gd.thuu.xyz Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://grootcho.com/
Effective URL:
http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Submission: On July 04 via manual (July 4th 2022, 10:31:13 am UTC) from MA — Scanned from GB

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 13 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is gd.thuu.xyz.

This is the only time gd.thuu.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	139.45.197.153 139.45.197.153	9002 (RETN-AS) (RETN-AS)
1 2	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 11	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	5

1 139.45.197.153 (United Kingdom)

ASN9002 (RETN-AS, GB)

grootcho.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.237 (United Kingdom) 1 redirects

ASN9002 (RETN-AS, GB)

lassampy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.pxolp.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a06:98c1:3120::3 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

gd.thuu.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	thuu.xyz 3 redirects gd.thuu.xyz	51 KB
2	lassampy.com 1 redirects lassampy.com	5 KB
1	pxolp.xyz 1 redirects www.pxolp.xyz	881 B
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11393	492 B
1	grootcho.com grootcho.com	2 KB
0	Failed function sub() { [native code] }. Failed
13	6

	Domain	Requested by
11	gd.thuu.xyz	3 redirects gd.thuu.xyz
2	lassampy.com	1 redirects grootcho.com
1	www.pxolp.xyz	1 redirects
1	my.rtmark.net	lassampy.com
1	grootcho.com
0	Failed	gd.thuu.xyz
13	6

This site contains no links.

Subject Issuer	Validity	Valid
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-20` - `2022-11-26`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Frame ID: D9C705D0E72199AC81A26F1D0832D5E6
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Download Ready - ResultsAdder

Page URL History Show full URLs

http://grootcho.com/ Page URL
http://lassampy.com/4/2627325 Page URL
http://lassampy.com/?z=2627325&syncedCookie=true&rhd=false HTTP 302
http://www.pxolp.xyz/?s=1432423-1855928419-1572968523&visitor_id=567770978231542493 HTTP 302
http://gd.thuu.xyz/verify.php?xx=100205&s=1432423-1855928419-1572968523&visitor_id=567770978231... HTTP 302
http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493 Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Page Statistics

13
Requests

8 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

55 kB
Transfer

132 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://grootcho.com/ Page URL
http://lassampy.com/4/2627325 Page URL
http://lassampy.com/?z=2627325&syncedCookie=true&rhd=false HTTP 302
http://www.pxolp.xyz/?s=1432423-1855928419-1572968523&visitor_id=567770978231542493 HTTP 302
http://gd.thuu.xyz/verify.php?xx=100205&s=1432423-1855928419-1572968523&visitor_id=567770978231542493 HTTP 302
http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://gd.thuu.xyz/templates/resultsAdder-notopframe/js/main.min.js HTTP 302
http://gd.thuu.xyz/404.php

Request Chain 9

http://gd.thuu.xyz/ins/alert.mp3 HTTP 302
http://gd.thuu.xyz/404.php

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
grootcho.com/ 7 KB
2 KB 69ms
31ms Document
text/html 139.45.197.153
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://grootcho.com/
Protocol: HTTP/1.1
Server: 139.45.197.153 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: bc97755574a076a1cdc495fe2214b52e7c6a4dbf3309a9bbe5d5e630427f4e01

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 04 Jul 2022 10:31:08 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H/1.1 200
OK 2627325 Show response
lassampy.com/4/ 6 KB
4 KB 69ms
33ms Document
text/html 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://lassampy.com/4/2627325
Requested by: Host: grootcho.com
URL: http://grootcho.com/
Protocol: HTTP/1.1
Server: 139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 9a02712e7b27cd5f4da2ebb7ffc447314d292dfec262ff4d90603aaf569f647c

Request headers

Referer: http://grootcho.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: * *
Access-Control-Max-Age: 86400
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf8
Date: Mon, 04 Jul 2022 10:31:09 GMT
Expires: Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Pragma: no-cache no-cache
Server: nginx
Timing-Allow-Origin: *
Transfer-Encoding: chunked
X-Trace-Id: 6e51a0b32e7f41f4aeba898b0aa29d7c

GET
H2 200 img.gif
my.rtmark.net/ 43 B
492 B 100ms
30ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=7d35d3b663a943e7bcedd3480ff91fc1

Requested by

Host: lassampy.com
URL: http://lassampy.com/4/2627325

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://lassampy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 10:31:09 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H/1.1

200
OK

Primary Request / Show response
gd.thuu.xyz/ins/
Redirect Chain

http://lassampy.com/?z=2627325&syncedCookie=true&rhd=false
http://www.pxolp.xyz/?s=1432423-1855928419-1572968523&visitor_id=567770978231542493
http://gd.thuu.xyz/verify.php?xx=100205&s=1432423-1855928419-1572968523&visitor_id=567770978231542493
http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493

21 KB
8 KB

186ms
185ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.5.21
Resource Hash: 0dc019dc01e71c0a5f315e10cb14e1ce6b892013c788dd859e946ea232a9721b

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: http://lassampy.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 725730914d498871-LHR
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Jul 2022 10:31:10 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QkdtvrI1GTye5w0c5LFsdnWXfPQiLeems6YSzQQr0HJz1iOJSeIXx2ouCmnZjEbpzzd7dyIs9MVMoWgrf4SFWaSG8s4RfE9oMr1BYHrOVH0YMjwUexwA1c3Q%2F4pGzEI%2Ff0FcjNnJ%2Blm49A%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.21

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 7257308ffaad8871-LHR
Connection: keep-alive
Content-Type: text/html
Date: Mon, 04 Jul 2022 10:31:10 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAYI20yOlFE5697byXOlvJ4ksynM3zVlIK9nAMm9Jx0%2BSt7HsyzJNV6dt8n9ase%2BAauEGaTYUXWKbanjInVA4gtWDZ77%2FmI6B8HBBmBTE7JcVVbFmjjFx9kk5%2FFeBJSVA2bGUu2Keo50aA%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
X-Powered-By: PHP/5.5.21
location: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493#

GET
H/1.1 200
OK animate.min.css
gd.thuu.xyz/templates/resultsAdder-notopframe/css/ 57 KB
6 KB 33ms
32ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gd.thuu.xyz/templates/resultsAdder-notopframe/css/animate.min.css
Requested by: Host: gd.thuu.xyz
URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 10:31:10 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Tue, 21 Jun 2022 03:44:21 GMT
Server: cloudflare
Age: 2003
ETag: W/"62b13e95-e311"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=80k1ciGQ6ImG2b3Wsy2Yz8sxjHTMAubfOiw%2FGsz9EHpVE2snY1n0zMKMGbYCfZANeKLL3egsztE71VDWQ4ssYY3mNAefnGXTacPMs0vGZbQ9eMXz3U8GCU5g5kpcO7%2FprFnH0II2h1hZHg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 725730927fcc8871-LHR
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK css.css
gd.thuu.xyz/templates/resultsAdder-notopframe/css/ 2 KB
1 KB 72ms
45ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gd.thuu.xyz/templates/resultsAdder-notopframe/css/css.css
Requested by: Host: gd.thuu.xyz
URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbffe5cfa7b67bd85a32d363794169d895879375c870a82afb0571753b6a7878

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 10:31:10 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2000
Cf-Polished: origSize=2470
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 21 Jun 2022 03:44:21 GMT
Server: cloudflare
ETag: W/"62b13e95-9a6"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ph3rwYPBVZAgCCJjC5GcbFNWbtT84S4f7K4JTwdu%2FipP9GhIqJkRP2RdR9c%2B1Tsdkpe0Lf8PoxGbEylVuZAGEpVXVFsuZG20ETwDISfODs3FTOoMd1WIV5SQWr5rDGp8mdexG4XlAOjSdg%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 72573092abb871a2-LHR
Cf-Bgj: minify

GET
H/1.1 200
OK app.css
gd.thuu.xyz/templates/resultsAdder-notopframe/css/ 7 KB
3 KB 70ms
44ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gd.thuu.xyz/templates/resultsAdder-notopframe/css/app.css
Requested by: Host: gd.thuu.xyz
URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cca8b7cd31c9f89f5a1b5f0ca33e723a9d3b73c20f0697df68ab9bc3b48b410c

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 10:31:10 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1988
Cf-Polished: origSize=7311
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 21 Jun 2022 03:44:21 GMT
Server: cloudflare
ETag: W/"62b13e95-1c8f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VpNNhCwS%2BaKDosHbM85W9%2FlT0MP2dE5GGL15CyG3t4LUM6jvhA6kUu7rfYDGRE7HiCVYh6n5pD%2B%2BLu49Nc1OqbqbpgsW21RA8GdJv%2BeikC9etbuaUkggZNd2nZ4umuzDgLNR6QzOse0u4w%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 72573092ac6171e7-LHR
Cf-Bgj: minify

GET
H/1.1

200
OK

404.php Show response
gd.thuu.xyz/
Redirect Chain

http://gd.thuu.xyz/templates/resultsAdder-notopframe/js/main.min.js
http://gd.thuu.xyz/404.php

0
676 B

194ms
194ms

Script
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gd.thuu.xyz/404.php
Requested by: Host: gd.thuu.xyz
URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.5.21
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 10:31:10 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.5.21
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2BqEzLWSnC5O0ryOJMaBEzYoWwLW85uqzWxtd8Iy77pMf6OqAIQVY%2BPWzuF17q66xPO0CWeMLfDYkZgMHRHyPhFr7yQ%2BBuJi9pMMErmqF56SK%2Fq1MurBsMqcIqEbFekMeDCJF6%2BZ3FI7Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 72573093dacc88bc-LHR

Redirect headers

Date: Mon, 04 Jul 2022 10:31:10 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.5.21
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sOk3OLXw1cqvLPYrXTLh88rtS135nHH4adXSmKZUw%2FXJ9NSSV2wH8lHGmFI5g2vK8myBF6shFTltNjnrsGHnilLgxjmHRbCtCx8L%2BiHEg8kCiDCkIUCg8OhuEb0XqjmwsRtxEYOJvYlpXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html
Location: http://gd.thuu.xyz/404.php
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 72573092a83d88bc-LHR

GET
H/1.1 200
OK bowser.min.js Show response
gd.thuu.xyz/templates/resultsAdder-notopframe/js/ 8 KB
3 KB 82ms
56ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gd.thuu.xyz/templates/resultsAdder-notopframe/js/bowser.min.js
Requested by: Host: gd.thuu.xyz
URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b52f6b6011741e76cefa2be41164bbc9b33bba334b9ad15b03abad37b609d983

Request headers

Referer
Origin: http://gd.thuu.xyz
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 10:31:10 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Tue, 21 Jun 2022 03:44:21 GMT
Server: cloudflare
Age: 1975
ETag: W/"62b13e95-1edd"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1PVLTUgaM6PDbum5am3j5%2F4LRsfIkvy2Bhak2GduZa7ne0r7BngTEAw3XWJQ8oTm65F24FZWz912PsYsfea5i%2BMsgm11gDburT%2Bd0YG3%2BiXDB%2BBEep0j8DKpYMvvFMMnROOfBHU9F5Qkew%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 72573092abed8879-LHR
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 206
Partial Content chrome-install-en.mp3
gd.thuu.xyz/templates/resultsAdder-notopframe/css/ 24 KB
25 KB 35ms
34ms Media
audio/mpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gd.thuu.xyz/templates/resultsAdder-notopframe/css/chrome-install-en.mp3
Requested by: Host: gd.thuu.xyz
URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 587df51b1d65723c0d3a566c745768ce0348c9457d2a58cbec6d7d1dc379fa3b

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Range: bytes=0-

Response headers

Date: Mon, 04 Jul 2022 10:31:10 GMT
CF-Cache-Status: HIT
Last-Modified: Tue, 21 Jun 2022 03:44:21 GMT
Server: cloudflare
Age: 1999
ETag: "62b13e95-6180"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASeMwzJ4it4n4nJn9KjKD92N0mmH%2FHIPOHyUOYm9dTA8QlQ6EjhqZ1kmeHzFpYe5DimVYohKwZJUSqQGjf%2FY%2BvYYn8dnyErY21D192W%2FneMZcZ1vm%2BvWXcO1bGptxgHNC1O9ydycqjELIw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: audio/mpeg
Content-Range: bytes 0-24959/24960
Cache-Control: max-age=14400
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
CF-RAY: 725730954dce88bc-LHR
Content-Length: 24960

GET
H/1.1

200
OK

404.php
gd.thuu.xyz/
Redirect Chain

http://gd.thuu.xyz/ins/alert.mp3
http://gd.thuu.xyz/404.php

0
617 B

197ms
196ms

Media
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://gd.thuu.xyz/404.php
Requested by: Host: gd.thuu.xyz
URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.5.21
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 04 Jul 2022 10:31:11 GMT
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.5.21
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbLPbziB9NdLhHI254Wk1F8DcAXGAHvFUhHLYZMxRXZzYqNezffwO5BP4GgcewhGVdTkDAdbTFpncWLqEt%2BKYi7syk9ct78ZmkrfHqjEoFQY39itXpHv8LMjYP%2FoMA%2BrAPhSXi7tRPBvqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 725730966c488879-LHR

Redirect headers

Date: Mon, 04 Jul 2022 10:31:11 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
X-Powered-By: PHP/5.5.21
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgYF0ScDfQWtFgFS3CzveH4zF4jSYq2E00pj9P2LWRr7qJp2nYzoBgLcz%2BrcieWGxgdmC9HAgfYCG6d2M0trX2gcrKPLFdZRarkULm%2FU6So5y4JfPTHZU%2FefNbhs3sfLb8U%2FO1SGa5PHhA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html
Location: http://gd.thuu.xyz/404.php
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 7257309549958879-LHR

GET manifest.json
/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
URL: chrome-extension:///manifest.json

Domain
URL: chrome-extension:///manifest.json

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lassampy.com/	1970-01-20 13:01:06	Name: OAID Value: 7d35d3b663a943e7bcedd3480ff91fc1
lassampy.com/	1970-01-20 13:01:06	Name: oaidts Value: 1656930669
my.rtmark.net/	1970-01-20 13:01:06	Name: ID Value: 7d35d3b663a943e7bcedd3480ff91fc1
lassampy.com/	1970-01-20 04:25:35	Name: syncedCookie Value: true
.www.pxolp.xyz/	1970-01-24 03:33:20	Name: uid Value: u5693066962c2c16de1cd3046175762
.gd.thuu.xyz/	1970-01-24 03:33:20	Name: vt Value: 43355cf288b9e03aba087cfb62dec31c365ecec959
.thuu.xyz/	1970-01-24 03:33:20	Name: storeid Value: glbkbakagcfjpjapconciegplelijmbf
.thuu.xyz/	1970-01-24 03:33:20	Name: refurl Value: http%3A%2F%2Fgd.thuu.xyz%2Fverify.php%3Fxx%3D100205%26s%3D1432423-1855928419-1572968523%26visitor_id%3D567770978231542493
.thuu.xyz/	1970-01-24 03:33:20	Name: taskid Value: 100205
.gd.thuu.xyz/	1970-01-24 03:33:20	Name: subid Value: proyh
.gd.thuu.xyz/	1970-01-24 03:33:20	Name: ts Value: df3e2767bb7af3bf56fc6f7g1q1wcq4tcc6e2qemfe
.gd.thuu.xyz/	1970-01-24 03:33:20	Name: p Value: 100058
.thuu.xyz/	1970-01-24 03:33:20	Name: rqp Value: %7B%22id%22%3A%221656930670181%22%2C%22visitor_id%22%3A%22567770978231542493%22%7D
.gd.thuu.xyz/	1970-01-20 04:15:34	Name: vs Value: gd.thuu.xyz
.gd.thuu.xyz/	1970-01-24 03:33:20	Name: uid Value: u5693067162c2c16f03280249815984

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493# Message: Access to XMLHttpRequest at 'chrome-extension:///manifest.json' from origin 'http://gd.thuu.xyz' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension:///manifest.json Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://gd.thuu.xyz/ins/?id=1656930670181&visitor_id=567770978231542493# Message: Access to XMLHttpRequest at 'chrome-extension:///manifest.json' from origin 'http://gd.thuu.xyz' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension:///manifest.json Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.


gd.thuu.xyz
grootcho.com
lassampy.com
my.rtmark.net
www.pxolp.xyz

139.45.195.8
139.45.197.153
139.45.197.237
2a06:98c1:3120::3
2a06:98c1:3121::3
0dc019dc01e71c0a5f315e10cb14e1ce6b892013c788dd859e946ea232a9721b
3c770e90f98eb21b0c042fafb49755af93306fbaf42e449524f94fae9fc83295
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
587df51b1d65723c0d3a566c745768ce0348c9457d2a58cbec6d7d1dc379fa3b
9a02712e7b27cd5f4da2ebb7ffc447314d292dfec262ff4d90603aaf569f647c
b52f6b6011741e76cefa2be41164bbc9b33bba334b9ad15b03abad37b609d983
bbffe5cfa7b67bd85a32d363794169d895879375c870a82afb0571753b6a7878
bc97755574a076a1cdc495fe2214b52e7c6a4dbf3309a9bbe5d5e630427f4e01
cca8b7cd31c9f89f5a1b5f0ca33e723a9d3b73c20f0697df68ab9bc3b48b410c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

gd.thuu.xyz Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

8 %HTTPS

40 %IPv6

6 Domains

6 Subdomains

5 IPs

2 Countries

55 kBTransfer

132 kBSize

15 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

15 Cookies

4 Console Messages

Indicators

gd.thuu.xyz Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

8 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

55 kB
Transfer

132 kB
Size

15
Cookies

13 HTTP transactions
0 data transactions