xjdhaj9cb.xyzwhmcs.com Open in urlscan Pro
103.205.18.66 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xjdhaj9cb.xyzwhmcs.com:25000/
Effective URL:
http://xjdhaj9cb.xyzwhmcs.com:25000/login.php
Submission: On November 08 via manual (November 8th 2024, 9:05:26 pm UTC) from IT — Scanned from IT

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 103.205.18.66, located in Lao People's Democratic Republic and belongs to SAFEVALUE-AS, SC. The main domain is xjdhaj9cb.xyzwhmcs.com.

This is the only time xjdhaj9cb.xyzwhmcs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	103.205.18.66 103.205.18.66	42745 (SAFEVALUE-AS) (SAFEVALUE-AS)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
4	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
15	3

11 103.205.18.66 (Lao People's Democratic Republic) 1 redirects

ASN42745 (SAFEVALUE-AS, SC)

xjdhaj9cb.xyzwhmcs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	xyzwhmcs.com 1 redirects xjdhaj9cb.xyzwhmcs.com	862 KB
4	gstatic.com fonts.gstatic.com	72 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
15	3

	Domain	Requested by
11	xjdhaj9cb.xyzwhmcs.com	1 redirects xjdhaj9cb.xyzwhmcs.com
4	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	xjdhaj9cb.xyzwhmcs.com
15	3

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php
Frame ID: E56B05468C3187262C794118EC0018D1
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LUCKY LIVE

Page URL History Show full URLs

http://xjdhaj9cb.xyzwhmcs.com:25000/ HTTP 307
https://xjdhaj9cb.xyzwhmcs.com:25000/ HTTP 307
http://xjdhaj9cb.xyzwhmcs.com:25000/ HTTP 302
http://xjdhaj9cb.xyzwhmcs.com:25000/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

15
Requests

33 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

935 kB
Transfer

1604 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xjdhaj9cb.xyzwhmcs.com:25000/ HTTP 307
https://xjdhaj9cb.xyzwhmcs.com:25000/ HTTP 307
http://xjdhaj9cb.xyzwhmcs.com:25000/ HTTP 302
http://xjdhaj9cb.xyzwhmcs.com:25000/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
xjdhaj9cb.xyzwhmcs.com/
Redirect Chain

http://xjdhaj9cb.xyzwhmcs.com:25000/
https://xjdhaj9cb.xyzwhmcs.com:25000/
http://xjdhaj9cb.xyzwhmcs.com:25000/
http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

5 KB
2 KB

126ms
126ms

Document
text/html

103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

8f6fa97fcf98c0c0e2188d800a5425d77e29cce2857df97d90aaab967eaf6e63

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Type: text/html; charset=UTF-8
Date: Fri, 08 Nov 2024 21:05:19 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Type: text/html; charset=UTF-8
Date: Fri, 08 Nov 2024 21:05:19 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: ./login.php
Pragma: no-cache
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icons.css
xjdhaj9cb.xyzwhmcs.com/assets/css/ 311 KB
60 KB 98ms
97ms Stylesheet
text/css 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/assets/css/icons.css

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

f47d3a4011c1fafac2c0dac2dad0c4a43c0ceda1fe71d91bb662f4fc5fc95ac4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Encoding: gzip
ETag: W/"64e15241-4dd4c"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Date: Fri, 08 Nov 2024 21:05:19 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/css
Last-Modified: Sat, 19 Aug 2023 23:37:37 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK bootstrap.css
xjdhaj9cb.xyzwhmcs.com/assets/css/ 243 KB
44 KB 327ms
91ms Stylesheet
text/css 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/assets/css/bootstrap.css

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

3438a50af09401fdbb6a6002f3c6c59283f9be1edfe910b9bc8a07df8d8b6f45

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Encoding: gzip
ETag: W/"64e15241-3cbfb"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Date: Fri, 08 Nov 2024 21:05:19 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/css
Last-Modified: Sat, 19 Aug 2023 23:37:37 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK app.css
xjdhaj9cb.xyzwhmcs.com/assets/css/ 90 KB
21 KB 414ms
81ms Stylesheet
text/css 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/assets/css/app.css

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

1e0fb1ceb598a3796658a2037a1fb0d6b874d729abf1b2bafdef1fa5ef639cc2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Encoding: gzip
ETag: W/"64e15241-16798"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Date: Fri, 08 Nov 2024 21:05:19 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/css
Last-Modified: Sat, 19 Aug 2023 23:37:37 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK logoL.png
xjdhaj9cb.xyzwhmcs.com/assets/images/ 8 KB
8 KB 493ms
77ms Image
image/png 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/assets/images/logoL.png

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

d67e3ac43c78e4bc798d8e8f37cd5b2df87415a58501a7a4c8dffe7f19e7466a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
ETag: "64e548a1-1f11"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Accept-Ranges: bytes
Content-Length: 7953
Date: Fri, 08 Nov 2024 21:05:19 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Last-Modified: Tue, 22 Aug 2023 23:45:37 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK vendor.min.js Show response
xjdhaj9cb.xyzwhmcs.com/assets/js/ 186 KB
70 KB 587ms
93ms Script
application/javascript 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/assets/js/vendor.min.js

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

9d13b8fd5bcfb89d4acf3d12e10f0eaa34b73a75654b38ee42bdc5c8abaa8c7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Encoding: gzip
ETag: W/"64e15241-2e8ab"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Date: Fri, 08 Nov 2024 21:05:19 GMT
X-XSS-Protection: 1; mode=block
Content-Type: application/javascript
Last-Modified: Sat, 19 Aug 2023 23:37:37 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK parsley.min.js Show response
xjdhaj9cb.xyzwhmcs.com/assets/libs/parsleyjs/ 42 KB
15 KB 686ms
100ms Script
application/javascript 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/assets/libs/parsleyjs/parsley.min.js

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

5ea1268f16c83d70e4d75990a64f5ca59c584fef26472548924a3c990cd7df2f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Encoding: gzip
ETag: W/"64e15241-a84f"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Date: Fri, 08 Nov 2024 21:05:20 GMT
X-XSS-Protection: 1; mode=block
Content-Type: application/javascript
Last-Modified: Sat, 19 Aug 2023 23:37:37 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 143ms
49ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Work+Sans:400,500,600

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/assets/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d32f473366d2798c7eb7a394ba3413dd235397f796261bb425604fda482428bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/assets/css/app.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 21:05:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 21:05:19 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 08 Nov 2024 21:05:19 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H/1.1 200
OK 1.png
xjdhaj9cb.xyzwhmcs.com/assets/images/bg/ 409 KB
410 KB 225ms
92ms Image
image/png 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/assets/images/bg/1.png

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

5cac64c8b4cac72b5709eff25867a830b91cdc938baf62c024b35353fcad91fd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
ETag: "66ad1584-664eb"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Accept-Ranges: bytes
Content-Length: 419051
Date: Fri, 08 Nov 2024 21:05:20 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Last-Modified: Fri, 02 Aug 2024 17:21:08 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H3 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 193ms
92ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Work+Sans:400,500,600

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: http://xjdhaj9cb.xyzwhmcs.com:25000
Referer: https://fonts.googleapis.com/

Response headers

age: 192182
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:42:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:42:18 GMT
last-modified: Fri, 22 Mar 2024 00:00:32 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7816
x-xss-protection: 0
server: sffe

GET
H3 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v19/ 49 KB
50 KB 169ms
69ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v19/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Work+Sans:400,500,600

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

6912f7388531e949bd5406b5668cd6b55fea4cc7e2d123dbaed489054dd98438

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: http://xjdhaj9cb.xyzwhmcs.com:25000
Referer: https://fonts.googleapis.com/

Response headers

age: 191797
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:48:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:48:43 GMT
last-modified: Thu, 14 Sep 2023 01:13:52 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 50668
x-xss-protection: 0
server: sffe

GET
H3 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 202ms
102ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Work+Sans:400,500,600

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: http://xjdhaj9cb.xyzwhmcs.com:25000
Referer: https://fonts.googleapis.com/

Response headers

age: 192506
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:36:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:36:54 GMT
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7748
x-xss-protection: 0
server: sffe

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 160ms
59ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Work+Sans:400,500,600

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: http://xjdhaj9cb.xyzwhmcs.com:25000
Referer: https://fonts.googleapis.com/

Response headers

age: 336498
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 04 Nov 2025 23:37:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 04 Nov 2024 23:37:02 GMT
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7884
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK 2.png
xjdhaj9cb.xyzwhmcs.com/assets/images/bg/ 215 KB
215 KB 470ms
78ms Image
image/png 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/assets/images/bg/2.png

Requested by

Host: xjdhaj9cb.xyzwhmcs.com
URL: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

212ebd3c216a1936d03aa37e621476e59a4c6dff92ba6db93c72a4160965da39

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
ETag: "66ad1587-35bcd"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Accept-Ranges: bytes
Content-Length: 220109
Date: Fri, 08 Nov 2024 21:05:20 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Last-Modified: Fri, 02 Aug 2024 17:21:11 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK favicon.ico
xjdhaj9cb.xyzwhmcs.com/ 17 KB
17 KB 95ms
95ms Other
image/x-icon 103.205.18.66
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://xjdhaj9cb.xyzwhmcs.com:25000/favicon.ico

Protocol

HTTP/1.1

Server

103.205.18.66 , Lao People's Democratic Republic, ASN42745 (SAFEVALUE-AS, SC),

Reverse DNS

Software

nginx /

Resource Hash

306f09e4058d1ce013a9d3291689c643cc688a8c1e6d7ee87c0ddd3319000044

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: http://xjdhaj9cb.xyzwhmcs.com:25000/login.php

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
ETag: "6693cbbe-423e"
Connection: keep-alive
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Accept-Ranges: bytes
Content-Length: 16958
Date: Fri, 08 Nov 2024 21:05:20 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/x-icon
Last-Modified: Sun, 14 Jul 2024 12:59:42 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xjdhaj9cb.xyzwhmcs.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: osbnsm0penve6idgmc19at9qlp

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
xjdhaj9cb.xyzwhmcs.com
103.205.18.66
142.250.186.35
2a00:1450:4001:812::200a
1e0fb1ceb598a3796658a2037a1fb0d6b874d729abf1b2bafdef1fa5ef639cc2
212ebd3c216a1936d03aa37e621476e59a4c6dff92ba6db93c72a4160965da39
306f09e4058d1ce013a9d3291689c643cc688a8c1e6d7ee87c0ddd3319000044
3438a50af09401fdbb6a6002f3c6c59283f9be1edfe910b9bc8a07df8d8b6f45
5cac64c8b4cac72b5709eff25867a830b91cdc938baf62c024b35353fcad91fd
5ea1268f16c83d70e4d75990a64f5ca59c584fef26472548924a3c990cd7df2f
6912f7388531e949bd5406b5668cd6b55fea4cc7e2d123dbaed489054dd98438
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8f6fa97fcf98c0c0e2188d800a5425d77e29cce2857df97d90aaab967eaf6e63
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9d13b8fd5bcfb89d4acf3d12e10f0eaa34b73a75654b38ee42bdc5c8abaa8c7a
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d32f473366d2798c7eb7a394ba3413dd235397f796261bb425604fda482428bc
d67e3ac43c78e4bc798d8e8f37cd5b2df87415a58501a7a4c8dffe7f19e7466a
f47d3a4011c1fafac2c0dac2dad0c4a43c0ceda1fe71d91bb662f4fc5fc95ac4

xjdhaj9cb.xyzwhmcs.com Open in urlscan Pro 103.205.18.66 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

33 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

935 kBTransfer

1604 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

xjdhaj9cb.xyzwhmcs.com Open in urlscan Pro
103.205.18.66 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

33 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

935 kB
Transfer

1604 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions