urlscan.io logo urlscan.io
SecurityTrails logo

qyrox.free.hr Open in urlscan Pro
2606:4700:3036::6815:4d2f  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://protect.checkpoint.com/v2/r01/___https:/vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr*7Kh*7KjOBJ...
Effective URL: https://qyrox.free.hr/index.php
Submission: On January 07 via manual from TH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 4 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3036::6815:4d2f, located in United States and belongs to CLOUDFLARENET, US. The main domain is qyrox.free.hr.
TLS certificate: Issued by WE1 on November 28th 2024. Valid for: 3 months.
This is the only time qyrox.free.hr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:235... 16509 (AMAZON-02)
1 1 3.224.34.17 14618 (AMAZON-AES)
1 1 34.110.180.34 396982 (GOOGLE-CL...)
2 12 2606:4700:303... 13335 (CLOUDFLAR...)
10 2
Apex Domain
Subdomains		 Transfer
12 free.hr
qyrox.free.hr
34 KB
1 tidioreply.com
email.tidioreply.com
580 B
1 awstrack.me
vlp6cm34.r.us-east-1.awstrack.me
356 B
1 checkpoint.com
protect.checkpoint.com — Cisco Umbrella Rank: 64337
624 B
10 4
Domain Requested by
12 qyrox.free.hr 2 redirects qyrox.free.hr
1 email.tidioreply.com 1 redirects
1 vlp6cm34.r.us-east-1.awstrack.me 1 redirects
1 protect.checkpoint.com 1 redirects
10 4

This site contains links to these domains. Also see Links.

Domain
cpanel.com
Subject Issuer Validity Valid
qyrox.free.hr
WE1		 2024-11-28 -
2025-02-26		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://qyrox.free.hr/index.php
Frame ID: D35F4FE51637FE3956A76722FB95D857
Requests: 9 HTTP requests in this frame

Frame: https://qyrox.free.hr/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js
Frame ID: B272920288B4FDAB396E4336A9BF68D5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

404 Not Found

Page URL History Show full URLs

  1. https://protect.checkpoint.com/v2/r01/___https:/vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynint... HTTP 302
    https://vlp6cm34.r.us-east-1.awstrack.me/L0/https:%2F%2Femail.tidioreply.com%2Fc%2FeJwEwDtuBCEMANDTQIk8MB8oKNLMPYwxAo... HTTP 302
    https://email.tidioreply.com/c/eJwEwDtuBCEMANDTQIk8MB8oKNLMPYwxAoksxIuindvvyzE4X5LmuF3ObbD7ALpGPqhcFBJATm... HTTP 302
    https://qyrox.free.hr/index.php Page URL
  2. https://qyrox.free.hr/cdn-cgi/phish-bypass?atok=.F9_gAjL718Oj12m_6dJERugCYPIvPl0XLWRRibbfqs-173624... HTTP 301
    https://qyrox.free.hr/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

2
IPs

1
Countries

33 kB
Transfer

71 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://protect.checkpoint.com/v2/r01/___https:/vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr*7Kh*7KjOBJBIyzGHJRFSIYVNpbRGbtPSQRU3BCFtpxCNznsiAADEJ92/QrzK8TggIaFQuLUvmhKGOFYririDOCHg*~*hCG3WQy8nZYHi*~*Q5stQQWAzMqJHmVUtGHhLvM62NgBwR_mxfAawLzSi_P_XmaP8A_UYN-ulnEvfQx80*~*4U7g1vX0Xqk4j3631la8oX-5lZ944YK2_W_xSFFI__CmlTvpd6d565556c8b*~*/hi595-9hb*~3*gh-a*~*bg-9bgb-ci5/-b9jf76k5b9g*~*-555555dh-wa2D5TW7XXp5K*~*Ibra2viHECx=957___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOmNkMzFiOWRiNjRlNzYwZWExOWZkZjZlZWU4YmI5NjkyOjc6M2E5ODpkMTM3MDUyNjEzZjc1YTVmZDRiZjkxZGQwN2FiNzU2MDBmM2EwNzQ4YmE5ZTg0YjUxZDJmZTEyZDg3ODlkNzc3Omg6VDpU HTTP 302
    https://vlp6cm34.r.us-east-1.awstrack.me/L0/https:%2F%2Femail.tidioreply.com%2Fc%2FeJwEwDtuBCEMANDTQIk8MB8oKNLMPYwxAoksxIuindvvyzE4X5LmuF3ObbD7ALpGPqhcFBJATmdmdyJxCb6cxBYRLt3iUTCd6L0noLLRvuHlEChQPoBCcGqH1XIbwrM_hsav7rGuNd_K_Sh7K3v_PTI-pgizqaLs3V6ZP2bWqSVSlfZeY1YWg73jS-0gU4ZZTFX_R_sNAAD__xhgOqk/1/01000193865cd040-4c8666bc-768b-48b8-9d05-84ea21f084b6-000000/c-r7Xy0OR2SSk0F6D8m7XqdCzxs=402 HTTP 302
    https://email.tidioreply.com/c/eJwEwDtuBCEMANDTQIk8MB8oKNLMPYwxAoksxIuindvvyzE4X5LmuF3ObbD7ALpGPqhcFBJATmdmdyJxCb6cxBYRLt3iUTCd6L0noLLRvuHlEChQPoBCcGqH1XIbwrM_hsav7rGuNd_K_Sh7K3v_PTI-pgizqaLs3V6ZP2bWqSVSlfZeY1YWg73jS-0gU4ZZTFX_R_sNAAD__xhgOqk HTTP 302
    https://qyrox.free.hr/index.php Page URL
  2. https://qyrox.free.hr/cdn-cgi/phish-bypass?atok=.F9_gAjL718Oj12m_6dJERugCYPIvPl0XLWRRibbfqs-1736242695-0.0.1.1-%2Findex.php HTTP 301
    https://qyrox.free.hr/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://protect.checkpoint.com/v2/r01/___https:/vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr*7Kh*7KjOBJBIyzGHJRFSIYVNpbRGbtPSQRU3BCFtpxCNznsiAADEJ92/QrzK8TggIaFQuLUvmhKGOFYririDOCHg*~*hCG3WQy8nZYHi*~*Q5stQQWAzMqJHmVUtGHhLvM62NgBwR_mxfAawLzSi_P_XmaP8A_UYN-ulnEvfQx80*~*4U7g1vX0Xqk4j3631la8oX-5lZ944YK2_W_xSFFI__CmlTvpd6d565556c8b*~*/hi595-9hb*~3*gh-a*~*bg-9bgb-ci5/-b9jf76k5b9g*~*-555555dh-wa2D5TW7XXp5K*~*Ibra2viHECx=957___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOmNkMzFiOWRiNjRlNzYwZWExOWZkZjZlZWU4YmI5NjkyOjc6M2E5ODpkMTM3MDUyNjEzZjc1YTVmZDRiZjkxZGQwN2FiNzU2MDBmM2EwNzQ4YmE5ZTg0YjUxZDJmZTEyZDg3ODlkNzc3Omg6VDpU HTTP 302
  • https://vlp6cm34.r.us-east-1.awstrack.me/L0/https:%2F%2Femail.tidioreply.com%2Fc%2FeJwEwDtuBCEMANDTQIk8MB8oKNLMPYwxAoksxIuindvvyzE4X5LmuF3ObbD7ALpGPqhcFBJATmdmdyJxCb6cxBYRLt3iUTCd6L0noLLRvuHlEChQPoBCcGqH1XIbwrM_hsav7rGuNd_K_Sh7K3v_PTI-pgizqaLs3V6ZP2bWqSVSlfZeY1YWg73jS-0gU4ZZTFX_R_sNAAD__xhgOqk/1/01000193865cd040-4c8666bc-768b-48b8-9d05-84ea21f084b6-000000/c-r7Xy0OR2SSk0F6D8m7XqdCzxs=402 HTTP 302
  • https://email.tidioreply.com/c/eJwEwDtuBCEMANDTQIk8MB8oKNLMPYwxAoksxIuindvvyzE4X5LmuF3ObbD7ALpGPqhcFBJATmdmdyJxCb6cxBYRLt3iUTCd6L0noLLRvuHlEChQPoBCcGqH1XIbwrM_hsav7rGuNd_K_Sh7K3v_PTI-pgizqaLs3V6ZP2bWqSVSlfZeY1YWg73jS-0gU4ZZTFX_R_sNAAD__xhgOqk HTTP 302
  • https://qyrox.free.hr/index.php
Request Chain 8
  • https://qyrox.free.hr/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://qyrox.free.hr/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.php
qyrox.free.hr/
Redirect Chain
  • https://protect.checkpoint.com/v2/r01/___https:/vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr*7Kh*7KjOBJBIyzGHJRFSIYVNpbRGbtPSQRU3BCFtpxCNznsiAADEJ92/QrzK8TggIaFQuLUvmhKGOFYr...
  • https://vlp6cm34.r.us-east-1.awstrack.me/L0/https:%2F%2Femail.tidioreply.com%2Fc%2FeJwEwDtuBCEMANDTQIk8MB8oKNLMPYwxAoksxIuindvvyzE4X5LmuF3ObbD7ALpGPqhcFBJATmdmdyJxCb6cxBYRLt3iUTCd6L0noLLRvuHlEChQPo...
  • https://email.tidioreply.com/c/eJwEwDtuBCEMANDTQIk8MB8oKNLMPYwxAoksxIuindvvyzE4X5LmuF3ObbD7ALpGPqhcFBJATmdmdyJxCb6cxBYRLt3iUTCd6L0noLLRvuHlEChQPoBCcGqH1XIbwrM_hsav7rGuNd_K_Sh7K3v_PTI-pgizqaLs3V6ZP2...
  • https://qyrox.free.hr/index.php
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qyrox.free.hr/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
336c9a2a7a7e812a909cac5c059e4537aa9120c0446164de482f3d4a1e970059
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-ray
8fe2f94fff43360f-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 07 Jan 2025 09:38:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iekJcEx2NnEnsx97Ur7uknaUn9cazQi%2FKW4bNyitd%2Fa4Q5FcafYdEP%2BEb3eINxzgnNDDlFMWYJpWmy1F1x6hWlRMUz3hlchXCK5i8w9Xh6ehCIh73eVlS2URnefXvj1lOHpEmhPwLbf56BLU"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
cache-control
no-store
content-length
412
content-type
text/html
date
Tue, 07 Jan 2025 09:38:15 GMT
location
https://qyrox.free.hr/index.php
x-robots-tag
noindex
x-xss-protection
1; mode=block
cf.errors.css
qyrox.free.hr/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qyrox.free.hr/cdn-cgi/styles/cf.errors.css
Requested by
Host: qyrox.free.hr
URL: https://qyrox.free.hr/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://qyrox.free.hr/index.php

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
content-encoding
gzip
etag
W/"675fc4ac-5df3"
x-content-type-options
nosniff
cf-ray
8fe2f9501f62360f-FRA
expires
Tue, 07 Jan 2025 11:38:15 GMT
date
Tue, 07 Jan 2025 09:38:15 GMT
content-type
text/css
last-modified
Mon, 16 Dec 2024 06:11:56 GMT
server
cloudflare
x-frame-options
DENY
icon-exclamation.png
qyrox.free.hr/cdn-cgi/images/ 		452 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qyrox.free.hr/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: qyrox.free.hr
URL: https://qyrox.free.hr/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://qyrox.free.hr/cdn-cgi/styles/cf.errors.css

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
etag
"675fc4ac-1c4"
x-content-type-options
nosniff
cf-ray
8fe2f9502f8a360f-FRA
expires
Tue, 07 Jan 2025 11:38:15 GMT
accept-ranges
bytes
content-length
452
date
Tue, 07 Jan 2025 09:38:15 GMT
content-type
image/png
last-modified
Mon, 16 Dec 2024 06:11:56 GMT
server
cloudflare
x-frame-options
DENY
favicon.ico
qyrox.free.hr/ 		10 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://qyrox.free.hr/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80a690b7345ff823194132ad428b88ad9d7e9391427c057b06e9da1bf43da56a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://qyrox.free.hr/index.php

Response headers

cache-control
no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
BYPASS
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2FEX5WQfjEhCfuyHDiQN3AB%2BlGnzU5gsUE1r%2FNwhfLPQ5HLxKs1SYJsVOZfAuRbNH3L6%2FQIW40YoJM69jFn5%2BI0czpc5B4DuT4poaHv835uS7zIS1bIi44Oun44nA3sCsRY%2BuUPIT55gn4v%2B"}],"group":"cf-nel","max_age":604800}
cf-ray
8fe2f9504f9a360f-FRA
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=7152&min_rtt=6008&rtt_var=1290&sent=22&recv=16&lost=0&retrans=0&sent_bytes=12021&recv_bytes=5622&delivery_rate=55239&cwnd=12000&unsent_bytes=0&cid=4e8e9096d2122009&ts=813&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 07 Jan 2025 09:38:16 GMT
content-type
text/html
vary
Accept-Encoding
server
cloudflare
priority
u=1,i
Primary Request index.php
qyrox.free.hr/
Redirect Chain
  • https://qyrox.free.hr/cdn-cgi/phish-bypass?atok=.F9_gAjL718Oj12m_6dJERugCYPIvPl0XLWRRibbfqs-1736242695-0.0.1.1-%2Findex.php
  • https://qyrox.free.hr/index.php
11 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qyrox.free.hr/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d01b9748d361aa451b5206b7af5c5167da37f9e5f554c1b1b97c78aba8d25191

Request headers

Referer
https://qyrox.free.hr/index.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8fe2f967dd4c360f-FRA
content-encoding
zstd
content-type
text/html
date
Tue, 07 Jan 2025 09:38:20 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1CDGrHYBM5if9PRicFfThh4joGYGMVlVdZies5dqcvXeTbtISGZiwZ28c2rsxiD32n5CfXAsAeTaK5WDTptPlr08ni6QKnYR9hF6ynmQFfAueA8TcaNpq0%2B3tvtz28VpjihzXY1HmaqsbNIz"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=7208&min_rtt=6008&rtt_var=870&sent=31&recv=23&lost=0&retrans=0&sent_bytes=18334&recv_bytes=6796&delivery_rate=906&cwnd=12000&unsent_bytes=0&cid=4e8e9096d2122009&ts=4585&x=1" cfExtPri cfHdrFlush;dur=0
vary
accept-encoding

Redirect headers

cache-control
private, no-cache
cf-ray
8fe2f967cd45360f-FRA
content-length
167
content-type
text/html
date
Tue, 07 Jan 2025 09:38:19 GMT
location
https://qyrox.free.hr/index.php
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
server_misconfigured.png
qyrox.free.hr/img-sys/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qyrox.free.hr/img-sys/server_misconfigured.png
Requested by
Host: qyrox.free.hr
URL: https://qyrox.free.hr/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
944120fb6962c7484d769d645e6d830850eead9394f6a84090aed489cfc0c41f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://qyrox.free.hr/index.php

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BJ3%2Ba72hae9A2yyE3uc65HYHMZ67YEOSjPJttHOIT%2FjWvWY8nhRHXCsA%2B0h4hHjyJQdnjCc9QHRK6sqPsO7YHGlOmmgUXMErFW0jwtKXa1oqwHrDRlnV4Jz3eIzBCFnKOONR6KJtnQ3bH71F"}],"group":"cf-nel","max_age":604800}
cf-ray
8fe2f96c9937360f-FRA
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6515&min_rtt=5909&rtt_var=580&sent=57&recv=52&lost=0&retrans=0&sent_bytes=36295&recv_bytes=26338&delivery_rate=555266&cwnd=12000&unsent_bytes=0&cid=4e8e9096d2122009&ts=5371&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
3164
date
Tue, 07 Jan 2025 09:38:21 GMT
content-type
image/png
last-modified
Wed, 22 May 2024 18:59:30 GMT
vary
Accept-Encoding
priority
u=2,i
powered_by_cpanel.svg
qyrox.free.hr/img-sys/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qyrox.free.hr/img-sys/powered_by_cpanel.svg
Requested by
Host: qyrox.free.hr
URL: https://qyrox.free.hr/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
179a9aa9fff4c52850d9ce34a4c435404ddfd4fefa8aab9a6eb4f47b83f922d9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://qyrox.free.hr/index.php

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NX3uljSbOiN%2FWdTFFZADYu8%2FFBkJoAmjLDkyFLzdODKCYHfYxjGX9k9eGES%2BbAceI0dsHTct8Jaoi5axi%2F6Z22%2BpTUG7DR1FYUgqvyxAbQKzFl5Ra6wBogSuca69WXHeGCO3TW9XSD%2FfAyu2"}],"group":"cf-nel","max_age":604800}
cf-ray
8fe2f96c9938360f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6647&min_rtt=5909&rtt_var=628&sent=53&recv=50&lost=0&retrans=0&sent_bytes=32924&recv_bytes=26252&delivery_rate=26650&cwnd=12000&unsent_bytes=0&cid=4e8e9096d2122009&ts=5361&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 07 Jan 2025 09:38:21 GMT
content-type
image/svg+xml
last-modified
Wed, 22 May 2024 18:59:30 GMT
vary
Accept-Encoding
priority
u=2,i
email-decode.min.js
qyrox.free.hr/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qyrox.free.hr/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: qyrox.free.hr
URL: https://qyrox.free.hr/index.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://qyrox.free.hr/index.php

Response headers

x-frame-options
DENY
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"675fc4cd-4d7"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KUiaFTkkAttwZHiM4cMhKV6uZoZKBMTY0USIoJxI5pcXpckrmUen%2Ff59nuQNUzCmMAvf2zpQHpGOqySSzI%2BoyC3qfUZgGovKxemHtCPCaJJkeseaZT0BsTvApK%2FmEfv06rdgsQI%2F15PNBzfA"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8fe2f96ca942360f-FRA
expires
Thu, 09 Jan 2025 09:38:20 GMT
date
Tue, 07 Jan 2025 09:38:20 GMT
content-type
application/javascript
last-modified
Mon, 16 Dec 2024 06:12:29 GMT
server
cloudflare
vary
Accept-Encoding
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bf54538a1951e9e4ed0b407ffbed2583fd441fcc087da5c6657a0cde6d0c0208

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
main.js
qyrox.free.hr/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/ Frame B272
Redirect Chain
  • https://qyrox.free.hr/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://qyrox.free.hr/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?
9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qyrox.free.hr/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?
Requested by
Host: qyrox.free.hr
URL: https://qyrox.free.hr/index.php
Protocol
H3
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f357472fb6eefb2682942b361042aeb26013559644929e96418bb3cc070b55c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GRCb0NNUHFPqI6J6R0k4mwcq%2F5fzh%2Fm5S0vCL8uEy1u15DTF17eBs8EtqM8zHSwyFZPp1T%2FKHaGKczx%2Bg0p90Ac4lIeCzr7Npk8s9yE%2B6e%2BpcTObZJU%2FoF0%2Fk7rwZHT1rVpoYonqD6ZxswZN"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8fe2f96ce975360f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6855&min_rtt=5979&rtt_var=1030&sent=43&recv=31&lost=0&retrans=0&sent_bytes=26574&recv_bytes=8875&delivery_rate=39731&cwnd=12000&unsent_bytes=0&cid=4e8e9096d2122009&ts=4648&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 07 Jan 2025 09:38:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tjno6WBKZaaKJQQkg7b7cBeq0Ii3bdYQ4fhmVJK1hVoOGSMy2XUa2qYK6rr36hgyLeO48%2FFFFJsNh0uTN%2FJ16c0J%2FMob5dm8xD8IUl2CmkIG2R8wt90jRziU21mFGR2L7Oc0fb5h5JH2v2uG"}],"group":"cf-nel","max_age":604800}
cf-ray
8fe2f96cc960360f-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=QUIC&rtt=6974&min_rtt=5979&rtt_var=1055&sent=41&recv=30&lost=0&retrans=0&sent_bytes=25824&recv_bytes=8521&delivery_rate=48125&cwnd=12000&unsent_bytes=0&cid=4e8e9096d2122009&ts=4634&x=1", cfExtPri, cfHdrFlush;dur=0
date
Tue, 07 Jan 2025 09:38:20 GMT
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
8fe2f967dd4c360f
qyrox.free.hr/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame B272 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://qyrox.free.hr/cdn-cgi/challenge-platform/h/g/jsd/r/8fe2f967dd4c360f
Requested by
Host: qyrox.free.hr
URL: https://qyrox.free.hr/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4d2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RuTPUnvVnt0UEFMnTzqBgX55bTDKvvs387aSb2LRzGyUFS3eBccd%2Fwt86lHxMSHql%2FWTfVLKV1iD9Zg%2FSYJctWcewnbpqJ%2F5EvyOYE2sBVds8A762T65l55P27SlawQrsQXNEAesXzuci5Gj"}],"group":"cf-nel","max_age":604800}
cf-ray
8fe2f96d49c6360f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6668&min_rtt=5909&rtt_var=780&sent=52&recv=49&lost=0&retrans=0&sent_bytes=31733&recv_bytes=26208&delivery_rate=400681&cwnd=12000&unsent_bytes=0&cid=4e8e9096d2122009&ts=4713&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
0
date
Tue, 07 Jan 2025 09:38:20 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
priority
u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

3 Cookies

Domain/Path Name / Value
protect.checkpoint.com/ Name: x-cloud-sec-ctp
Value: 9f46f164-8e4c-4655-b81a-4961466f2835
.qyrox.free.hr/ Name: __cf_mw_byp
Value: .F9_gAjL718Oj12m_6dJERugCYPIvPl0XLWRRibbfqs-1736242695-0.0.1.1-/index.php
.qyrox.free.hr/ Name: cf_clearance
Value: qoYuJd_ymaCnaU_.Hj.9mlIOvINC0glrad0Dk8pmWi0-1736242700-1.2.1.1-UcZdwoxHRDAzGV_Ml.a64LsxP9XT4cI8K3O50uAfPr3420qyx0qeYGaAD.NcoarNbSJQ2.jPWpTVy6em41EYDzRCIwIgG2Rv_pQ7myrZ3mHO6hgDAXQZXGaAKw98mtnC269uqGCT.krKQZo__CzXpTC90AUUtgU.P__Uw.SvO86oAAU0c8NJsHFnTutE0eoruCCLmBWE0VurEj1Lb9Uef8FK51F_.8UDjUGfMMd7vF_3azSFJy..qe0sSYIxvV7546De7_ROd.zdpZDPld6umU51.n6hVU4Y7wHrfNDf9UDAffcB8sEubGEdw0yCR2bcG.cafn6penFty3cgZjoJPKZmEYVpULxqrk3fiMU6D7G19KO953IY2yt7HLEFmVCg

3 Console Messages

Source Level URL
Text
network error URL: https://qyrox.free.hr/index.php
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://qyrox.free.hr/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://qyrox.free.hr/index.php
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN