backdoor.best Open in urlscan Pro
34.132.134.162 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://backdoor.best/
Effective URL:
https://backdoor.best/
Submission: On December 03 via api (December 3rd 2023, 2:47:48 am UTC) from US — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 9 domains to perform 19 HTTP transactions. The main IP is 34.132.134.162, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is backdoor.best.
TLS certificate: Issued by R3 on October 21st 2023. Valid for: 3 months.

This is the only time backdoor.best was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	34.132.134.162 34.132.134.162	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
4	35.186.245.55 35.186.245.55	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1	64.185.227.156 64.185.227.156	18450 (WEBNX) (WEBNX)
1	84.246.80.96 84.246.80.96	() ()
19	10

2 34.132.134.162 (Council Bluffs, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 162.134.132.34.bc.googleusercontent.com

backdoor.best	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.245.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.245.186.35.bc.googleusercontent.com

v2.l4ctose.repl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.185.227.156 (New York, United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 84.246.80.96 (None, )

ASN- ()

cors-proxy.fringe.zone	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	repl.co v2.l4ctose.repl.co	43 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
3	gstatic.com fonts.gstatic.com	141 KB
2	backdoor.best 1 redirects backdoor.best	2 KB
1	fringe.zone cors-proxy.fringe.zone Failed
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2843	222 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	30 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2189	243 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	91 KB
19	9

	Domain	Requested by
4	v2.l4ctose.repl.co	backdoor.best v2.l4ctose.repl.co
4	fonts.googleapis.com	backdoor.best v2.l4ctose.repl.co
3	fonts.gstatic.com	fonts.googleapis.com
2	backdoor.best	1 redirects
1	cors-proxy.fringe.zone	v2.l4ctose.repl.co
1	api.ipify.org	v2.l4ctose.repl.co
1	code.jquery.com	v2.l4ctose.repl.co
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	backdoor.best
19	9

This site contains no links.

Subject Issuer	Validity	Valid
backdoor.best R3	`2023-10-21` - `2024-01-19`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
l4ctose.repl.co GTS CA 1P5	`2023-10-13` - `2024-01-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh
cors-proxy.fringe.zone R3	`2023-11-11` - `2024-02-09`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://backdoor.best/
Frame ID: F278C97F13B1A20BB9D57FCE770D8B42
Requests: 5 HTTP requests in this frame

Frame: https://v2.l4ctose.repl.co/ai/
Frame ID: 14BB334FC12E13C67C90FCA6311B9410
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Backdoor AI

Page URL History Show full URLs

http://backdoor.best/ HTTP 308
https://backdoor.best/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

89 %
HTTPS

56 %
IPv6

9
Domains

9
Subdomains

10
IPs

2
Countries

310 kB
Transfer

552 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://backdoor.best/ HTTP 308
https://backdoor.best/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
backdoor.best/
Redirect Chain

http://backdoor.best/
https://backdoor.best/

2 KB
2 KB

550ms
311ms

Document
text/html

34.132.134.162
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://backdoor.best/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.132.134.162 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 162.134.132.34.bc.googleusercontent.com
Software: /
Resource Hash: 7569360c35b195331d669c5d63517f7602ee8010ed153af46641a1c5bd7a11cd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Content-Length: 1774
Content-Type: text/html; charset=utf-8
Date: Sun, 03 Dec 2023 02:47:44 GMT
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Replit-Cluster: global

Redirect headers

Content-Length: 58
Content-Type: text/html; charset=utf-8
Date: Sun, 03 Dec 2023 02:47:43 GMT
Location: https://backdoor.best/
Replit-Cluster: global
Via: 1.1 google

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
91 KB 45ms
22ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VJ7179BQCC

Requested by

Host: backdoor.best
URL: https://backdoor.best/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9e9c5adf8d6a4f44b8d9f611e4cb5ff0461fc30ba5bb15c8ebb9712a568f447e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://backdoor.best/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 02:47:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92995
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 03 Dec 2023 02:47:44 GMT

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
950 B 38ms
17ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;700&display=swap

Requested by

Host: backdoor.best
URL: https://backdoor.best/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46f8cce0826f2b934c7ef9af81e9667f64a36dca24ff6782e09b298e79480cbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://backdoor.best/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 03 Dec 2023 02:47:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 03 Dec 2023 02:02:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 03 Dec 2023 02:47:44 GMT

GET
H/1.1 200
OK gpt.png
v2.l4ctose.repl.co/ai/ 4 KB
4 KB 1107ms
303ms Image
image/png 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://v2.l4ctose.repl.co/ai/gpt.png

Requested by

Host: backdoor.best
URL: https://backdoor.best/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

3473e73114d17b01dc7abd437db23e7b99eecc319ae14fb09486c1e442579b07

Security Headers

Name	Value
Strict-Transport-Security	max-age=3382393; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://backdoor.best/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=3382393; includeSubDomains
Date: Sun, 03 Dec 2023 02:47:45 GMT
Replit-Cluster: global
Content-Length: 4079
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: image/png

GET
H/1.1 200
OK / Show response
v2.l4ctose.repl.co/ Frame 14BB 2 KB
2 KB 1079ms
276ms Document
text/html 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://v2.l4ctose.repl.co/

Requested by

Host: backdoor.best
URL: https://backdoor.best/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

280251fa74fbb958c8d2f9929736ace4dfe593b16c6c0ebb83b121b386c876ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=3382393; includeSubDomains

Request headers

Referer: https://backdoor.best/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Content-Length: 2122
Content-Type: text/html; charset=utf-8
Date: Sun, 03 Dec 2023 02:47:45 GMT
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Replit-Cluster: global
Strict-Transport-Security: max-age=3382393; includeSubDomains

POST
H2 204 collect
region1.google-analytics.com/g/ 0
243 B 35ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-VJ7179BQCC&gtm=45je3bt0v9170583853&_p=1701571664161&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=400716523.1701571664&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701571664&sct=1&seg=0&dl=https%3A%2F%2Fbackdoor.best%2F&dt=Backdoor%20AI&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=921
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VJ7179BQCC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://backdoor.best/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Dec 2023 02:47:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://backdoor.best
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 14BB 1 KB
546 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@500&display=swap

Requested by

Host: v2.l4ctose.repl.co
URL: https://v2.l4ctose.repl.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3499bd0d6e6b9d2d80d08684882f2715adc7a8066b853cf032f30b9f244aac7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://v2.l4ctose.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 03 Dec 2023 02:47:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 03 Dec 2023 01:53:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 03 Dec 2023 02:47:45 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ Frame 14BB 8 KB
8 KB 29ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://v2.l4ctose.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 16:18:30 GMT
x-content-type-options: nosniff
age: 124155
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 16:18:30 GMT

GET
H/1.1 200
OK / Show response
v2.l4ctose.repl.co/ai/ Frame 14BB 31 KB
31 KB 1357ms
1357ms Document
text/html 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://v2.l4ctose.repl.co/ai/

Requested by

Host: v2.l4ctose.repl.co
URL: https://v2.l4ctose.repl.co/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

31701d94c109f12ec1379731b1c918735556c982ada3b17c4e5a19bcde7135a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=3382392; includeSubDomains

Request headers

Referer: https://v2.l4ctose.repl.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Content-Length: 31830
Content-Type: text/html; charset=utf-8
Date: Sun, 03 Dec 2023 02:47:47 GMT
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Replit-Cluster: global
Strict-Transport-Security: max-age=3382392; includeSubDomains

GET
H3 200 css2
fonts.googleapis.com/ Frame 14BB 1 KB
450 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@500&display=swap

Requested by

Host: v2.l4ctose.repl.co
URL: https://v2.l4ctose.repl.co/ai/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3499bd0d6e6b9d2d80d08684882f2715adc7a8066b853cf032f30b9f244aac7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://v2.l4ctose.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 03 Dec 2023 02:47:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 03 Dec 2023 00:52:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 03 Dec 2023 02:47:47 GMT

GET
H3 200 icon
fonts.googleapis.com/ Frame 14BB 569 B
366 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: v2.l4ctose.repl.co
URL: https://v2.l4ctose.repl.co/ai/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://v2.l4ctose.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 03 Dec 2023 02:47:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 03 Dec 2023 02:47:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 03 Dec 2023 02:47:47 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ Frame 14BB 87 KB
30 KB 41ms
7ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: v2.l4ctose.repl.co
URL: https://v2.l4ctose.repl.co/ai/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://v2.l4ctose.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 02:47:47 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 969050
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-fra-eddf8230092-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1701571668.652614,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 4, 244733

GET
H/1.1 200
OK gpt.png
v2.l4ctose.repl.co/ai/ Frame 14BB 4 KB
4 KB 197ms
196ms Image
image/png 35.186.245.55
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://v2.l4ctose.repl.co/ai/gpt.png

Requested by

Host: v2.l4ctose.repl.co
URL: https://v2.l4ctose.repl.co/ai/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

35.186.245.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.245.186.35.bc.googleusercontent.com

Software

Resource Hash

3473e73114d17b01dc7abd437db23e7b99eecc319ae14fb09486c1e442579b07

Security Headers

Name	Value
Strict-Transport-Security	max-age=3382391; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://v2.l4ctose.repl.co/ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=3382391; includeSubDomains
Date: Sun, 03 Dec 2023 02:47:47 GMT
Replit-Cluster: global
Content-Length: 4079
Expect-Ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
Content-Type: image/png

GET data.png
v2.l4ctose.repl.co/ai/ Frame 14BB 0
0

GET
H/1.1 200
OK / Show response
api.ipify.org/ Frame 14BB 22 B
222 B 277ms
84ms Fetch
application/json 64.185.227.156
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: v2.l4ctose.repl.co
URL: https://v2.l4ctose.repl.co/ai/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 64.185.227.156 New York, United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.1 /
Resource Hash: 4e55cce9219f0e7e25b55d7e8b24cfdaa25df0b508a8fc4f00667846b9aaddbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://v2.l4ctose.repl.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 03 Dec 2023 02:47:47 GMT
Server: nginx/1.25.1
Connection: keep-alive
Content-Length: 22
Vary: Origin
Content-Type: application/json

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ Frame 14BB 8 KB
8 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://v2.l4ctose.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 16:18:30 GMT
x-content-type-options: nosniff
age: 124157
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 16:18:30 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ Frame 14BB 125 KB
126 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://v2.l4ctose.repl.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 20:08:20 GMT
x-content-type-options: nosniff
age: 110367
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 19:51:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 20:08:20 GMT

POST 7FmRH6wAKVVJOFUwX9dJs9wy63XbC7nMJU9lWPDn3zkvfBYjDk7yatPZVj0jxJY_EfxE
cors-proxy.fringe.zone/https://discord.com/api/webhooks/1170933800897888276/ Frame 14BB 0
0

OPTIONS
H2 200 7FmRH6wAKVVJOFUwX9dJs9wy63XbC7nMJU9lWPDn3zkvfBYjDk7yatPZVj0jxJY_EfxE
cors-proxy.fringe.zone/https://discord.com/api/webhooks/1170933800897888276/ Frame 0
0 471ms
15ms Preflight 84.246.80.96

General

Check archive.org

Show headers Download Go to

Full URL: https://cors-proxy.fringe.zone/https://discord.com/api/webhooks/1170933800897888276/7FmRH6wAKVVJOFUwX9dJs9wy63XbC7nMJU9lWPDn3zkvfBYjDk7yatPZVj0jxJY_EfxE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 84.246.80.96 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://v2.l4ctose.repl.co
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: access-control-allow-origin,access-control-allow-methods,access-control-allow-headers
date: Sun, 03 Dec 2023 02:47:48 GMT
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: v2.l4ctose.repl.co
URL: https://v2.l4ctose.repl.co/ai/data.png

Domain: cors-proxy.fringe.zone
URL: https://cors-proxy.fringe.zone/https://discord.com/api/webhooks/1170933800897888276/7FmRH6wAKVVJOFUwX9dJs9wy63XbC7nMJU9lWPDn3zkvfBYjDk7yatPZVj0jxJY_EfxE

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.backdoor.best/	1970-01-21 02:15:31	Name: _ga Value: GA1.1.400716523.1701571664
			.backdoor.best/	1970-01-21 02:15:31	Name: _ga_VJ7179BQCC Value: GS1.1.1701571664.1.0.1701571664.0.0.0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
backdoor.best
code.jquery.com
cors-proxy.fringe.zone
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
v2.l4ctose.repl.co
www.googletagmanager.com
cors-proxy.fringe.zone
v2.l4ctose.repl.co
2001:4860:4802:32::36
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2008
2a00:1450:4001:82a::200a
2a04:4e42:200::649
34.132.134.162
35.186.245.55
64.185.227.156
84.246.80.96
280251fa74fbb958c8d2f9929736ace4dfe593b16c6c0ebb83b121b386c876ab
31701d94c109f12ec1379731b1c918735556c982ada3b17c4e5a19bcde7135a7
3473e73114d17b01dc7abd437db23e7b99eecc319ae14fb09486c1e442579b07
3499bd0d6e6b9d2d80d08684882f2715adc7a8066b853cf032f30b9f244aac7c
46f8cce0826f2b934c7ef9af81e9667f64a36dca24ff6782e09b298e79480cbc
4e55cce9219f0e7e25b55d7e8b24cfdaa25df0b508a8fc4f00667846b9aaddbb
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
7569360c35b195331d669c5d63517f7602ee8010ed153af46641a1c5bd7a11cd
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
9e9c5adf8d6a4f44b8d9f611e4cb5ff0461fc30ba5bb15c8ebb9712a568f447e
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

backdoor.best Open in urlscan Pro 34.132.134.162 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

89 %HTTPS

56 %IPv6

9 Domains

9 Subdomains

10 IPs

2 Countries

310 kBTransfer

552 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

2 Cookies

Indicators

backdoor.best Open in urlscan Pro
34.132.134.162 Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

89 %
HTTPS

56 %
IPv6

9
Domains

9
Subdomains

10
IPs

2
Countries

310 kB
Transfer

552 kB
Size

2
Cookies

19 HTTP transactions
0 data transactions