Submitted URL: https://onyxphishing.org/
Effective URL: https://onyxphishing.org/login/
Submission: On June 24 via api from TR — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 27 HTTP transactions. The main IP is 172.67.215.8, located in United States and belongs to CLOUDFLARENET, US. The main domain is onyxphishing.org.
TLS certificate: Issued by WE1 on June 15th 2024. Valid for: 3 months.
This is the only time onyxphishing.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
2 27 172.67.215.8 13335 (CLOUDFLAR...)
2 2a04:4e42::485 54113 (FASTLY)
27 2
Apex Domain
Subdomains
Transfer
29 onyxphishing.org
onyxphishing.org
662 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381
57 KB
27 2
Domain Requested by
29 onyxphishing.org 4 redirects onyxphishing.org
2 cdn.jsdelivr.net onyxphishing.org
27 2

This site contains no links.

Subject Issuer Validity Valid
onyxphishing.org
WE1
2024-06-15 -
2024-09-13
3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3
2023-09-27 -
2024-10-28
a year crt.sh

This page contains 2 frames:

Primary Page: https://onyxphishing.org/login/
Frame ID: 3B13857FBC0849056057B59010CDAEA6
Requests: 23 HTTP requests in this frame

Frame: https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
Frame ID: DD8EBB80EC976D20B0654367269AE1F2
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

Giriş Yap | Onyx Phising Panel

Page URL History Show full URLs

  1. https://onyxphishing.org/ HTTP 302
    https://onyxphishing.org/login HTTP 301
    http://onyxphishing.org/login/ HTTP 307
    https://onyxphishing.org/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)


Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

27
Requests

93 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

718 kB
Transfer

2183 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://onyxphishing.org/ HTTP 302
    https://onyxphishing.org/login HTTP 301
    http://onyxphishing.org/login/ HTTP 307
    https://onyxphishing.org/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://onyxphishing.org/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
Request Chain 24
  • https://onyxphishing.org/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js

27 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
onyxphishing.org/login/
Redirect Chain
  • https://onyxphishing.org/
  • https://onyxphishing.org/login
  • http://onyxphishing.org/login/
  • https://onyxphishing.org/login/
4 KB
2 KB
Document
General
Full URL
https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.29 PleskLin
Resource Hash
38fa4c1c62d8e03985674aef0dadea6613ca52ca8dc74ef899a8873f0fbd5c26

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
898ea0b58a7d5d79-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 24 Jun 2024 18:02:15 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4njspua4NYbFUwUVOGgeXAvS5npEiv8U3FRbbGCIg1ovyS4YtSzdeEgeFf9Uu1fWjnItAzBJnVF2LHc1imVKUbQMnzNTF%2BLItEsO2EvmrnLv6Oi1SuV2cziv5muHanCn1wLP"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/8.1.29 PleskLin

Redirect headers

Location
https://onyxphishing.org/login/
Non-Authoritative-Reason
HttpsUpgrades
materialdesignicons.min.css
onyxphishing.org/assets/vendors/mdi/css/
172 KB
30 KB
Stylesheet
General
Full URL
https://onyxphishing.org/assets/vendors/mdi/css/materialdesignicons.min.css
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
daac3e2e53f7f08075ec4af0001b3f968c9457dda98978f8012914c2611f788d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
30201
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"2b18b-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lAxaFiD%2BC899HEsjLH8cZ%2BTRcQiH8Sb6ZbxSihPjhwKDtFFUKN4zgibytWQPEVLXWkOcA%2F03dEe9Ar%2FuvuxA4aJCUKduqRVTFPCGteimcjjc8cyWsto9VcXGsNI7EN2DCkop"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b64b645d79-FRA
vendor.bundle.base.css
onyxphishing.org/assets/vendors/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://onyxphishing.org/assets/vendors/css/vendor.bundle.base.css
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
2d94d51ce44ac060c0337445a3a6a8954d3912cfcc561981b127e8ff17ed0b9b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
664
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"a9a-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lDr0kt87%2FJaYboeM3SW%2BY76UTffZLqFq533lHbFYwztZA3tWYyTOkvLaLGqaqauRYqidowI2qB9Ro4DY7yzzOb%2Fnjj8D90ndhBnr8%2FJLtRjAXC1S3bi%2F4U%2F0xHTN4Ld%2FwJSX"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b64b6e5d79-FRA
jquery-jvectormap.css
onyxphishing.org/assets/vendors/jvectormap/
6 KB
4 KB
Stylesheet
General
Full URL
https://onyxphishing.org/assets/vendors/jvectormap/jquery-jvectormap.css
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
59c3d4149227f84e2aa682cea0734bfe5a7f991b3c80820fac98865bf23371db

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
3520
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"19eb-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tt3qqMOyDaJdcxVd1mv70BXaPZl3k5LnQ4xPGYNSZFRqK0VqCQDq8fDXA%2BcG%2Fjere5KkwausKsRZYxO06Ym7FEZ2Ya%2FbhB4Hho8yVz27SQ5JR04VRF3lNVv1AJK4SMqTce0B"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b64b705d79-FRA
flag-icon.min.css
onyxphishing.org/assets/vendors/flag-icon-css/css/
33 KB
3 KB
Stylesheet
General
Full URL
https://onyxphishing.org/assets/vendors/flag-icon-css/css/flag-icon.min.css
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
d27e980d821ec562661f24cab514474d7be86a742b5e915fa6c7efd21e77aaf9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
2812
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"84a9-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lwUdIxtd2u%2FplxOKi3PUGrDyHZyeCXeakqQL3ZsiNd3MSbQrtxP%2FM8pkU6Q4s9UFdX5VmOytYjqqcG4xFm%2BKaUVi1GPQDRY5hBkZ6TkfQk8lDA3z0hQrl%2BRbfDCFmX1hJ3z5"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b64b725d79-FRA
owl.carousel.min.css
onyxphishing.org/assets/vendors/owl-carousel-2/
3 KB
2 KB
Stylesheet
General
Full URL
https://onyxphishing.org/assets/vendors/owl-carousel-2/owl.carousel.min.css
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
1068
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"d17-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y7eYgdlEacXyLBq1Y%2Fa%2BRyMwAtwv%2BtrKVbw0%2BSM79VtwQWRoMUml3NIbPVxIKoow5nM184lU1W3Jr09QaJNPYG5AfeK0FfGP3EJVLzJI8MT5T4DMvLlyqB8watej%2FvxliDpX"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b64b745d79-FRA
owl.theme.default.min.css
onyxphishing.org/assets/vendors/owl-carousel-2/
1013 B
953 B
Stylesheet
General
Full URL
https://onyxphishing.org/assets/vendors/owl-carousel-2/owl.theme.default.min.css
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
479
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"3f5-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HIk6hnrWn%2BGsKJeBwU9UFzsuerKmrfSbe8Uab0JhXbrL8NiyK4RRzLr1Pp5CeDiMacsQUrhth7XsJb7ttAPLsfdPosrqO0neyvkng7yucKLUk9ih5%2FN5nMr4H%2BmEDeu%2F05vF"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b64b755d79-FRA
style.css
onyxphishing.org/assets/css/
720 KB
74 KB
Stylesheet
General
Full URL
https://onyxphishing.org/assets/css/style.css?74
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
5b1dcc860ae3f7127cc092a26d288c5f6fcd9e27fd336b96cc48ab94a7fb8bc2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"b4147-61ae903d11480-gzip"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BoIXn8XHEpDqpvED4JM1aZktjTphQh7q3WhKxKyzpFGjBVKiHD2w3EClh6th6H57yX6dKJw05aRuNZlv3uMyCMBQ2yoXERMdw6%2FmqecS4ukm2XJ%2BDmdEtjGHy4lip18P2mId"}],"group":"cf-nel","max_age":604800}
content-type
text/css
accept-ranges
bytes
cf-ray
898ea0b64b775d79-FRA
alt-svc
h3=":443"; ma=86400
iziToast.min.css
cdn.jsdelivr.net/npm/izitoast/dist/css/
41 KB
10 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/izitoast/dist/css/iziToast.min.css
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7fa7d6e3b4039b59b4d4721ea7e523a42a4dc0b56405829df9f8696f8550fa01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jun 2024 18:02:15 GMT
x-content-type-options
nosniff
content-encoding
br
age
18825
x-jsd-version
1.4.0
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
10567
x-served-by
cache-fra-etou8220133-FRA
x-jsd-version-type
version
etag
W/"a221-0sbNVM+KbAQMKIRLMGVDt27quLg"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
all.css
cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/css/
363 KB
46 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/css/all.css
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c4772e97742bb0756ab29709b59debdfbca546b640277ff1f86935b0a72eca7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Jun 2024 18:02:15 GMT
x-content-type-options
nosniff
content-encoding
br
age
34185
x-jsd-version
4cac1a6
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
47137
x-served-by
cache-fra-etou8220133-FRA
x-jsd-version-type
branch
etag
W/"5ac4a-yOfsKLDV4ty86bIhB7we2OU+SxY"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
rocket-loader.min.js
onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 Jun 2024 08:41:43 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"667299c7-302c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FFFakfe%2FsTa7YpUZ9q6AZWPZZE9p1pc6V3d4%2B%2Bok3AETJO5YWKCAyCGANXwlgV3%2BTjSadqaIk0HGRDaRCEjG2FYMlakQAD%2BTPiylpwIhwOUnYjJlZW2e1FThgR0U52R8qa%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
898ea0b65b845d79-FRA
expires
Wed, 26 Jun 2024 18:02:15 GMT
onyx.jpg
onyxphishing.org/assets/images/
124 KB
124 KB
Image
General
Full URL
https://onyxphishing.org/assets/images/onyx.jpg
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
4b7ce9994125d7d22ef6dbdadb6cc9290ae92aaf63d59bf3af9619c646bc3486

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
cf-cache-status
REVALIDATED
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"1efbf-61ae903d11480"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wa0phoP7Zsxk%2FXlkHjvjWJUqy8szgrMeplX3VTxqLPP3pVVLxIXw05EP0W1g%2B2xpRFr5wG6LuZeWN%2BK8M9Zj6SZY7Vh%2FU3%2FhqwMqiQk4VufTEfMOoaFxgStFVKDxX9opoZ7R"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b81d905d79-FRA
alt-svc
h3=":443"; ma=86400
content-length
126911
Rubik-Medium.ttf
onyxphishing.org/assets/fonts/Rubik/
133 KB
62 KB
Font
General
Full URL
https://onyxphishing.org/assets/fonts/Rubik/Rubik-Medium.ttf
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/assets/css/style.css?74
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
cc1dd76abe28078cd5a69ee986ccf3a3d7e74bd95d9fff16db7700daca37dcfb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/assets/css/style.css?74
Origin
https://onyxphishing.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2148c-61ae903d11480"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrXMJefUNXUQRwSZMBdxVb9eciRlBbOyotm5lbnNS%2FTTuApnMZ7LcRDJ2CMf8BT1RNgz8LI68PLmVn8448HzdQT%2BpvV%2BgyibulgnvGTGi%2FbhlIsPDqSy4zOK2awww9EJcCiX"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
898ea0b83daa5d79-FRA
alt-svc
h3=":443"; ma=86400
Rubik-Regular.ttf
onyxphishing.org/assets/fonts/Rubik/
130 KB
61 KB
Font
General
Full URL
https://onyxphishing.org/assets/fonts/Rubik/Rubik-Regular.ttf
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/assets/css/style.css?74
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
0c93ef2613d2207307a8e91ceb6719e0c6e313c10e58860bdaca02a849b72b97

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/assets/css/style.css?74
Origin
https://onyxphishing.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:16 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"20900-61ae903d11480"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8dbThQxf3Qc2l90iAuZQeEP4mOLrQy7c987nWX5Eeq3qPrjDe31xm9hopTIijOXzcBuRV9x%2BZHQ3iqeJDUPiMwlmvgKacp1Phcv3Zhg1A51Lww00h6PBBHzDLttpDZ8y69Hd"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
898ea0b83dae5d79-FRA
alt-svc
h3=":443"; ma=86400
materialdesignicons-webfont.woff2
onyxphishing.org/assets/vendors/mdi/fonts/
219 KB
220 KB
Font
General
Full URL
https://onyxphishing.org/assets/vendors/mdi/fonts/materialdesignicons-webfont.woff2?v=3.9.97
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/assets/vendors/mdi/css/materialdesignicons.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
950f6fe06869da2cad3bdd64bc88bc9ed6746335ceaf0c0f6d4e7f5b85f01731

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/assets/vendors/mdi/css/materialdesignicons.min.css
Origin
https://onyxphishing.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:16 GMT
cf-cache-status
DYNAMIC
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"36c5c-61ae903d11480"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JLkGSQgQzcYlEbWpPHOw6Bm5Vw2sVvhr6hop7I9MvEaPgPaeJc1XrtY0lzMrYQdklCoHztbMNfD8ru69bEwU%2BmxtCJTnVJqiJ8PMKzwgxcQxcuCKq6pzB3bGeN582A4kAYRc"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
accept-ranges
bytes
cf-ray
898ea0b83db45d79-FRA
alt-svc
h3=":443"; ma=86400
content-length
224348
snowfall.js
onyxphishing.org/assets/js/
10 KB
3 KB
Script
General
Full URL
https://onyxphishing.org/assets/js/snowfall.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
97899f2699e15c5db8d3390d6f14d5c0f61aba899b3eab327d6ee0f3d7f210c5

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:17 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
2720
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"2665-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wSdLok6fzifKt3IEpqdiifYdpLtOUsvCdh7r7P%2BXfSDE%2F4s3pdcPaZprFsz22%2Bo%2FKk1LdffZHegCX5iLtTQ1buEyuT5cRRD5epiVH%2BlwPcVPVzP1onf5%2BGo8l%2BF5T9KuOZXU"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b83db55d79-FRA
todolist.js
onyxphishing.org/assets/js/
972 B
913 B
Script
General
Full URL
https://onyxphishing.org/assets/js/todolist.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
c81596913c0ea12ebabd652d0a50bb67add450720543108fff5dfe3837793215

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:17 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
426
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"3cc-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0RIJNZEzCOLgRoYM0Qxu2wdYiEW5eKZqyQkBlB%2BQDiA3cuxgcgTV4vZruinTve2vgpgPWAXQssnIQ7EPJjjtLWTzwqaouTXmnJ%2Fvs%2F6XhAX8VVFd1cAjRIZpSaaaDejJ2OSr"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b83db95d79-FRA
settings.js
onyxphishing.org/assets/js/
4 KB
1 KB
Script
General
Full URL
https://onyxphishing.org/assets/js/settings.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
2ff6d556d912ad50670b60fabe34ff2abd19bd058d83eede68bde0bd93d49708

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:19 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
762
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"e22-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2BULtTfxuZHz0vfYBQ9okLtL7gyPsZOfqWu6QHCyIW3D0q8JYyGPQ5DsN6QlwcdIM16vzERyETNgI9ci0NxFti0FnrsA4WDGU708iaF0hnOLoWwCAhxXITN2TMpjCz2IrUC0"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b83dbd5d79-FRA
misc.js
onyxphishing.org/assets/js/
5 KB
2 KB
Script
General
Full URL
https://onyxphishing.org/assets/js/misc.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
270c24d7594c69e712dfc5841b7bb167b5d9311d3c491e880c010fc245781a51

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:19 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
1347
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"1269-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YSrnJRxvbBDmgNhGZPPRmngHiWdSJc%2FHIq9C4aYJbzY%2B%2BXLg9TQa5KvETPQs8iqe8OYFQ1JjNsQysdMEK4RYOC%2FmU0NzUj1x5ybPkIvIpRsAGQuC09%2BgXDULo2H%2BjmP3UEZQ"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b83dc65d79-FRA
hoverable-collapse.js
onyxphishing.org/assets/js/
519 B
880 B
Script
General
Full URL
https://onyxphishing.org/assets/js/hoverable-collapse.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca18bb26ea08e6d0be7f92c9ccda4d243c1cf767876e07bac62ee6b74e41faa6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-security-policy
upgrade-insecure-requests
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
551627
cf-polished
origSize=806
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
W/"326-666d4842-b3cd5e92e6b91283;br"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BOhDn0%2FMV8ULYx7aZF%2FEQ3RmTdfCEiPhqPL3dQWWSOTlUXYd52S5N87%2BIKltTuZaScbRMKwG95Llcfzhqur5lZK3jQ%2BDAdu4mStFujSdo9zrjubF1pn5vDBNNeL686yuQ4l"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
platform
hostinger
cf-ray
898ea0b83dda5d79-FRA
expires
Tue, 25 Jun 2024 08:48:28 GMT
off-canvas.js
onyxphishing.org/assets/js/
185 B
637 B
Script
General
Full URL
https://onyxphishing.org/assets/js/off-canvas.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
bca64d524d21f8f6305406003284d503b4ab74108e0a9e866695d6a5db052579

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:17 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
151
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"b9-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1jdRehGRVeOXWhN1KiAGLcudo8NdfTlVIdrDUu9K%2BCj4hl%2F2PdX5U507%2B99rHuuG3s6vTqIbtiomu6qNejtQWE0usYkVdukQHrb7NuixyVMTqjutq%2BB53orMKS2hfUkVXrg8"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b83ddb5d79-FRA
vendor.bundle.base.js
onyxphishing.org/assets/vendors/js/
181 KB
58 KB
Script
General
Full URL
https://onyxphishing.org/assets/vendors/js/vendor.bundle.base.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
30cce6685d7d021791e4d8faf556282595fe8ed814f29349a977d48652b8d96d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:18 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
58726
last-modified
Sat, 15 Jun 2024 07:52:34 GMT
server
cloudflare
etag
"2d5f5-61ae903d11480-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9We3lEg0%2BB1ZkYdwfxcT9P6IJZ0xHf7OTLpUTqiGgZ9hTzQz%2FEXPJwyj0nDARb8SqV1KTAwpdAvG7BhxRWyvHmR%2FvZOb9Kxyn61iSGaW8l90Ek4zSzIBU7GKbybOcaV7iNu0"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
898ea0b83dde5d79-FRA
main.js
onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/ Frame DD8E
Redirect Chain
  • https://onyxphishing.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
8 KB
4 KB
Script
General
Full URL
https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/login/
Protocol
H3
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3afbede6d686c5685d591a6ed8a18adc1edde8da48c4b589f8fcbe1256be63f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrKipT0lVyb%2FN8F09jTgVCxw1miTq7sPaS7T0TEZ4zB7EV9nHXRxKjcm5QLgznhLyw74wSDAadyUWkaKNI54ns5O4RByR9IKeChRqrIwY0dZS0A3ZEd6ETgZKtGT%2BivRvXAy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
898ea0b8ae375d79-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Mon, 24 Jun 2024 18:02:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SahLFs6BP4bABtp%2B469xOXdMmmWrSrUNidmAYRKJ244p9g5dHAQ%2BrVRD84M6YG3v4kDgTaflRz8xWKDPi8LcVXj1qLrRNUAsSB%2BKpiV%2F33xgGqzWb%2Fj%2BwPtYpd6GMIbBkLGZ"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
898ea0b83de35d79-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
898ea0b58a7d5d79
onyxphishing.org/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame DD8E
0
678 B
XHR
General
Full URL
https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/jsd/r/898ea0b58a7d5d79
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TOogIZloNNHaUeWXklo6YLfV9OAqoY0hjaccyaVuyPMr8sFgKoYvcZINzD15PbWWdhhz09TCcmigtngp00bx1xVDWL7MfUlZfl55Az1VyeaAIoXTCEanyNRSnRqmZK%2BODBaB"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
898ea0b94ef05d79-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
favicon.ico
onyxphishing.org/
744 B
851 B
Other
General
Full URL
https://onyxphishing.org/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
4622d8f57a4463b4b9fbf85d646dd2486345901669c2595fb4921c1a5b29f0c4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onyxphishing.org/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 24 Jun 2024 18:02:19 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 21 Jun 2024 16:17:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CaXXHWZlaKnQdhkGmmDfJYxIU%2F5KKGNC6Bosk9SHsMTcPvpu6mtxM7HSwpbQg7la5m%2FAp4PR%2BZ%2Bw0nqPWNT5eBM8lMZuSFOQufZ0oLvWfW1ZX1eUuJV8bcgNRWjmNJMNg%2F2U"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=14400
cf-ray
898ea0bfbe1e5d79-FRA
alt-svc
h3=":443"; ma=86400
main.js
onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/ Frame DD8E
Redirect Chain
  • https://onyxphishing.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
8 KB
0
Script
General
Full URL
https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
Protocol
H3
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3afbede6d686c5685d591a6ed8a18adc1edde8da48c4b589f8fcbe1256be63f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 24 Jun 2024 18:02:15 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrKipT0lVyb%2FN8F09jTgVCxw1miTq7sPaS7T0TEZ4zB7EV9nHXRxKjcm5QLgznhLyw74wSDAadyUWkaKNI54ns5O4RByR9IKeChRqrIwY0dZS0A3ZEd6ETgZKtGT%2BivRvXAy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
898ea0b8ae375d79-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Mon, 24 Jun 2024 18:02:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SahLFs6BP4bABtp%2B469xOXdMmmWrSrUNidmAYRKJ244p9g5dHAQ%2BrVRD84M6YG3v4kDgTaflRz8xWKDPi8LcVXj1qLrRNUAsSB%2BKpiV%2F33xgGqzWb%2Fj%2BwPtYpd6GMIbBkLGZ"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/c7e29c8c8b6e/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
898ea0b83de35d79-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
898ea0b58a7d5d79
onyxphishing.org/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame DD8E
0
679 B
XHR
General
Full URL
https://onyxphishing.org/cdn-cgi/challenge-platform/h/b/jsd/r/898ea0b58a7d5d79
Requested by
Host: onyxphishing.org
URL: https://onyxphishing.org/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.215.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 24 Jun 2024 18:02:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RVv249QYODsmiWSPpQZxCQaTK4HkSTjAsJazUjzUi3zc5YkP%2Fu4Jbpwx3LL3byvAGKod7aGgPppzmzcreVfxg6yX0qkXOzOjbOhkPIoO%2FCUwRzGDk01CernWQPr5iIBPLDPp"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
898ea0ce4ec35d79-FRA
alt-svc
h3=":443"; ma=86400
content-length
0

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage object| __cfQR function| $ function| jQuery number| uidEvent object| bootstrap function| PerfectScrollbar boolean| __cfRLUnblockHandlers

2 Cookies

Domain/Path Name / Value
onyxphishing.org/ Name: PHPSESSID
Value: 8ka52brv41s99mvdfon052p7pe
.onyxphishing.org/ Name: cf_clearance
Value: ZTTR2fVx_lQPYSrAnsDghzkVihP9QVqAR_W1Ao1DJMA-1719252139-1.0.1.1-Ul4jsZ6M2KCA3u7K2dhUospz7ndnCk8SQm0OtqRqg1gSytw0n8s2.80lHihdAiFlW5dPJ7iyYZwgXSXgkr3aLw

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://onyxphishing.org/login/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://onyxphishing.org/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
onyxphishing.org
172.67.215.8
2606:4700:3031::6815:32f8
2a04:4e42::485
0c93ef2613d2207307a8e91ceb6719e0c6e313c10e58860bdaca02a849b72b97
270c24d7594c69e712dfc5841b7bb167b5d9311d3c491e880c010fc245781a51
2d94d51ce44ac060c0337445a3a6a8954d3912cfcc561981b127e8ff17ed0b9b
2ff6d556d912ad50670b60fabe34ff2abd19bd058d83eede68bde0bd93d49708
30cce6685d7d021791e4d8faf556282595fe8ed814f29349a977d48652b8d96d
38fa4c1c62d8e03985674aef0dadea6613ca52ca8dc74ef899a8873f0fbd5c26
4622d8f57a4463b4b9fbf85d646dd2486345901669c2595fb4921c1a5b29f0c4
4b7ce9994125d7d22ef6dbdadb6cc9290ae92aaf63d59bf3af9619c646bc3486
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
59c3d4149227f84e2aa682cea0734bfe5a7f991b3c80820fac98865bf23371db
5b1dcc860ae3f7127cc092a26d288c5f6fcd9e27fd336b96cc48ab94a7fb8bc2
7fa7d6e3b4039b59b4d4721ea7e523a42a4dc0b56405829df9f8696f8550fa01
924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac
950f6fe06869da2cad3bdd64bc88bc9ed6746335ceaf0c0f6d4e7f5b85f01731
97899f2699e15c5db8d3390d6f14d5c0f61aba899b3eab327d6ee0f3d7f210c5
bca64d524d21f8f6305406003284d503b4ab74108e0a9e866695d6a5db052579
c3afbede6d686c5685d591a6ed8a18adc1edde8da48c4b589f8fcbe1256be63f
c4772e97742bb0756ab29709b59debdfbca546b640277ff1f86935b0a72eca7f
c81596913c0ea12ebabd652d0a50bb67add450720543108fff5dfe3837793215
ca18bb26ea08e6d0be7f92c9ccda4d243c1cf767876e07bac62ee6b74e41faa6
cc1dd76abe28078cd5a69ee986ccf3a3d7e74bd95d9fff16db7700daca37dcfb
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d27e980d821ec562661f24cab514474d7be86a742b5e915fa6c7efd21e77aaf9
daac3e2e53f7f08075ec4af0001b3f968c9457dda98978f8012914c2611f788d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855