sayhellotomalware.shop

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3030::ac43:cf74, located in United States and belongs to CLOUDFLARENET, US. The main domain is sayhellotomalware.shop.
TLS certificate: Issued by GTS CA 1P5 on January 17th 2024. Valid for: 3 months.

This is the only time sayhellotomalware.shop was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
4	2606:4700:303... 2606:4700:3030::ac43:cf74		13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	1

4 2606:4700:3030::ac43:cf74 (United States)

ASN13335 (CLOUDFLARENET, US)

sayhellotomalware.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	sayhellotomalware.shop sayhellotomalware.shop	2 MB
4	1

	Domain	Requested by
4	sayhellotomalware.shop	sayhellotomalware.shop
4	1

This site contains no links.

Subject Issuer	Validity	Valid
sayhellotomalware.shop GTS CA 1P5	`2024-01-17` - `2024-04-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sayhellotomalware.shop/get/65b897fcf73152c22b46900f
Frame ID: 092926F81B783DE70D7D7F5641DCF971
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

65b897fcf73152c22b46900f

Detected technologies

Blazor (Web frameworks) Expand

Overall confidence: 100%
Detected patterns

blazor\.server\.js

Page Statistics

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1595 kB
Transfer

3850 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 65b897fcf73152c22b46900f Show response sayhellotomalware.shop/get/	4 MB 2 MB	477ms 379ms	Document text/html	2606:4700:3030::ac43:cf74 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sayhellotomalware.shop/get/65b897fcf73152c22b46900f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:cf74 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `e4fc477462aedb4bc20af48d1c9008bdc8e3245e566fa3b6cae77b12f09d40ab` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, max-age=0 cf-cache-status DYNAMIC cf-ray 85257f28fbf674ba-MIA content-encoding gzip content-type text/html; charset=utf-8 date Thu, 08 Feb 2024 17:12:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kvQN%2FkFz%2BztTshshzhVk%2FS7WPIqny%2FO5ERzYDAWGBlVM3Zsmy%2B9qhrvQRsg1nus00okgjZpYrkvM7a7R4Jv%2FzAQP1AVk622xW6NOfQ5MWIRWvRhTQW%2BehPUBhl2ZRi7RZbclz8QbWhfi%2F85PujKAGdb6ORZl"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by ASP.NET
GET H2	200	blazor.server.js Show response sayhellotomalware.shop/_framework/	132 KB 38 KB	603ms 602ms	Script text/javascript	2606:4700:3030::ac43:cf74 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sayhellotomalware.shop/_framework/blazor.server.js Requested by Host: sayhellotomalware.shop URL: https://sayhellotomalware.shop/get/65b897fcf73152c22b46900f Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:cf74 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `24bc10d0d7489e9b4ed6ccbe3cdfff068622bfa87f229101d2b0d0f6923c14cf` Request headers accept-language en-US,en;q=0.9 Referer https://sayhellotomalware.shop/get/65b897fcf73152c22b46900f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 17:12:20 GMT content-encoding gzip cf-cache-status MISS last-modified Sat, 21 Oct 2023 00:31:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1da03b5f0861a4d" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=04dVHuw%2FOM6xvNmkr5NKRTuz89Qw9Jwla0FSImJ06%2FZjvDoWTIzk7znV96I8j%2B2o2K0lxdYiWFsMUzrfKikf7%2F%2BEWhdhPXNMtoAJceLQJBGhnWLURXD%2FFZ5dwYeweY6bFowrKVZuEblt4L%2F3PK7TQ6F8pIKB"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 85257f374a2674ba-MIA alt-svc h3=":443"; ma=86400
GET H3	200	initializers Show response sayhellotomalware.shop/_blazor/	2 B 511 B	266ms 266ms	Fetch application/json	2606:4700:3030::ac43:cf74 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sayhellotomalware.shop/_blazor/initializers Requested by Host: sayhellotomalware.shop URL: https://sayhellotomalware.shop/_framework/blazor.server.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:cf74 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945` Request headers accept-language en-US,en;q=0.9 Referer https://sayhellotomalware.shop/get/65b897fcf73152c22b46900f User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 17:12:21 GMT content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by ASP.NET report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YG%2Fr%2FRGqnMKcbFVP1AXgnGbkG9Hmr%2BJNmuysUTeoXS%2BwNfl9SKWq1r%2Bp97Ui9B8mSJQLpQ31SrjNkMURXsBMxFfjp5iJCx1xC8hoB5GwhOXjcVcSb0gc3ze8JjlUr%2BRzd%2BE96LnEiwO%2BueFp1q9iZ8wtlc2v"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 cf-ray 85257f3c5d106db5-MIA alt-svc h3=":443"; ma=86400
POST H3	200	negotiate Show response sayhellotomalware.shop/_blazor/	316 B 626 B	164ms 163ms	Fetch application/json	2606:4700:3030::ac43:cf74 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sayhellotomalware.shop/_blazor/negotiate?negotiateVersion=1 Requested by Host: sayhellotomalware.shop URL: https://sayhellotomalware.shop/_framework/blazor.server.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:cf74 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `75fe040aea56ee1f704872de00c809f167f42aec7c438467e9304e8c08d27825` Request headers Referer https://sayhellotomalware.shop/get/65b897fcf73152c22b46900f X-Requested-With XMLHttpRequest accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 X-SignalR-User-Agent Microsoft SignalR/0.0 (0.0.0-DEV_BUILD; Unknown OS; Browser; Unknown Runtime Version) Response headers date Thu, 08 Feb 2024 17:12:21 GMT content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by ASP.NET report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cl0VYoRbtG1Y1X6PwZAUA%2Fdv5ssabGT4%2FDeP5YC5w4Uzt%2B9WXKBsLxHh2UnBr5Hwsl562AOhk%2FR1V0r5zMf5ZgaCitUjzpxxMMTwuiaUHp8N%2BpxOL%2BTXNHozXhNGbq0HF2Dkm4xja0ZRCmLdHxk9efgiinwP"}],"group":"cf-nel","max_age":604800} content-type application/json cf-ray 85257f3e08126db5-MIA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| DotNet object| Blazor

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sayhellotomalware.shop
2606:4700:3030::ac43:cf74
24bc10d0d7489e9b4ed6ccbe3cdfff068622bfa87f229101d2b0d0f6923c14cf
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
75fe040aea56ee1f704872de00c809f167f42aec7c438467e9304e8c08d27825
e4fc477462aedb4bc20af48d1c9008bdc8e3245e566fa3b6cae77b12f09d40ab

sayhellotomalware.shop Open in urlscan Pro 2606:4700:3030::ac43:cf74 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

4 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1595 kBTransfer

3850 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

sayhellotomalware.shop Open in urlscan Pro
2606:4700:3030::ac43:cf74 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1595 kB
Transfer

3850 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions