptcha.com	5458	2018-01-12	2018-04-03 05:49:29	2024-08-31 22:32:01	433 B	151 kB	104.19.230.21
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-31 18:12:11	1.6 kB	4.4 kB	23.33.119.57
crdpro.cc	333274	2019-05-16	2016-08-14 17:48:56	2024-04-18 03:05:46	12 kB	1.8 MB	109.120.177.13

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	pic-cc.com	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed
2024-09-01	medium	crdpro.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	crdpro.cc/js/vendor/jquery/jquery-3.5.1.min.js?_v=a4a08653	ScriptElement	90 kB	2023-03-07	2025-05-13
Pretty URL crdpro.cc/js/vendor/jquery/jquery-3.5.1.min.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-13 03:07 Times Seen109072 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	crdpro.cc/attachments/45211	ScriptElement	414 B	2024-02-06	2024-09-20
Pretty URL crdpro.cc/attachments/45211 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-06 22:28 Last Seen2024-09-20 20:03 Times Seen46 Hash 99c333b655407dea3934be573c6bd268 0c91feef9d4b7cdb28df6a079b6efdc481cf5d8f 258eb3c4e5d4b5b3fa98fb7ff1062bafee50bff0d87e87af79c9bb1206700343 Loading...

	crdpro.cc/js/textTimeSlider.js	ScriptElement	542 B	2023-03-10	2024-09-20
Pretty URL crdpro.cc/js/textTimeSlider.js IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 03:40 Last Seen2024-09-20 20:03 Times Seen45 Hash 6733c7c14b4ed56fc6d0d05183efa090 855b13d37fc3b7a711f1e95b2fa2cef5863c833f 14690056896141e8514b28818f670a2e767e03b807d0563b434d798a1de11d62 Loading...

	crdpro.cc/attachments/45211	ScriptElement	292 B	2023-03-10	2024-09-20
Pretty URL crdpro.cc/attachments/45211 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 03:40 Last Seen2024-09-20 20:03 Times Seen45 Hash ccb65a6c6920bae8784a0ecca74ba8a5 0d51cf4d7fcdac67bdcb938d547d92738d56f600 42f7837962a25b4ce8b8e945fe660ac9797629240819fa4fa794eeae80c720b6 Loading...

	hcaptcha.com/1/api.js?onload=XFHCaptchaCallback&render=explicit	ScriptElement	150 kB	2024-08-29	2024-09-20
Pretty URL hcaptcha.com/1/api.js?onload=XFHCaptchaCallback&render=explicit IP 104.19.230.21 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-29 21:49 Last Seen2024-09-20 20:06 Times Seen66 Hash dffc735bb3e9653d1d3469b217ee9a57 b1eba24f77f600e1f035f16044bf0e9e436ce7ed 54e6ed7d7d3dd6da61545f4fd2f94e8d524f68cbd5de09addd7267aa3a9c6b21 Loading...

	crdpro.cc/js/xf/core-compiled.js?_v=a4a08653	ScriptElement	223 kB	2023-03-12	2025-03-29
Pretty URL crdpro.cc/js/xf/core-compiled.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:15 Last Seen2025-03-29 20:11 Times Seen61 Hash 8f95f6cab41a3a4df4a42f9f84cb6de5 bcd5d7f35405d29ab10aa45c339d39f112715cac 0afe41155bf1fef6148527c69cc082fb95c2520ebcd698092338b18d0c163b37 Loading...

	crdpro.cc/js/xf/captcha.min.js?_v=a4a08653	ScriptElement	7.1 kB	2024-07-09	2024-09-20
Pretty URL crdpro.cc/js/xf/captcha.min.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-09 20:50 Last Seen2024-09-20 20:03 Times Seen43 Hash 44643d7d4465b95e648138d8036141f3 626545ed5565910cdeda8780e7c2aa31d9bfba02 7e710008122a88b261f57ccd9c460e9af930ff599b0a2268c03150596eaf32cb Loading...

	crdpro.cc/js/xf/notice.min.js?_v=a4a08653	ScriptElement	4.1 kB	2023-03-07	2025-04-25
Pretty URL crdpro.cc/js/xf/notice.min.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-04-25 08:01 Times Seen195 Hash 63049b9eaef4fc36b4760e70565867dc 3aa9b669698b00486243dbf80fc12865693db5ee 07c6e6a76275666257a3b3f654e9021a3c6f89090a5df2cf5fe5e9cb5709b92a Loading...

	crdpro.cc/js/svg/theiastickysidebar/resize-sensor.min.js?_v=a4a08653	ScriptElement	2.3 kB	2023-03-07	2025-05-06
Pretty URL crdpro.cc/js/svg/theiastickysidebar/resize-sensor.min.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2025-05-06 12:26 Times Seen258 Hash 4c4b4b2ffb01486666a9ea84fc115945 d672f8340ce0c8e6c23438f46e20fa59b339e4d8 8f8078d5fa79042c80aff9ac50f962fca0a2461febc620b567e38fff39ddc182 Loading...

	crdpro.cc/js/svg/theiastickysidebar/theia-sticky-sidebar.min.js?_v=a4a08653	ScriptElement	5.4 kB	2023-03-07	2025-05-06
Pretty URL crdpro.cc/js/svg/theiastickysidebar/theia-sticky-sidebar.min.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-06 12:26 Times Seen512 Hash 69a423fcaf8f22778a2e059b2c554a17 18f416a138fc5bcf4786585cb55a8d46af9976a6 d88b2f05bcd6de59fcdc958ab1c6f63d0225f275d24ce003381c09deb3a4bf1e Loading...

	newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html#frame=challenge&id=059032w929py&host=crdpro.cc&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=c006f668-8945-4230-ac5c-ef48a4ceeca7&theme=dark&origin=https%3A%2F%2Fcrdpro.cc	ScriptElement	356 kB	2024-08-30	2024-09-20
Pretty URL newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html#frame=challenge&id=059032w929py&host=crdpro.cc&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=c006f668-8945-4230-ac5c-ef48a4ceeca7&theme=dark&origin=https%3A%2F%2Fcrdpro.cc IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-30 00:01 Last Seen2024-09-20 20:04 Times Seen38 Hash 99e45aae9bba992c689f27f9c679617c f773b5beb5c50b0a5ab66583b865134c05b67b74 ad0aab7acaa0f837c11e02928540b4c24573529637c943b37aaf4bfd05138116 Loading...

	crdpro.cc/js/vendor/vendor-compiled.js?_v=a4a08653	ScriptElement	71 kB	2023-03-08	2025-04-11
Pretty URL crdpro.cc/js/vendor/vendor-compiled.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:58 Last Seen2025-04-11 19:33 Times Seen95 Hash 442aa782a444ce632d969df6e14d5fb2 30c3c0e3e0b1b4ecc7a99d58a13bed83271189bc a97392a02775136f7fcda1786540414e4a6595f79c49dc1bc9c790f472a9a9f3 Loading...

	crdpro.cc/js/xf/login_signup.min.js?_v=a4a08653	ScriptElement	4.3 kB	2023-03-10	2025-04-16
Pretty URL crdpro.cc/js/xf/login_signup.min.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 08:10 Last Seen2025-04-16 22:18 Times Seen995 Hash 95b0a4d12c901622df53e4c08281b438 e62bc3c3b1df403c7f457986662d3b5a148c7056 6647d0f2f0e0151d2cd9b8c106b1fb665278194cbd516bb4f41b57c5f3b90ada Loading...

	newassets.hcaptcha.com/c/6c2596db2ce08d2f8763801d158624c790db3d34b0235bb33999fd85979fac64/hsw.js	ScriptElement	665 kB	2024-08-30	2024-09-20
Pretty URL newassets.hcaptcha.com/c/6c2596db2ce08d2f8763801d158624c790db3d34b0235bb33999fd85979fac64/hsw.js IP 104.19.230.21 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-30 15:22 Last Seen2024-09-20 20:04 Times Seen31 Hash 2f64975d8dd7b1fe5e8a1334e4e691a6 254c127cd32cb96bd928bbb86a4abb1ea8c422a5 9e4ff64d42cc60e6bac6f7bcb7afdbba9bdb587b1d727934857ff84cee5975c5 Loading...

	unknown	Function	48 B	2023-04-11	2025-05-12
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:45 Last Seen2025-05-12 17:40 Times Seen12240 Hash 43d643e449b4ea13394fe737b1d6a447 1c03d56d955fd266d7659379e63d5711bd5382db 4817661f6ac7d2e1691bc3aeb9966e66012891ccda569ff872dc0932010c540d Loading...

	crdpro.cc/js/xf/preamble.min.js?_v=a4a08653	ScriptElement	3.1 kB	2023-03-07	2025-04-11
Pretty URL crdpro.cc/js/xf/preamble.min.js?_v=a4a08653 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12 Last Seen2025-04-11 19:33 Times Seen100 Hash 3940087d344461dec137c845ec295daa 8ecfc62e6cf9ae95340132b84208409a1b691c2b b48fc223d524430ef86336e524ca8b95b74927ca840abc04a0407b58e5905823 Loading...

	crdpro.cc/attachments/45211	ScriptElement	4.2 kB	2024-09-20	2024-09-20
Pretty URL crdpro.cc/attachments/45211 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-20 20:03 Last Seen2024-09-20 20:03 Times Seen1 Hash 3f3894b4fc00fbc4159e39578ebf4c25 7fff3ac1aa6fb8449982b4fad71f9e156cef7cb4 45617c9843b7d8d1123d7d4349a49ba7d7ff01513e2b08505fb86a87622328c3 Loading...

	crdpro.cc/attachments/45211	ScriptElement	146 B	2023-03-10	2024-09-20
Pretty URL crdpro.cc/attachments/45211 IP 109.120.177.13 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 03:40 Last Seen2024-09-20 20:03 Times Seen45 Hash 1e1ff46b99916f041cfc8ab90179cce8 43ac8369736e275627030280331b6eedf0297316 dc94e4ede5a82e7cf89f4c73228f6ddc59b40cdb0e055db7a9b785945348a53d Loading...

HTTP Transactions (39)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9af7a8cd532ef5aaf31ca93238520c04
f072b79c778c47733bbd3377e03f716ecdfc14ea
36e32e96e96ff13975dfb765119ad431a8a3bedc9cdd8f16bbe7460664ee177c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "36E32E96E96FF13975DFB765119AD431A8A3BEDC9CDD8F16BBE7460664EE177C"
Last-Modified: Sat, 31 Aug 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21426
Expires: Sun, 01 Sep 2024 18:56:48 GMT
Date: Sun, 01 Sep 2024 12:59:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
404e3e4520c09fcce1358b1a21f6b171
040aa03460f3d7ec6f75cae0bf5a462a4bb9798d
f6fc34acb6b2d60bb37dd5caf92b0988cdd52927d80d1f5e7bc23b7db9e8209a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F6FC34ACB6B2D60BB37DD5CAF92B0988CDD52927D80D1F5E7BC23B7DB9E8209A"
Last-Modified: Sat, 31 Aug 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6252
Expires: Sun, 01 Sep 2024 14:43:54 GMT
Date: Sun, 01 Sep 2024 12:59:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a69a40edecaf5262aa4492b7259eb1dd
8241174bc1b8840baf20b3ce2950114dbb539871
a89a6e1e8de96ae61eb24e9a672d112a1b8f8f28f583a5335bc744a6b43fc7ac

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A89A6E1E8DE96AE61EB24E9A672D112A1B8F8F28F583A5335BC744A6B43FC7AC"
Last-Modified: Sat, 31 Aug 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8758
Expires: Sun, 01 Sep 2024 15:25:41 GMT
Date: Sun, 01 Sep 2024 12:59:43 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9d2c063731a46a7e1548540195080de0
dd1924ebf7697509a10f3f07604f28f96b4fc498
0d414ed4850119c53fae9ddd19ee1dd95783fd08f7389c3e8ec95215023e298e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0D414ED4850119C53FAE9DDD19EE1DD95783FD08F7389C3E8EC95215023E298E"
Last-Modified: Sat, 31 Aug 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10959
Expires: Sun, 01 Sep 2024 16:02:22 GMT
Date: Sun, 01 Sep 2024 12:59:43 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8e0a86e5909d7aad815936386ead6331
bd65555538f82680cf3cf4cfc7adcdae8b4f71b0
fd03deede8046fba4da62268afde17b30268fbf76dfbf19c823a8e4697f21d0a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FD03DEEDE8046FBA4DA62268AFDE17B30268FBF76DFBF19C823A8E4697F21D0A"
Last-Modified: Sat, 31 Aug 2024 19:35:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4499
Expires: Sun, 01 Sep 2024 14:14:42 GMT
Date: Sun, 01 Sep 2024 12:59:43 GMT
Connection: keep-alive

crdpro.cc/attachments/45211

109.120.177.13

301 Moved Permanently

162 B

URL User Request GET HTTP/1.1
crdpro.cc/attachments/45211
IP
109.120.177.13:80
ASN
#0

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /attachments/45211 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 01 Sep 2024 12:59:43 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://crdpro.cc/attachments/45211
X-Frame-Options: SAMEORIGIN

pic-cc.com/pikcha/cerberux-450.png

188.114.96.1

200 OK

25 kB

URL GET HTTP/2
pic-cc.com/pikcha/cerberux-450.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerGoogle Trust Services
Subjectpic-cc.com
Fingerprint1D:2E:46:AD:0D:CB:E4:0E:01:CD:C7:3D:69:94:4C:B2:0A:BC:E0:C2
ValidityTue, 09 Jul 2024 22:26:45 GMT - Mon, 07 Oct 2024 22:26:44 GMT

File type
PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced
Size
25 kB (24584 bytes)
Hash
4406c43bb5558844c3e07963ee163591
2cf8f2966f441e0b34986a28b6008d3ab8db88ba
d31e30add0f1510085c225c420e58bedccaafb45506f4722ac14dfd357d8038c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pikcha/cerberux-450.png HTTP/1.1
Host: pic-cc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: image/png
content-length: 24584
last-modified: Wed, 24 Jul 2024 06:44:51 GMT
etag: "66a0a2e3-6008"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 1649474
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4k52%2BarUH6AdhZGOkA4jmbIiTVnbkDyNjrjJucejtR6lN%2BcgPQqRn1UdNtH8gR7%2Fg2iObSagjw7L1ZLxiI6bmK51yhFBPaLnzjixkIygg4mF34nZ6NXVRg1Lchz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bc57072de6f569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

crdpro.cc/styles/crdpro/img/crd-logo-01.webp

109.120.177.13

200 OK

6.6 kB

URL GET HTTP/2
crdpro.cc/styles/crdpro/img/crd-logo-01.webp
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
RIFF (little-endian) data, Web/P image
Size
6.6 kB (6556 bytes)
Hash
368cb724f7914e5e0b8b86c41d87464a
71df21194bd71ecd22b342e02e2a496b70809915
89cf87925a95cbc1da627ffc59e6e0a12e83323c038abaab9198599a47ec7413

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/crdpro/img/crd-logo-01.webp HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: image/webp
content-length: 6556
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Mon, 17 Jun 2024 08:16:47 GMT
etag: "666ff0ef-199c"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.1

109.120.177.13

200 OK

78 kB

URL GET HTTP/2
crdpro.cc/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.1
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
Web Open Font Format (Version 2), TrueType, length 78464, version 331.-31392
Size
78 kB (78464 bytes)
Hash
ff496de99efc36ce4f6f1e611ada7e65
f6b96b15619d6c70e152ccc6901f5872b58b08be
59beb1f8f4ea7e16c50ae0652005e6f7a39f58f9deb0e155d8c8981ea99544b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/fonts/fa/fa-brands-400.woff2?_v=5.15.1 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crdpro.cc/attachments/45211
DNT: 1
Connection: keep-alive
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: font/woff2
content-length: 78464
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-13280"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.1

109.120.177.13

200 OK

141 kB

URL GET HTTP/2
crdpro.cc/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.1
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
Web Open Font Format (Version 2), TrueType, length 140996, version 331.-31392
Size
141 kB (140996 bytes)
Hash
25d740d42658b6e2c293ce7b3322aac7
41cc9ae4b5dd70fd3988059dfb864f20f99ae371
8b5a3ff47c2413e0bf3dd3bb7899a25aeef9b390a055847a1185a39ad48a2da2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/fonts/fa/fa-solid-900.woff2?_v=5.15.1 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crdpro.cc/attachments/45211
DNT: 1
Connection: keep-alive
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: font/woff2
content-length: 140996
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-226c4"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.1

109.120.177.13

200 OK

174 kB

URL GET HTTP/2
crdpro.cc/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.1
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
Web Open Font Format (Version 2), TrueType, length 173596, version 331.-31392
Size
174 kB (173596 bytes)
Hash
f3beba98d10f221fd533c55345fc6823
4902280f4a68de569f0e8fe25d2f13eb9f8daa1b
4e4cc2d5669ad1bb831c050c273dbf760a070eb5f413458cf5cd7625c594a583

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/fonts/fa/fa-regular-400.woff2?_v=5.15.1 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crdpro.cc/attachments/45211
DNT: 1
Connection: keep-alive
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: font/woff2
content-length: 173596
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-2a61c"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/js/vendor/vendor-compiled.js?_v=a4a08653

109.120.177.13

200 OK

55 kB

URL GET HTTP/2
crdpro.cc/js/vendor/vendor-compiled.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
gzip compressed data, max compression, from Unix
Size
55 kB (54821 bytes)
Hash
6dd59e9715fe00571412f7f3c224f9ab
5ff607418d5d24ba0af8648ba61e447c5663a73f
9dece893c1be3d52375fedc9f26380fbefaca8a3145865729cfb5addf8903757

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/vendor/vendor-compiled.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-113ab"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

crdpro.cc/styles/crdpro/img/bg-crdpro.png?_v=15

109.120.177.13

200 OK

19 kB

URL GET HTTP/2
crdpro.cc/styles/crdpro/img/bg-crdpro.png?_v=15
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced
Size
19 kB (19224 bytes)
Hash
bbde178d157b6b27312e1f737919a59e
3940f5f3fe09541809aa1e4a75a821db33648dbb
a2d711e3464d0fcd3feefd95cebbc76a9b1e279e14e59985279f0f42fcb6edef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/crdpro/img/bg-crdpro.png?_v=15 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Asvg_custom_copyright.less&s=5&l=1&d=1725182328&k=79e31c9889412487de56f0a1bcc586382f894dc1
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: image/png
content-length: 19224
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-4b18"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/styles/crdpro/fonts/proximanova/ProximaNova-Extrabld.woff2

109.120.177.13

200 OK

34 kB

URL GET HTTP/2
crdpro.cc/styles/crdpro/fonts/proximanova/ProximaNova-Extrabld.woff2
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33676, version 1.0
Size
34 kB (33676 bytes)
Hash
335cb3e72fa421c3a282518f17bc651a
2592c6eccd5f7033ca1e3eabbf8aa8afaeae4c86
50454e9b02239d7305b448237a7f9d7f1d3fb0be72b1ba69140e263c530022f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/crdpro/fonts/proximanova/ProximaNova-Extrabld.woff2 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/css.php?css=public%3Anotices.less%2Cpublic%3Aextra.less&s=5&l=1&d=1725182328&k=07f8019eafa813b7e948a68e469e93d5fc508f5d
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: font/woff2
content-length: 33676
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-838c"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/styles/crdpro/fonts/proximanova/ProximaNova-Regular.woff2

109.120.177.13

200 OK

34 kB

URL GET HTTP/2
crdpro.cc/styles/crdpro/fonts/proximanova/ProximaNova-Regular.woff2
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
Web Open Font Format (Version 2), TrueType, length 34192, version 1.0
Size
34 kB (34192 bytes)
Hash
0071b00b4d686a9bf227e289c40d6f55
a5df17ced56e84a530d5ff031ea11f1191ce7f42
83a8f7c87f37437a3920dc2aec1a1fc93a55220b4aa4e55d4e6a20299557e411

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/crdpro/fonts/proximanova/ProximaNova-Regular.woff2 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/css.php?css=public%3Anotices.less%2Cpublic%3Aextra.less&s=5&l=1&d=1725182328&k=07f8019eafa813b7e948a68e469e93d5fc508f5d
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: font/woff2
content-length: 34192
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-8590"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/styles/crdpro/fonts/proximanova/ProximaNova-Bold.woff2

109.120.177.13

200 OK

34 kB

URL GET HTTP/2
crdpro.cc/styles/crdpro/fonts/proximanova/ProximaNova-Bold.woff2
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
Web Open Font Format (Version 2), TrueType, length 34164, version 1.0
Size
34 kB (34164 bytes)
Hash
26507f8e38e05d86d4980f09f01ea66e
9b61c0c9dec8514db93348a086a36fa7dfd566ba
5eacccb90425ae5151eb0d97b8c122a991fdc04e7dc404b6a20ccabea565c8db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/crdpro/fonts/proximanova/ProximaNova-Bold.woff2 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/css.php?css=public%3Anotices.less%2Cpublic%3Aextra.less&s=5&l=1&d=1725182328&k=07f8019eafa813b7e948a68e469e93d5fc508f5d
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: font/woff2
content-length: 34164
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-8574"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/js/svg/theiastickysidebar/resize-sensor.min.js?_v=a4a08653

109.120.177.13

200 OK

4.4 kB

URL GET HTTP/2
crdpro.cc/js/svg/theiastickysidebar/resize-sensor.min.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
gzip compressed data, max compression, from Unix
Size
4.4 kB (4431 bytes)
Hash
3a7dc52b7eeedbf94d69b97ed4bb338e
bba74e743fbfeaca3b44300dd2d28486210ea3a3
d7d954e5d7dab7f02c5158d5ac681e059a02d3f5af04dd0cf0a03964bfbc9688

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/svg/theiastickysidebar/resize-sensor.min.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-8ec"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20c9eec1ed6a0f3c730b021493b9e3ec
9f241af1cf1513631da05ffbaede6bcd16e93571
0b2e4962ad211e7e6f6382c7fd9e05fcfc046cad9d26eccd1ef9c7d94ce3cfcf

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B2E4962AD211E7E6F6382C7FD9E05FCFC046CAD9D26ECCD1EF9C7D94CE3CFCF"
Last-Modified: Sat, 31 Aug 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9174
Expires: Sun, 01 Sep 2024 15:32:39 GMT
Date: Sun, 01 Sep 2024 12:59:45 GMT
Connection: keep-alive

newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html

104.19.230.21

102 kB

URL
newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html
IP
104.19.230.21:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (39999)
Size
102 kB (101881 bytes)
Hash
c86c65eac9c0b6cdc6550e9d0ad47b65
2c64f84e947b6cd58f8b36058b81a7a5471513de
7cbfe9d5bbcd4a7967ae3a48652e4e9542afde37c92e61ed442d3c60c60c12f7

HTTP Headers

GET /captcha/v1/8fd4e18/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: text/html
cache-control: max-age=3600
vary: Accept-Encoding, Origin
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
server: cloudflare
cf-ray: 8bc57078fe2b1bfe-OSL
content-encoding: br

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20c9eec1ed6a0f3c730b021493b9e3ec
9f241af1cf1513631da05ffbaede6bcd16e93571
0b2e4962ad211e7e6f6382c7fd9e05fcfc046cad9d26eccd1ef9c7d94ce3cfcf

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B2E4962AD211E7E6F6382C7FD9E05FCFC046CAD9D26ECCD1EF9C7D94CE3CFCF"
Last-Modified: Sat, 31 Aug 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9174
Expires: Sun, 01 Sep 2024 15:32:39 GMT
Date: Sun, 01 Sep 2024 12:59:45 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
20c9eec1ed6a0f3c730b021493b9e3ec
9f241af1cf1513631da05ffbaede6bcd16e93571
0b2e4962ad211e7e6f6382c7fd9e05fcfc046cad9d26eccd1ef9c7d94ce3cfcf

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B2E4962AD211E7E6F6382C7FD9E05FCFC046CAD9D26ECCD1EF9C7D94CE3CFCF"
Last-Modified: Sat, 31 Aug 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9174
Expires: Sun, 01 Sep 2024 15:32:39 GMT
Date: Sun, 01 Sep 2024 12:59:45 GMT
Connection: keep-alive

crdpro.cc/js/svg/theiastickysidebar/theia-sticky-sidebar.min.js?_v=a4a08653

109.120.177.13

200 OK

9.1 kB

URL GET HTTP/2
crdpro.cc/js/svg/theiastickysidebar/theia-sticky-sidebar.min.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
gzip compressed data, max compression, from Unix
Size
9.1 kB (9142 bytes)
Hash
a7dcec88dd5ae190622f6610cb5bb9d6
34617ab1fbac79963e6917e4b5472d829bc77959
d3aec47ee40d0c3b95ae7bc3fab0529e887d38aabb6a17167734e308c6e38e75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/svg/theiastickysidebar/theia-sticky-sidebar.min.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-1535"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html

104.19.230.21

110 kB

URL
newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html
IP
104.19.230.21:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (39999)
Size
110 kB (109552 bytes)
Hash
c86c65eac9c0b6cdc6550e9d0ad47b65
2c64f84e947b6cd58f8b36058b81a7a5471513de
7cbfe9d5bbcd4a7967ae3a48652e4e9542afde37c92e61ed442d3c60c60c12f7

HTTP Headers

GET /captcha/v1/8fd4e18/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: text/html
cache-control: max-age=3600
vary: Accept-Encoding, Origin
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
server: cloudflare
cf-ray: 8bc57078fe2f1bfe-OSL
content-encoding: br

crdpro.cc/js/textTimeSlider.js

109.120.177.13

200 OK

55 kB

URL GET HTTP/2
crdpro.cc/js/textTimeSlider.js
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
gzip compressed data, max compression, from Unix
Size
55 kB (54990 bytes)
Hash
02059a7af8adff9c21a06cfc49c49973
8ac0943042c25f7daacd41d0dc2134111edc1ad3
da4d65acd8ecfa420e92ab0ee215bc97c2b642ed52452dcad192272bd9dd7a86

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/textTimeSlider.js HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-21e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

api2.hcaptcha.com/checksiteconfig?v=8fd4e18&host=crdpro.cc&sitekey=c006f668-8945-4230-ac5c-ef48a4ceeca7&sc=1&swa=1&spst=0

104.19.230.21

200 OK

774 B

URL POST HTTP/3
api2.hcaptcha.com/checksiteconfig?v=8fd4e18&host=crdpro.cc&sitekey=c006f668-8945-4230-ac5c-ef48a4ceeca7&sc=1&swa=1&spst=0
IP
104.19.230.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html#frame=challenge&id=059032w929py&host=crdpro.cc&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=c006f668-8945-4230-ac5c-ef48a4ceeca7&theme=dark&origin=https%3A%2F%2Fcrdpro.cc
Certificate
IssuerGoogle Trust Services
Subjecthcaptcha.com
Fingerprint33:9C:F7:07:CF:EB:C3:FB:6B:EE:F2:6E:BC:2C:34:61:A4:16:49:FB
ValidityWed, 10 Jul 2024 22:55:08 GMT - Tue, 08 Oct 2024 22:55:07 GMT

File type
JSON text data
Size
774 B (774 bytes)
Hash
28f4fcf9528d554e5ab65144e9fa43b7
9d3f10a39c992e5e946d6822d78b6b2faac3af3e
5393f758a486e6e98bd56b8001e4207438863082725c47a6e754656265b605c4

HTTP Headers

POST /checksiteconfig?v=8fd4e18&host=crdpro.cc&sitekey=c006f668-8945-4230-ac5c-ef48a4ceeca7&sc=1&swa=1&spst=0 HTTP/1.1
Host: api2.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: application/json
content-length: 774
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFj9mU2fhedYxxWRCwgn7j24x4yB; SameSite=None; Secure; path=/; expires=Sun, 01-Sep-24 13:29:45 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8bc5707c19ed1bfe-OSL
alt-svc: h3=":443"; ma=86400

crdpro.cc/js/xf/captcha.min.js?_v=a4a08653

109.120.177.13

200 OK

9.2 kB

URL GET HTTP/2
crdpro.cc/js/xf/captcha.min.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
gzip compressed data, max compression, from Unix
Size
9.2 kB (9163 bytes)
Hash
c10949b2e6b883da1807d5340b7b7802
1e706488b21c1f8859fe4c02ae6c117567f993d7
b7f1f6732855d763c4830bd586c62da1114176de8a75dc291330bc826aac9990

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/xf/captcha.min.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-1ba3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

crdpro.cc/js/xf/login_signup.min.js?_v=a4a08653

109.120.177.13

200 OK

4.3 kB

URL GET HTTP/2
crdpro.cc/js/xf/login_signup.min.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
JavaScript source, ASCII text, with very long lines (4580), with no line terminators
Size
4.3 kB (4294 bytes)
Hash
78083ccfa593086cc4362ed3620c2484
368d0c03c403bbd14ca885445bd0f3069c84bae1
15489a423c5ce4227c34ce21e898c1860d551ce9bf212abf630655e053439c04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/xf/login_signup.min.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-10c6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html

104.19.230.21

200 OK

357 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html
IP
104.19.230.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerGoogle Trust Services
Subjecthcaptcha.com
Fingerprint33:9C:F7:07:CF:EB:C3:FB:6B:EE:F2:6E:BC:2C:34:61:A4:16:49:FB
ValidityWed, 10 Jul 2024 22:55:08 GMT - Tue, 08 Oct 2024 22:55:07 GMT

File type

Size
357 kB (357292 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /captcha/v1/8fd4e18/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: text/html
cache-control: max-age=3600
vary: Accept-Encoding, Origin
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
server: cloudflare
cf-ray: 8bc57078fe2f1bfe-OSL
content-encoding: br

crdpro.cc/js/xf/notice.min.js?_v=a4a08653

109.120.177.13

200 OK

4.1 kB

URL GET HTTP/2
crdpro.cc/js/xf/notice.min.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
JavaScript source, ASCII text, with very long lines (4220), with no line terminators
Size
4.1 kB (4125 bytes)
Hash
749f4c0a5b4cc93b5f498e6903b91f46
62e7bd197736f29bf16caaf806bf0bfcd08e77f7
209635f63234d9eb563cac3236e5817f80df5db900ca65ee4e950f531f7e61f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/xf/notice.min.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-101d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

newassets.hcaptcha.com/c/6c2596db2ce08d2f8763801d158624c790db3d34b0235bb33999fd85979fac64/hsw.js

104.19.230.21

200 OK

665 kB

URL GET HTTP/3
newassets.hcaptcha.com/c/6c2596db2ce08d2f8763801d158624c790db3d34b0235bb33999fd85979fac64/hsw.js
IP
104.19.230.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html#frame=challenge&id=059032w929py&host=crdpro.cc&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=c006f668-8945-4230-ac5c-ef48a4ceeca7&theme=dark&origin=https%3A%2F%2Fcrdpro.cc
Certificate
IssuerGoogle Trust Services
Subjecthcaptcha.com
Fingerprint33:9C:F7:07:CF:EB:C3:FB:6B:EE:F2:6E:BC:2C:34:61:A4:16:49:FB
ValidityWed, 10 Jul 2024 22:55:08 GMT - Tue, 08 Oct 2024 22:55:07 GMT

File type

Size
665 kB (665098 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/6c2596db2ce08d2f8763801d158624c790db3d34b0235bb33999fd85979fac64/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: application/javascript
etag: W/"2f64975d8dd7b1fe5e8a1334e4e691a6"
cache-control: max-age=3024000
content-encoding: gzip
vary: Accept-Encoding, Origin
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8bc5707c6a421bfe-OSL

crdpro.cc/styles/crdpro/img/favicon.png

109.120.177.13

200 OK

3.5 kB

URL GET HTTP/2
crdpro.cc/styles/crdpro/img/favicon.png
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
3.5 kB (3461 bytes)
Hash
e605bd6a7aba87b732a327d5eab74de6
c4a84277ae00f08a04faf0c19424b3def4fbbff3
8c688320074fc5b8e7cd3867bd405ac2bd7e636ffb22b225b4c7eb28f18e81f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/crdpro/img/favicon.png HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: image/png
content-length: 3461
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-d85"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

hcaptcha.com/1/api.js?onload=XFHCaptchaCallback&render=explicit

104.19.230.21

200 OK

150 kB

URL GET HTTP/2
hcaptcha.com/1/api.js?onload=XFHCaptchaCallback&render=explicit
IP
104.19.230.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerGoogle Trust Services
Subjecthcaptcha.com
Fingerprint33:9C:F7:07:CF:EB:C3:FB:6B:EE:F2:6E:BC:2C:34:61:A4:16:49:FB
ValidityWed, 10 Jul 2024 22:55:08 GMT - Tue, 08 Oct 2024 22:55:07 GMT

File type

Size
150 kB (150079 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/api.js?onload=XFHCaptchaCallback&render=explicit HTTP/1.1
Host: hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: application/javascript
cf-ray: 8bc57077faea0b61-OSL
cf-cache-status: HIT
age: 0
cache-control: private, max-age=300
etag: W/"4fc983012fe5adeceb251630c5b27c6a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Accept-Encoding
alt-svc: h3=":443"; ma=86400
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

crdpro.cc/css.php?css=public%3Anotices.less%2Cpublic%3Aextra.less&s=5&l=1&d=1725182328&k=07f8019eafa813b7e948a68e469e93d5fc508f5d

109.120.177.13

200 OK

382 kB

URL GET HTTP/2
crdpro.cc/css.php?css=public%3Anotices.less%2Cpublic%3Aextra.less&s=5&l=1&d=1725182328&k=07f8019eafa813b7e948a68e469e93d5fc508f5d
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
ASCII text, with very long lines (61688)
Size
382 kB (381985 bytes)
Hash
541b48434c9e9d511dc105204a6e2d30
1474573ee2d07d3bd7bafff5b7f715c9550bb6f0
3cd4ff2e16801fcbdfb7a51e0fe5981cbd220fac2e1cda387f2c90d041166d7c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css.php?css=public%3Anotices.less%2Cpublic%3Aextra.less&s=5&l=1&d=1725182328&k=07f8019eafa813b7e948a68e469e93d5fc508f5d HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
pragma: no-cache
x-powered-by: PHP/7.4.33
expires: 0, Mon, 01 Sep 2025 12:59:44 GMT
last-modified: Sun, 01 Sep 2024 09:18:48 GMT
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0, public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: SAMEORIGIN, DENY, SAMEORIGIN
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

crdpro.cc/js/xf/preamble.min.js?_v=a4a08653

109.120.177.13

200 OK

3.1 kB

URL GET HTTP/2
crdpro.cc/js/xf/preamble.min.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
JavaScript source, ASCII text, with very long lines (3304), with no line terminators
Size
3.1 kB (3146 bytes)
Hash
8ace16500f539ac08c5ff840d5a1215f
1378a8384f016ab4e85f47e593187e02d5468943
2adb045a1913d93644bd6f6f16eb3766c04473ed49c0fa6298594668679cf9df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/xf/preamble.min.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-c4a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

crdpro.cc/js/vendor/jquery/jquery-3.5.1.min.js?_v=a4a08653

109.120.177.13

200 OK

90 kB

URL GET HTTP/2
crdpro.cc/js/vendor/jquery/jquery-3.5.1.min.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/vendor/jquery/jquery-3.5.1.min.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-15d84"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

crdpro.cc/js/xf/core-compiled.js?_v=a4a08653

109.120.177.13

200 OK

223 kB

URL GET HTTP/2
crdpro.cc/js/xf/core-compiled.js?_v=a4a08653
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
JavaScript source, ASCII text, with very long lines (603)
Size
223 kB (222871 bytes)
Hash
8f95f6cab41a3a4df4a42f9f84cb6de5
bcd5d7f35405d29ab10aa45c339d39f112715cac
0afe41155bf1fef6148527c69cc082fb95c2520ebcd698092338b18d0c163b37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/xf/core-compiled.js?_v=a4a08653 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: application/javascript; charset=utf8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:42 GMT
etag: W/"61188f8a-36697"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

crdpro.cc/styles/crdpro/fonts/proximanova/ProximaNova-Semibold.woff2

109.120.177.13

200 OK

34 kB

URL GET HTTP/2
crdpro.cc/styles/crdpro/fonts/proximanova/ProximaNova-Semibold.woff2
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33680, version 1.0
Size
34 kB (33680 bytes)
Hash
d1ac85ea25f684a781bf5533c6ff7919
fcda28887636be5a44f4241bccf6935be476cba6
7bf27ebb69b0ff7ae06da1dc7413126c48ee841812035184418a0167fa223d60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles/crdpro/fonts/proximanova/ProximaNova-Semibold.woff2 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/css.php?css=public%3Anotices.less%2Cpublic%3Aextra.less&s=5&l=1&d=1725182328&k=07f8019eafa813b7e948a68e469e93d5fc508f5d
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: font/woff2
content-length: 33680
ddos-protection: DefendTraffic.com - DDoS protection
last-modified: Sun, 15 Aug 2021 03:52:44 GMT
etag: "61188f8c-8390"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

crdpro.cc/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Asvg_custom_copyright.less&s=5&l=1&d=1725182328&k=79e31c9889412487de56f0a1bcc586382f894dc1

109.120.177.13

200 OK

401 kB

URL GET HTTP/2
crdpro.cc/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Asvg_custom_copyright.less&s=5&l=1&d=1725182328&k=79e31c9889412487de56f0a1bcc586382f894dc1
IP
109.120.177.13:443
ASN
#0

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerLet's Encrypt
Subjectcrdpro.cc
FingerprintC5:2B:7A:B3:08:95:13:43:7A:B0:CD:1D:02:29:D7:1B:57:1B:EE:F5
ValidityMon, 26 Aug 2024 18:26:10 GMT - Sun, 24 Nov 2024 18:26:09 GMT

File type
ASCII text, with very long lines (63233)
Size
401 kB (400855 bytes)
Hash
ab8fc2efe316bfd09ce6dadde9445a75
9eb2aa84b94a4a67271e301b851e88ecf31c402f
c58bd32571eaebc7ae6e12314836108936f176981e8e39b4e222387f24905e5e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less%2Cpublic%3Asvg_custom_copyright.less&s=5&l=1&d=1725182328&k=79e31c9889412487de56f0a1bcc586382f894dc1 HTTP/1.1
Host: crdpro.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/attachments/45211
Cookie: xf_csrf=6SQYVu-YvTysW4nK
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 01 Sep 2024 12:59:44 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
ddos-protection: DefendTraffic.com - DDoS protection
pragma: no-cache
x-powered-by: PHP/7.4.33
expires: 0, Mon, 01 Sep 2025 12:59:44 GMT
last-modified: Sun, 01 Sep 2024 09:18:48 GMT
cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0, public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: SAMEORIGIN, DENY, SAMEORIGIN
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html

104.19.230.21

200 OK

357 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/8fd4e18/static/hcaptcha.html
IP
104.19.230.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://crdpro.cc/attachments/45211
Certificate
IssuerGoogle Trust Services
Subjecthcaptcha.com
Fingerprint33:9C:F7:07:CF:EB:C3:FB:6B:EE:F2:6E:BC:2C:34:61:A4:16:49:FB
ValidityWed, 10 Jul 2024 22:55:08 GMT - Tue, 08 Oct 2024 22:55:07 GMT

File type

Size
357 kB (357292 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /captcha/v1/8fd4e18/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crdpro.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 01 Sep 2024 12:59:45 GMT
content-type: text/html
cache-control: max-age=3600
vary: Accept-Encoding, Origin
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
server: cloudflare
cf-ray: 8bc57078fe2b1bfe-OSL
content-encoding: br

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by