finitefill.rf.gd Open in urlscan Pro
185.27.134.223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://finitefill.rf.gd/dca.html
Effective URL:
http://finitefill.rf.gd/dca.html?i=1
Submission: On August 06 via api (August 6th 2024, 5:54:09 pm UTC) from NL — Scanned from GB

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 9 domains to perform 15 HTTP transactions. The main IP is 185.27.134.223, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is finitefill.rf.gd.

This is the only time finitefill.rf.gd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	185.27.134.223 185.27.134.223	34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
3	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:50c0:800... 2606:50c0:8001::153	54113 (FASTLY) (FASTLY)
1	3.236.206.95 3.236.206.95	14618 (AMAZON-AES) (AMAZON-AES)
2	69.49.230.239 69.49.230.239	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
15	9

3 185.27.134.223 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)

finitefill.rf.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:50c0:8001::153 (United States)

ASN54113 (FASTLY, US)

lipis.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.236.206.95 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-236-206-95.compute-1.amazonaws.com

na1.documents.adobe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.49.230.239 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 69-49-230-239.webhostbox.net

shopget24.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1832 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 4508	56 KB
3	rf.gd finitefill.rf.gd	55 KB
2	shopget24.com shopget24.com	372 B
2	github.io lipis.github.io — Cisco Umbrella Rank: 388276	78 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	30 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 336	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	24 KB
1	adobe.com na1.documents.adobe.com — Cisco Umbrella Rank: 70264	2 KB
0	infinityfree.net Failed errors.infinityfree.net Failed
15	9

	Domain	Requested by
3	finitefill.rf.gd	finitefill.rf.gd
2	shopget24.com	finitefill.rf.gd
2	lipis.github.io	finitefill.rf.gd lipis.github.io
2	maxcdn.bootstrapcdn.com	finitefill.rf.gd
1	stackpath.bootstrapcdn.com	finitefill.rf.gd
1	ajax.googleapis.com	finitefill.rf.gd
1	cdnjs.cloudflare.com	finitefill.rf.gd
1	code.jquery.com	finitefill.rf.gd
1	na1.documents.adobe.com	finitefill.rf.gd
0	errors.infinityfree.net Failed
15	10

This site contains no links.

Subject Issuer	Validity	Valid
bootstrapcdn.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
*.github.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-15` - `2025-03-14`	a year	crt.sh
documents.adobe.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-23` - `2025-02-22`	a year	crt.sh
www.jsdelivr.shopget24.com R10	`2024-06-22` - `2024-09-20`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://finitefill.rf.gd/dca.html?i=1
Frame ID: CA83B57330792B3AA89E6037334C5040
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to continue

Page URL History Show full URLs

http://finitefill.rf.gd/dca.html HTTP 307
https://finitefill.rf.gd/dca.html HTTP 307
http://finitefill.rf.gd/dca.html Page URL
http://finitefill.rf.gd/dca.html?i=1 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

67 %
HTTPS

38 %
IPv6

9
Domains

10
Subdomains

9
IPs

4
Countries

252 kB
Transfer

593 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://finitefill.rf.gd/dca.html HTTP 307
https://finitefill.rf.gd/dca.html HTTP 307
http://finitefill.rf.gd/dca.html Page URL
http://finitefill.rf.gd/dca.html?i=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://finitefill.rf.gd/dca.html HTTP 307
https://finitefill.rf.gd/dca.html HTTP 307
http://finitefill.rf.gd/dca.html

Request Chain 14

http://finitefill.rf.gd/favicon.ico HTTP 302
https://errors.infinityfree.net/errors/404/

15 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

dca.html Show response
finitefill.rf.gd/
Redirect Chain

http://finitefill.rf.gd/dca.html
https://finitefill.rf.gd/dca.html
http://finitefill.rf.gd/dca.html

835 B
1 KB

57ms
57ms

Document
text/html

185.27.134.223
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://finitefill.rf.gd/dca.html
Protocol: HTTP/1.1
Server: 185.27.134.223 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software: nginx /
Resource Hash: 75a691589c45720e3b7c7b1544ed14639b5f6a305b48dd06f6cb99016c302d4f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Cache-Control: no-cache
Connection: keep-alive
Content-Length: 835
Content-Type: text/html
Date: Tue, 06 Aug 2024 17:54:03 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: nginx

Redirect headers

Location: http://finitefill.rf.gd/dca.html
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK aes.js
finitefill.rf.gd/ 13 KB
14 KB 60ms
58ms Script
application/javascript 185.27.134.223
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://finitefill.rf.gd/aes.js
Requested by: Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html
Protocol: HTTP/1.1
Server: 185.27.134.223 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: http://finitefill.rf.gd/dca.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 06 Aug 2024 17:54:03 GMT
Last-Modified: Sun, 15 Oct 2023 16:54:07 GMT
Server: nginx
ETag: "652c192f-35a5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13733

GET
H/1.1 200
OK Primary Request dca.html Show response
finitefill.rf.gd/ 40 KB
40 KB 92ms
91ms Document
text/html 185.27.134.223
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://finitefill.rf.gd/dca.html?i=1
Requested by: Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html
Protocol: HTTP/1.1
Server: 185.27.134.223 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software: nginx /
Resource Hash: ca72e510ed12fbd2cba8bc6cc2d5085a136dc90ed2ff2213ff17b23d9a96c85c

Request headers

Referer: http://finitefill.rf.gd/dca.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=2592000, public, proxy-revalidate
Connection: keep-alive
Content-Length: 41079
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Aug 2024 17:54:03 GMT
ETag: "a077-61e91a3d582d0"
Expires: Thu, 05 Sep 2024 17:54:03 GMT
Last-Modified: Wed, 31 Jul 2024 21:18:48 GMT
Server: nginx

GET
H3 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
25 KB 102ms
55ms Stylesheet
text/css 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://finitefill.rf.gd/
Origin: http://finitefill.rf.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 17:54:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 951
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 156227
cdn-cachedat: 03/18/2024 12:15:40
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"450fc463b8b1a349df717056fbb3e078"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 4237be69ecfeccdb092cb743212d82cc
timing-allow-origin: *
cdn-requestcountrycode: FR
cdn-status: 200
cf-ray: 8af0e3dc1f0c7726-LHR
cdn-requestpullsuccess: True

GET
H2 200 font-awesome.css
lipis.github.io/bootstrap-social/assets/css/ 34 KB
7 KB 233ms
127ms Stylesheet
text/css 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lipis.github.io/bootstrap-social/assets/css/font-awesome.css
Requested by: Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 34f195f17d62b4789625aa8cb3535024a72d40fc4d88ee1383154688b9bfaa27

Request headers

Referer: http://finitefill.rf.gd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires: Tue, 06 Aug 2024 16:02:50 GMT
x-fastly-request-id: 7492355d3b7dc1461786bd5dba8d3c5605372549
date: Tue, 06 Aug 2024 17:54:04 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 0
age: 0
x-cache: HIT
content-length: 7075
x-served-by: cache-lon4240-LON
last-modified: Sun, 19 Feb 2017 02:54:15 GMT
server: GitHub.com
x-github-request-id: 237C:160558:E239EF:EAA543:66B246CF
x-timer: S1722966845.873031,VS0,VE83
etag: W/"58a908d7-8938"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
x-proxy-cache: MISS

GET
H/1.1 200
OK email-adobe-tag-classic@2x.png
na1.documents.adobe.com/images/emailNextGen/ 1 KB
2 KB 463ms
149ms Image
image/png 3.236.206.95
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://na1.documents.adobe.com/images/emailNextGen/email-adobe-tag-classic@2x.png

Requested by

Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.236.206.95 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-236-206-95.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

b9df6945ed176260ac7b4c0b1b15865c75b56369c11615a12ba2dd5e8cd3669c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://finitefill.rf.gd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 17:54:05 GMT
x-content-type-options: nosniff
last-modified: Mon, 18 Jul 2011 19:00:00 GMT
server: istio-envoy
etag: W/"1305-1311015600000"
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png;charset=UTF-8
cache-control: max-age=315360000
x-envoy-upstream-service-time: 2
accept-ranges: bytes
x-robots-tag: none
content-length: 1305
x-xss-protection: 1; mode=block
expires: Fri, 04 Aug 2034 17:54:05 GMT

GET
H/1.1 200
OK hack-run.png
shopget24.com/images/sampledata/ 0
186 B 1248ms
157ms Image
image/png 69.49.230.239
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://shopget24.com/images/sampledata/hack-run.png
Requested by: Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1
Protocol: HTTP/1.1
Server: 69.49.230.239 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-230-239.webhostbox.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://finitefill.rf.gd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 06 Aug 2024 17:54:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK hack-run.png
shopget24.com/images/sampledata/ 0
186 B 1444ms
155ms Image
image/png 69.49.230.239
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shopget24.com/images/sampledata/hack-run.png
Requested by: Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.230.239 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-230-239.webhostbox.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://finitefill.rf.gd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Tue, 06 Aug 2024 17:54:04 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: image/png

GET
H2 200 jquery-3.2.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 138ms
44ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by: Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer: http://finitefill.rf.gd/
Origin: http://finitefill.rf.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 17:54:04 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 728436
x-cache: HIT, HIT
content-length: 23856
x-served-by: cache-lga21963-LGA, cache-lcy-eglc8600086-LCY
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1722966845.914388,VS0,VE0
etag: W/"28feccc0-10fdd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 20, 1707

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
7 KB 105ms
55ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: http://finitefill.rf.gd/
Origin: http://finitefill.rf.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 17:54:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1654572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6157
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RicCe5pL193iKsqPW4QI9tvSRToQTLnRdnq7G2GsEjpUmvYJjaHkZHyF6MahQh%2BP0Drv6pwBWwMWLEBAnEe4wkK6AtMdSBgHlF1CQxYKonwPtkCyfG%2BlO6WpLZ755AjOVoAkdrWT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8af0e3dc6b8763ed-LHR
expires: Sun, 27 Jul 2025 17:54:04 GMT

GET
H3 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
15 KB 90ms
89ms Script
application/javascript 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://finitefill.rf.gd/
Origin: http://finitefill.rf.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 17:54:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 946
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 156227
cdn-cachedat: 03/18/2024 12:08:58
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: fa39cda713423d4446b584e0fd6992c2
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 8af0e3dc2f1d7726-LHR
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 183ms
61ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://finitefill.rf.gd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 22:50:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68605
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Aug 2025 22:50:39 GMT

GET
H3 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
16 KB 115ms
66ms Script
application/javascript 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: finitefill.rf.gd
URL: http://finitefill.rf.gd/dca.html?i=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://finitefill.rf.gd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 17:54:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1048
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 12173361
cdn-cachedat: 10/31/2023 18:58:40
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"67176c242e1bdc20603c878dee836df3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: f4f838df79fc133911a060d7c6bb0f5c
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 8af0e3dc6df8369a-LHR
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ 24 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd839f52a245938ef7a4642a89c412b34b336581d20bed6d9a902a18f3d4ccbd

Request headers

Referer: http://finitefill.rf.gd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 fontawesome-webfont.woff2
lipis.github.io/bootstrap-social/assets/fonts/ 70 KB
71 KB 223ms
129ms Font
font/woff2 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lipis.github.io/bootstrap-social/assets/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by: Host: lipis.github.io
URL: https://lipis.github.io/bootstrap-social/assets/css/font-awesome.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Request headers

Referer: https://lipis.github.io/bootstrap-social/assets/css/font-awesome.css
Origin: http://finitefill.rf.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires: Tue, 06 Aug 2024 10:36:07 GMT
x-fastly-request-id: b9d806fd1dfb4fdc9ecceb137b0fe067144b181a
date: Tue, 06 Aug 2024 17:54:05 GMT
via: 1.1 varnish
x-cache-hits: 0
age: 0
x-cache: HIT
content-length: 71896
x-served-by: cache-lon4278-LON
last-modified: Sun, 19 Feb 2017 02:54:15 GMT
server: GitHub.com
x-github-request-id: 5569:5FA99:C852D8:CFDE48:66B1FA3E
x-timer: S1722966845.110921,VS0,VE84
etag: "58a908d7-118d8"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS

GET

/
errors.infinityfree.net/errors/404/
Redirect Chain

http://finitefill.rf.gd/favicon.ico
https://errors.infinityfree.net/errors/404/

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: errors.infinityfree.net
URL: https://errors.infinityfree.net/errors/404/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			finitefill.rf.gd/	1970-01-21 08:12:06	Name: __test Value: 9e8d7cb7a445fa6e457058c1a52df3ad

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: http://finitefill.rf.gd/dca.html?i=1 Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
errors.infinityfree.net
finitefill.rf.gd
lipis.github.io
maxcdn.bootstrapcdn.com
na1.documents.adobe.com
shopget24.com
stackpath.bootstrapcdn.com
errors.infinityfree.net
104.17.25.14
104.18.11.207
185.27.134.223
2606:50c0:8001::153
2a00:1450:4001:82b::200a
2a04:4e42:200::649
3.236.206.95
69.49.230.239
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
34f195f17d62b4789625aa8cb3535024a72d40fc4d88ee1383154688b9bfaa27
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
75a691589c45720e3b7c7b1544ed14639b5f6a305b48dd06f6cb99016c302d4f
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b9df6945ed176260ac7b4c0b1b15865c75b56369c11615a12ba2dd5e8cd3669c
ca72e510ed12fbd2cba8bc6cc2d5085a136dc90ed2ff2213ff17b23d9a96c85c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fd839f52a245938ef7a4642a89c412b34b336581d20bed6d9a902a18f3d4ccbd

finitefill.rf.gd Open in urlscan Pro 185.27.134.223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

67 %HTTPS

38 %IPv6

9 Domains

10 Subdomains

9 IPs

4 Countries

252 kBTransfer

593 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

finitefill.rf.gd Open in urlscan Pro
185.27.134.223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

67 %
HTTPS

38 %
IPv6

9
Domains

10
Subdomains

9
IPs

4
Countries

252 kB
Transfer

593 kB
Size

1
Cookies

15 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!