| wdrrx66ae.cc/invite/i=27020 |  104.21.2.5 | 200 OK | 5.9 kB |
URL User Request POST HTTP/1.1wdrrx66ae.cc/invite/i=27020 IP104.21.2.5:80
File typeHTML document, ASCII text, with very long lines (14492), with no line terminators Hashbc0eef4853987a407645102df3509d49 4f01dfd0fdc5bdbe5b0e0a89d5ae9737cf54bee3 ff96859610ec002c018c0cdecddc1e302e90127913f919a648e0a309f614eabc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /invite/i=27020 HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: i/kUWGeAjdIe369KSrasudoc0JX/XHLae0m+oa2C8P7hYp7wjy+m/X/X3D5QAL8yZox/EVQrQmFcTmGOjl6GHRgAoXWvTJJFzfL+Phbx/6Q=$6LLYsDHvIUoxb9S7zRaMag==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULevQ%2F2Kh2rDPIgTjQHTuFapG8AkdDnEzDtl%2BEXnOdBNInoyy7YKPDWROaZA6F6g4gtWQEC0WmWJnLxcG33IlYdvHLNq%2BWdIUt0nGfzlGQunbeO0QAsMctFkeKCCd%2Fc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880992fb5bea5687-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880992fb5bea5687 |  172.67.128.116 | | 112 kB |
URL wdrrx66ae.cc/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880992fb5bea5687 IP172.67.128.116:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (111964 bytes) Hash7c47e06b970fe49f43bd5145944b6695 d7dad9c7157e458d844c92b1faf6211650937ccb c8304b477a2fc21300ef8272accb6b20f724df8df5165373d3569921a767b544
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880992fb5bea5687 HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://wdrrx66ae.cc/invite/i=27020?__cf_chl_rt_tk=Eiqjy4hSQwQvceA7h6MfWDNl3Qb8qLG1iUuUu6DqpIo-1715172612-0.0.1.1-1493
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:12 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s0%2B0QrFJl4mYZte1L79aX1qeJxNhde7NBK2zIzDyxvxVQVYCOXuCx8wsirshetfswA5QtQI6NZe8bPpldwelgGlPhD7WlfYZ9QfaIqCzy6jzuKrlnteqsSqtoO1RZeA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880992fd1d860b65-OSL
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/favicon.ico | 172.67.128.116 | | 993 B |
IP172.67.128.116:0
File typeHTML document, ASCII text, with very long lines (2702), with no line terminators Hasha269d1b9af62260b15a84498b9f09b5a ed59847831f68fbd0236848e7549a36bd9be0bca 9edf42ca5d82393ac76422535bd56eb75cca044659a9e15789179a4a3d485bbc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://wdrrx66ae.cc/invite/i=27020?__cf_chl_rt_tk=Eiqjy4hSQwQvceA7h6MfWDNl3Qb8qLG1iUuUu6DqpIo-1715172612-0.0.1.1-1493
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 08 May 2024 10:32:10 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHMpEa3MJPvsZ1rdPqwVR1oTXk4uFI4Pywv6C7fakANNCtp1lfldjBHfFyN9fmfJk2FBPoHIoc9WXj7deZkNHRu9c%2FV%2BGb3Mhq888wQbTvGKuCUdiV3BhUNGxA9Uzk8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880992fd8e270b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/cdn-cgi/challenge-platform/h/b/flow/ov1/140622299:1715171397:Ix3pvztqaSPAwqppFAT-jUGfxmzY5S5AsG6ZShVNLg0/880992fb5bea5687/870853117e2eef9 | 172.67.128.116 | | 12 kB |
URL wdrrx66ae.cc/cdn-cgi/challenge-platform/h/b/flow/ov1/140622299:1715171397:Ix3pvztqaSPAwqppFAT-jUGfxmzY5S5AsG6ZShVNLg0/880992fb5bea5687/870853117e2eef9 IP172.67.128.116:0
File typeASCII text, with very long lines (16216), with no line terminators Hasha0dd579d50ed82dd54e7f6a386d1c980 6ad4861744372a32f7de4ce9a84d7896cd898597 26576ca201b0129f03be4e8a1303fa3defb5f7079b8a83489a92a3768d57db72
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/140622299:1715171397:Ix3pvztqaSPAwqppFAT-jUGfxmzY5S5AsG6ZShVNLg0/880992fb5bea5687/870853117e2eef9 HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://wdrrx66ae.cc/invite/i=27020
Content-type: application/x-www-form-urlencoded
CF-Challenge: 870853117e2eef9
Content-Length: 1729
Origin: http://wdrrx66ae.cc
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=870853117e2eef9
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:13 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: NBjo7gIvzzj7DwnUHbh2tnTD9HUdVMft5Ooa3DvVkLodIsbwojUshbDDmEFFohWF$kinapQkxy25AldpU8COCqA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zMGkJIliuP%2F2DyqRa7%2FMHiBwrcd%2F9kThbwwdTOHhQOdGzlYtLiy6dk%2F0SqKlT4rLx%2F8aweU6CWDKEh5cXRbg4j7DW39v2gxzb2gS3mSHbN3MruJnHi%2BUoIBKTmSjOgk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880992ff3f890b65-OSL
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/favicon.ico | 172.67.128.116 | | 993 B |
IP172.67.128.116:0
File typeHTML document, ASCII text, with very long lines (2702), with no line terminators Hasha269d1b9af62260b15a84498b9f09b5a ed59847831f68fbd0236848e7549a36bd9be0bca 9edf42ca5d82393ac76422535bd56eb75cca044659a9e15789179a4a3d485bbc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://wdrrx66ae.cc/invite/i=27020
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=870853117e2eef9
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 08 May 2024 10:32:10 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y09DbLNn85kjEmTgm7S42uTTkKQnaByJ%2BLfxHK9pz0VaRthoo6kBxjmwiM3zVMHfj3sXDSsPdrHyQmnGmcKnzAeWoO81X8U33xvqGXsJ%2FB5KUSffAGl1wI65eLOY0yU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880992fe7a0fb527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit | 104.17.2.184 | | 14 kB |
URL challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (42565) Hasha5b92920e25651d2058f4982a108347b caeeadd68d38fdb681c52006c68880abc2e8a1a6 49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5
GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://wdrrx66ae.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 12:50:12 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=604800, public
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 880992fe99d556a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1482418916:1715171329:wK1-eY5Sc804eAYoGowMlUM7oe8KvFE68Dxok369QUo/880993004a8156c3/2e13ff879396fce | 104.17.2.184 | | 118 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1482418916:1715171329:wK1-eY5Sc804eAYoGowMlUM7oe8KvFE68Dxok369QUo/880993004a8156c3/2e13ff879396fce IP104.17.2.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size118 kB (118165 bytes) Hash958497c586777783bf6b91fb6d8b5292 83cda9bd042b9c40df4c6877b33ef3bd63b65c89 bde5a1911fce24ef24a1bfeb84aade79e3f4e580d3fdde04729285ac98eae69e
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1482418916:1715171329:wK1-eY5Sc804eAYoGowMlUM7oe8KvFE68Dxok369QUo/880993004a8156c3/2e13ff879396fce HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/74fnd/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 2e13ff879396fce
Content-Length: 3396
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 12:50:13 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: x55LYwxePpRUmqDgln7BMb0ZZPr+Ab67mAQBz2k4d3y7KpzdVP7cqAL4I9iI2eOqjpmaORQqQWoV/6aXUiKwl4iCs/sqvuvHpzNYYjONTixiYvMV2psNmlQg7KDAUFSE9a9C239zcJnjUm383HcHpnvMXgvs9ZKiE+G971zPWbhMXRsM4EnSIBQ0KjkKugn8BZ56ybWzzPo+zEctMRCzxi7NeGTYVUTGSkIhmlsa25eusAEslMT2W9ZFt/oLgl9diu0dwhOr/ruKaY6K+c4WG+JR0Pp8njgBSsZEahjbSdtiJUqu3URMLgMQ7Za+b0fwra9Xlsys76IIK/YKv0cBZCIpFxWjC4964P1jwyMNOk2w5Z+Kr1jc9cvVOQPRPedUM4D2/Zw1IcNlpizXv3Wr3zQvjUDsU2Bzw7JaQs6MkBiVeghXrIdoKMUs1zUVWfz9lDrmDu5/D3jUjgvoCwn1iNApZka706f5bb+Wm2t0Mwc=$lOs0iVErljGdBRvwCobZmA==
vary: accept-encoding
server: cloudflare
cf-ray: 880993031d3d56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880993004a8156c3/1715172613633/EvhMP6lPpmjj-59 | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880993004a8156c3/1715172613633/EvhMP6lPpmjj-59 IP104.17.2.184:0
File typePNG image data, 94 x 45, 8-bit/color RGB, non-interlaced Hashaac346f06a95824d2c47e28b6c66d09c a639d005c124774c2d588b9ab117cb7fcd88001a e30b94fc4473b123f120ff3178411e490b3e8edabfe14d74ea2d54ad0709fdb7
GET /cdn-cgi/challenge-platform/h/b/i/880993004a8156c3/1715172613633/EvhMP6lPpmjj-59 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/74fnd/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 12:50:15 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8809930f9b9456c3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| wdrrx66ae.cc/cdn-cgi/challenge-platform/h/b/flow/ov1/140622299:1715171397:Ix3pvztqaSPAwqppFAT-jUGfxmzY5S5AsG6ZShVNLg0/880992fb5bea5687/870853117e2eef9 | 172.67.128.116 | | 2.7 kB |
URL wdrrx66ae.cc/cdn-cgi/challenge-platform/h/b/flow/ov1/140622299:1715171397:Ix3pvztqaSPAwqppFAT-jUGfxmzY5S5AsG6ZShVNLg0/880992fb5bea5687/870853117e2eef9 IP172.67.128.116:0
File typeASCII text, with very long lines (3548), with no line terminators Hash37f5c44e2db16c9889e8a7958a1952a3 80e9c0e9cc3302acdd05ae1d681fd7409f2d0fa2 d981ff36062276b4bac5be5e60f43fcfb0fee102d746284501002daf89973777
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/140622299:1715171397:Ix3pvztqaSPAwqppFAT-jUGfxmzY5S5AsG6ZShVNLg0/880992fb5bea5687/870853117e2eef9 HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://wdrrx66ae.cc/invite/i=27020
Content-type: application/x-www-form-urlencoded
CF-Challenge: 870853117e2eef9
Content-Length: 3170
Origin: http://wdrrx66ae.cc
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=870853117e2eef9
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: zOlUfo+uRmXBpSV049XAFvSYN46doCvVpkwQuuGFtGPqttC1HJB8RURUxC/quMgg1MiodOefMTlSbx7eATFZow==$c0jR3faLxZgGfBf65T457Q==
cf-chl-out-s: B5mNJQSjMWuSCUakXJgKgA==$a/sw85mROEj+dwWCOB/Bgw==
set-cookie: cf_chl_rc_m=;Expires=Tue, 07 May 2024 12:50:21 GMT;SameSite=Strict
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKYwyAswt7HtxQ72QPzDhVneoF0eKJcx4libQAxgdYv12v8s%2F%2FBT2RYwcSgM2xTkfDflxZnfb6cZ0uaGEi39ZaRQoGZIxy4yliLYrKy8YRJNdKrvl0TI%2Fkll4jyytjY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880993351eac0b65-OSL
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/invite/i=27020 | 172.67.128.116 | 200 OK | 999 B |
URL User Request POST HTTP/1.1wdrrx66ae.cc/invite/i=27020 IP172.67.128.116:80
File typeHTML document, ASCII text, with very long lines (2702), with no line terminators Hasha269d1b9af62260b15a84498b9f09b5a ed59847831f68fbd0236848e7549a36bd9be0bca 9edf42ca5d82393ac76422535bd56eb75cca044659a9e15789179a4a3d485bbc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /invite/i=27020 HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://wdrrx66ae.cc/invite/i=27020?__cf_chl_tk=Eiqjy4hSQwQvceA7h6MfWDNl3Qb8qLG1iUuUu6DqpIo-1715172612-0.0.1.1-1493
Content-Type: application/x-www-form-urlencoded
Content-Length: 2790
Origin: http://wdrrx66ae.cc
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=870853117e2eef9
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_chl_3=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.wdrrx66ae.cc
cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg; Path=/; Expires=Thu, 08-May-25 12:50:21 GMT; Domain=.wdrrx66ae.cc; HttpOnly
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YC337pGugP31k0JsGs3LsCrDkOGh%2FfcRQSy4AgrFNkhX35GRhHA5rZGkzkqzpceYaN6GrLPWJQNzwDVB01peG3oFhA0KSR2scfAuUPADg%2FfQwpwiCQ6zVwkiZuX50JE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88099335ef350b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/css/app.54bab3a3.css | 172.67.128.116 | 200 OK | 2.5 kB |
URL GET HTTP/1.1wdrrx66ae.cc/css/app.54bab3a3.css IP172.67.128.116:80
Requested byhttp://wdrrx66ae.cc/invite/i=27020
File typeASCII text, with very long lines (14103), with no line terminators Hashfc9441353b8c0365a1909baf93c86c78 3a14d4a38166a7dba064a9bcc5abdc80fdb65b71 4ed5fd9cf7bfd8b3cd583862780f2d2795096a104064cd35190d3d13e1a8eb51
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/app.54bab3a3.css HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/invite/i=27020
Cookie: cf_chl_3=870853117e2eef9; cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:22 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 13:35:29 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4162
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AtmsW5%2F1Cg7KBDv0N6kr097vNWmx5oK%2B3sOMbZuTOBfDaP8uDVA4yd0rysYKiE%2B0fA83Gsd6gXAIxc0g%2BAmTXT2Jm0%2B7eYG88VyALpgvUJNcgGGb472zbnTc6arFm%2F8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880993377d051c0a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/css/chunk-vendors.c57533e1.css | 172.67.128.116 | 200 OK | 44 kB |
URL GET HTTP/1.1wdrrx66ae.cc/css/chunk-vendors.c57533e1.css IP172.67.128.116:80
Requested byhttp://wdrrx66ae.cc/invite/i=27020
File typeASCII text, with very long lines (65536), with no line terminators Hashebfffebc1f62c3be51082e6595a0a005 e278fbd6fd48150b3f366b50ed388983d934978c f5ce9e73e1f7cea326eedd4f39d9b2d703ba4ccb31a6078cdc1fb16481298a32
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/chunk-vendors.c57533e1.css HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/invite/i=27020
Cookie: cf_chl_3=870853117e2eef9; cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:22 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 13:35:32 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4162
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uHY5IQLg0kSjDbZikJNuusTnX5%2FjQRjYbmBIOkYsDZhtLuDus5eYuYt4OABl1o6fgUcYuHHmBvQ4PkMz0ptBuBRX8q%2BI6zxUnrrSZhvw1akHxeqjzjX8y3hTAM%2BOIQw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880993376be856a2-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/js/app.9ded72cd.js | 172.67.128.116 | 200 OK | 24 kB |
URL GET HTTP/1.1wdrrx66ae.cc/js/app.9ded72cd.js IP172.67.128.116:80
Requested byhttp://wdrrx66ae.cc/invite/i=27020
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hasha6aa6c6ba5be7e845a67afab73a5680f 57e8c4aa505021b4079cc03a19731c7b411e18bc d117eda17ab8435121f70b99c6095332001f39139a129c2dc1d2dc0ceba6f736
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/app.9ded72cd.js HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/invite/i=27020
Cookie: cf_chl_3=870853117e2eef9; cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:22 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 13:35:48 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vLzEwJzaEVExKL5%2FLO77nbd49%2B9%2BuvuqCVYD1RoNprdhnDyifAcpSiX1AqmVP5hfp3tWhyyJkSaIP2LTpP5lkeW20UIFQXizqdTp8pAdlJcLzTwwkAtEelMRvmmpAn8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880993376ebbb527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/js/chunk-vendors.ea790e22.js | 172.67.128.116 | 200 OK | 272 kB |
URL GET HTTP/1.1wdrrx66ae.cc/js/chunk-vendors.ea790e22.js IP172.67.128.116:80
Requested byhttp://wdrrx66ae.cc/invite/i=27020
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (51759) Size272 kB (272420 bytes) Hash4fee178f809d1b2a829099a8bb91c56c 178b6322fdc40c08fcbda0c096c668855ad49b51 c3580c9951b9554639c1404a246b3f27f818a99240c728f04cb964cd9e50b73d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.ea790e22.js HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/invite/i=27020
Cookie: cf_chl_3=870853117e2eef9; cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:22 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 13:36:00 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EWoG3QnlvBVExXtTGGYcKIKt1ymoSjYwqqd75XcdZQG0EbGDXXjNkoSN6fwC3WajsANJJS0nqgDSXDvH%2Fi9VhlJnGnJlQElvANsvnMxysDEXsiUTdAcYhPdU2O0pHM0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8809933768580b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/invite | 172.67.128.116 | 200 OK | 0 B |
IP172.67.128.116:80
Requested byhttp://wdrrx66ae.cc/invite/i=27020
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /invite HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 20
Origin: http://wdrrx66ae.cc
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/invite/i=27020
Cookie: cf_chl_3=870853117e2eef9; cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:23 GMT
Content-Length: 0
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j2268s0ou0BhgowyiGAwfQCJ%2FyU%2F6qg2HY2TwXIlFKMRaDfBBUGzmrl9QahPExl9x7fD6o23TTrx7x2y7pFm5nQvamDTaMeMIVRMg3Qa2q1VP7pXTF%2FuUk2YLcFQs8Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8809933d4d520b65-OSL
alt-svc: h2=":443"; ma=60
|
|
| wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket |  188.114.96.1 | | 7.2 kB |
URL wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket IP188.114.96.1:0
File typeHTML document, ASCII text, with very long lines (16380), with no line terminators Hashd27627f5fabbd2f3b352f5d91695b586 d925ce78b102db656712b6dd98371eefb8988ee3 9233ff5d730ab63b5eff0fc9478be75b341b71b03de60af1655404e1b4ab1e9e
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wdxpoe3w.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://wdrrx66ae.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tejSfDqvWpX+VTTzoBwxng==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: mqqQFcwAVbk1JRpTffarQtLSX0oD0kwdSlhZ9mpxAYzaTxTdcWQXWtqV4vlpzQIeJzjHuPn0+EmHV+NBNvOJSlNoNP1Z1kkWbkIvi2+XH3xrVG/EpPQGIC+FBffqCBZ8$vgVrR8gm4bdB3qeYV15vbw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wd05CxlTrOjiwe0RoDSFVKWrqpx8yXPqYGtk6Fo%2BD6oVxOAIzqOAWZ5Emt23%2F92QBh6R73FNA6Ahxf2mxmD8FjYwuygENiJDzC9VkJyXkX8MBd0LDBbcGAbg4C8lPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8809933eebd556ab-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1482418916:1715171329:wK1-eY5Sc804eAYoGowMlUM7oe8KvFE68Dxok369QUo/880993004a8156c3/2e13ff879396fce | 104.17.2.184 | | 21 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1482418916:1715171329:wK1-eY5Sc804eAYoGowMlUM7oe8KvFE68Dxok369QUo/880993004a8156c3/2e13ff879396fce IP104.17.2.184:0
File typeASCII text, with very long lines (22240), with no line terminators Hash8b1137c0a9ca7670c4032aa95108042a 6c5a146672a9092e5a587e6fda16d35356b53a63 6bcc0c420c1591cee61ba67ddcecd862f6796dfe3aa9be7c2d7f94cb4da40b2c
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1482418916:1715171329:wK1-eY5Sc804eAYoGowMlUM7oe8KvFE68Dxok369QUo/880993004a8156c3/2e13ff879396fce HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/74fnd/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 2e13ff879396fce
Content-Length: 28190
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 12:50:17 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: LMc2IIgtX1pyhsky0QLVOQ+yUBda/543WQMRWNJ+idYDjz3cuwodyXdUVVJpGd5Q$UcN+5jo/QodSrwdkyVl8NQ==
vary: accept-encoding
server: cloudflare
cf-ray: 8809931b0ed956c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wdrrx66ae.cc/getlog | 172.67.128.116 | 200 OK | 1.3 kB |
IP172.67.128.116:80
Requested byhttp://wdrrx66ae.cc/invite/i=27020
Hashbd1995e286a27133b34c6508f99af7be 46b4a8d4329440505e999778bc04871b9ca5a6cc 111c0ac18bfc4654e864f2ea8605a46df10443acf17f7cc78c6633e27bb4c5b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /getlog HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/enter/register
Cookie: cf_chl_3=870853117e2eef9; cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1sRuw7nihnJH7a1oOf1oUKugDnKQbr5ze3G3HobO6a6DLHyegC3w21QqvwkHf%2Fu0bmy5lwGLMQXgcDWDktDSBHU5DnnYE2qvvRD6UkmxiVpI8%2B0ZfrRd3nXB2WABPp0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8809933e7e340b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/img/icons/favicon.svg | 172.67.128.116 | 200 OK | 993 B |
URL GET HTTP/1.1wdrrx66ae.cc/img/icons/favicon.svg IP172.67.128.116:80
Requested byhttp://wdrrx66ae.cc/invite/i=27020
File typeHTML document, ASCII text, with very long lines (2702), with no line terminators Hasha269d1b9af62260b15a84498b9f09b5a ed59847831f68fbd0236848e7549a36bd9be0bca 9edf42ca5d82393ac76422535bd56eb75cca044659a9e15789179a4a3d485bbc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/icons/favicon.svg HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/invite/i=27020
Cookie: cf_chl_3=870853117e2eef9; cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4157
Last-Modified: Wed, 08 May 2024 11:41:06 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HcJWvJIRA76MurVwh9L%2FnTXXpm5JzGIODRKu0n%2BdW6oOVGB9Hi6NHYqngq%2BerepE6%2B2WObXMPvMAh9FEVxVs19CAaea7k5L%2F0SIPwawmhTUUqS8b4II6NyPMQCjq0zQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880993406df356a2-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| wdrrx66ae.cc/img/icons/apple-touch-icon-152x152.png | 172.67.128.116 | 200 OK | 4.0 kB |
URL GET HTTP/1.1wdrrx66ae.cc/img/icons/apple-touch-icon-152x152.png IP172.67.128.116:80
Requested byhttp://wdrrx66ae.cc/invite/i=27020
File typePNG image data, 152 x 152, 8-bit/color RGB, non-interlaced Hash1a034e64d80905128113e5272a5ab95e 92328e60f63d690f33cd4961b9934a539dc29b82 4d9685d610c4411caadd8d36ce94d3303cf5b05c8e04d67fc232c16a4469a135
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/icons/apple-touch-icon-152x152.png HTTP/1.1
Host: wdrrx66ae.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/invite/i=27020
Cookie: cf_chl_3=870853117e2eef9; cf_clearance=5Hte4Uze628qs.svszUO0sWJwkSug5cdMwxCoToP9Zs-1715172612-1.0.1.1-Tb.frSX02ptVk0__N3TqNrkS7yB3zTpo8pRqHard6vZyGDFqMuzPZkwAN.iooLov8.2qpXbK9MdmJq45mmsHPg; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:23 GMT
Content-Type: image/png
Content-Length: 4046
Connection: keep-alive
Last-Modified: Tue, 07 May 2024 13:35:38 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SM2thjyYQMZ%2Bq5huMqQMKTp3tnKHqouhoL3IY8d834YeXLYNtqtvf2fRMa7dzo457juQ8HZtlRnBUHxwj7xqAV92WDapWnrnDzhPnVtYUfJJHCZQQysDqKZuDvd2RI4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880993406fce0b65-OSL
alt-svc: h2=":443"; ma=60
|
|
| ocsp.sectigochina.com/ | 172.64.149.190 | | 472 B |
IP172.64.149.190:0
Hashad8eaf349d1a01f8c4b2934e2babc8c2 a826565e8f40887f1827bf884caf147b26d494e7 afdab61c0ed8f314ac55897252261f56b129dde1bd8eb2b2114e95033d8ebf0d
POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 12:50:24 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 05 May 2024 01:24:12 GMT
Expires: Sun, 12 May 2024 01:24:11 GMT
Etag: "a826565e8f40887f1827bf884caf147b26d494e7"
Cache-Control: max-age=304776,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 88099343be95b4fd-OSL
|
|
| b.yzcdn.cn/vant/icon-demo-1126.png |  154.85.69.54 | 200 OK | 8.9 kB |
URL GET HTTP/2b.yzcdn.cn/vant/icon-demo-1126.png IP154.85.69.54:443 ASN#139057 LEGEND DYNASTY PTE. LTD.
Requested byhttp://wdrrx66ae.cc/invite/i=27020 CertificateIssuersslTrus Subject*.yzcdn.cn Fingerprint6A:A8:BA:7C:D4:B4:86:0B:74:EB:E6:19:C8:69:2E:8B:13:6C:1E:1B ValidityThu, 09 Nov 2023 00:00:00 GMT - Mon, 09 Dec 2024 23:59:59 GMT
File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced Hashf87c46f346a5548224ccbe0b6bd75df5 8e8b8bd4ba3e6b6c8557d94a726061fdd62492fd b6304eb9b754d38d3ad74d0acce42c156536840351368ed3e4895a6b50cd9370
GET /vant/icon-demo-1126.png HTTP/1.1
Host: b.yzcdn.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 12:50:24 GMT
content-type: image/png
content-length: 8886
server: openresty
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=2592000
content-disposition: inline; filename="icon-demo-1126.png"; filename*=utf-8''icon-demo-1126.png
content-md5: +HxG80alVIIkzL4La9dd9Q==
content-transfer-encoding: binary
etag: "Fo6Li9S6PmtshVfZSnJgYf3WJJL9"
last-modified: Mon, 26 Nov 2018 11:08:05 GMT
x-reqid: YyIAAAASg9geDiAX
x-svr: IO
x-qiniu-zone: 0
x-log: X-Log
x-ser: BC5_dx-lt-yd-zhejiang-huzhou-3-cache-7, BC165_lt-obgp-fujian-xiamen-33-cache-1, BC132_IT-Lombardia-Milan-1-cache-1, BC46_DE-Frankfurt-Frankfurt-11-cache-4
x-cache: HIT from BC46_DE-Frankfurt-Frankfurt-11-cache-4(baishan)
X-Firefox-Spdy: h2
|
|
| wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket | 188.114.97.1 | | 7.5 kB |
URL wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket IP188.114.97.1:0
File typeHTML document, ASCII text, with very long lines (16760), with no line terminators Hash9f38daad55120db2fa4d65b2f3cb026d d9d8a8e87d2abcb65817783fdfb0aa6a1270dcb4 6a0f563424de67d2cf33d3f6f6893be638a96fa81fe535880ed59694d6e2c452
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wdxpoe3w.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://wdrrx66ae.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Xizr8ln5XemJZ3GG6TO4Vg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: RUIJdRa8IJvyTwFQBxAspbC3jxtVarS6lB9X+Nr982HGAAvkeup7omvAQVKmqEXj+e15EtyHU11K+oRqfAqcwbezSnBpyJWI44Fc6klNN2U=$NVM8nkJO/zHQyN0UT2gJ8A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ejOZ8p3oHssTUPl4b3iJ4lNh4keZL1SM1Zuoxv4usISCcwgeLg197zt%2FTyc%2BLQSoe69hAVhhYL%2BF67DPA3Q%2F6S0R5N5PxC2WbVRF2H5MMyCZxfowLjmW06cGPst8lw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88099348af6fb4f7-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket | 188.114.97.1 | | 7.1 kB |
URL wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket IP188.114.97.1:0
File typeHTML document, ASCII text, with very long lines (16313), with no line terminators Hash909c7a7ca0588d82eea8fc76895088f1 00e74075fcdeabdbafdbc31cde7e4bf653c179a6 b574ce5383f4385216aa69e5092e18afd1663b4b0a7f4abad7a91808cefac24d
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wdxpoe3w.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://wdrrx66ae.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vjsNx/MWMze1wWJKrqi2nQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: jfbnl7LDGwmsKoGUIR16wzaAl59MZr8HJzks98d9DDSN4I2Yot/5IIuPt4BWROKIJ8sz2ffxuub6+7x2uy2Pz7g3uXeQcYM3SAwjmTYwYK4=$LSBgIcy5AM1k6PxT0Fi2Mw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Eei3y38HUlIEj3yRy5%2FHyfwylb6Emq8KmXc%2Bq0C6C5CN6o3TjeMdP%2FjsaPWCU8B31lgoMTEnzqMMRV6%2BQpNkagbpujoAi7tNk1DHMvE79i5e2J%2FaYMzHykGerkQGg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88099352df91b50f-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket | 188.114.97.1 | | 7.4 kB |
URL wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket IP188.114.97.1:0
File typeHTML document, ASCII text, with very long lines (16557), with no line terminators Hash3c270225ee0407a12c0f09734b88bd94 38a9adc974bfebdfb9953c617fcf2662427325ad f2f053d70d0f43a20b555633983a515fe37ea5ae68c2336e5d6199264bb3f23b
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wdxpoe3w.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://wdrrx66ae.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gjlavZpdF9AVIZ83qRKV4A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: H8OOhTiXWPyyzzk/svpZIVNW3wVBGBiAlc8srTblLwFjOQ6AOJWofVxScSHNMrC7mc5uhtyz+XK83cZZBnoEeSmmjRJ1AbQVJPau6RHboiw=$6Jf7mTZ76ZYSn68pxE9cVw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e0Ai%2FS6if6S4ZbBkZYaCkB5nvIqgBY9o8O2a9H6PHe6vEYmmJRpOOslmPtcUvPVXHFE%2FSGxnsNo5c3Vaa%2BvzFhDgxzX4oUOn76TcLvSBHPWbyvSnPQRrjK8KCnUb9w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8809936d8af31c02-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket | 188.114.97.1 | 403 Forbidden | 0 B |
URL GET HTTP/1.1wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket IP188.114.97.1:443
Requested byhttp://wdrrx66ae.cc/invite/i=27020 CertificateIssuerGoogle Trust Services LLC Subjectwdxpoe3w.cc Fingerprint82:78:19:37:25:01:0B:57:80:60:A3:5B:BD:C6:5F:E4:E7:21:3D:A6 ValidityMon, 06 May 2024 02:54:16 GMT - Sun, 04 Aug 2024 02:54:15 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wdxpoe3w.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://wdrrx66ae.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vjsNx/MWMze1wWJKrqi2nQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: jfbnl7LDGwmsKoGUIR16wzaAl59MZr8HJzks98d9DDSN4I2Yot/5IIuPt4BWROKIJ8sz2ffxuub6+7x2uy2Pz7g3uXeQcYM3SAwjmTYwYK4=$LSBgIcy5AM1k6PxT0Fi2Mw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Eei3y38HUlIEj3yRy5%2FHyfwylb6Emq8KmXc%2Bq0C6C5CN6o3TjeMdP%2FjsaPWCU8B31lgoMTEnzqMMRV6%2BQpNkagbpujoAi7tNk1DHMvE79i5e2J%2FaYMzHykGerkQGg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88099352df91b50f-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.discordapp.com/attachments/1234839321542922301/1234839346256023683/nudgb.mp4?ex=66323142&is=6630dfc2&hm=b94e02a2c2a0ff8411eb106e435726fa3e1b127dace68033126e12bf1c157616& | 162.159.130.233 | 404 Not Found | 0 B |
URL GET HTTP/2cdn.discordapp.com/attachments/1234839321542922301/1234839346256023683/nudgb.mp4?ex=66323142&is=6630dfc2&hm=b94e02a2c2a0ff8411eb106e435726fa3e1b127dace68033126e12bf1c157616& IP162.159.130.233:443
Requested byhttp://wdrrx66ae.cc/invite/i=27020 CertificateIssuerCloudflare, Inc. Subjectdiscordapp.com Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39 ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /attachments/1234839321542922301/1234839346256023683/nudgb.mp4?ex=66323142&is=6630dfc2&hm=b94e02a2c2a0ff8411eb106e435726fa3e1b127dace68033126e12bf1c157616& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://wdrrx66ae.cc/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Wed, 08 May 2024 12:50:23 GMT
content-type: text/plain;charset=UTF-8
content-length: 36
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QEqMiJjSDizJbHGY%2FkcR2hdooFzD0AN0B%2BzpUMZSGxPeECNQErPVwHc81TTy1oltoe2kdbHBpLApeC5s7%2FPZDAcSSTGk%2FSIbroUvLL7VXXclFnTiNyio%2B1iwM%2FVp42zeDNVssQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cf_bm=NLNG3v9PR8JwUJ0EBAYr.x3T_JpupogV0VGgMJGAzXc-1715172623-1.0.1.1-fIWYCX8bu5yZwt7B.zW7pw8EeV5wDDsg1Hcmc3y9Y_TxkNP9eCwlqfMiYAtNgcob9BK9s.Ut7mIYdxbFj1Ncew; path=/; expires=Wed, 08-May-24 13:20:23 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=mClJbhJl4H3wCixPgFQhGGUWIFXXIVQAAARPpuUuMZ4-1715172623228-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8809933f18edb527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket | 188.114.97.1 | 403 Forbidden | 0 B |
URL GET HTTP/1.1wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket IP188.114.97.1:443
Requested byhttp://wdrrx66ae.cc/invite/i=27020 CertificateIssuerGoogle Trust Services LLC Subjectwdxpoe3w.cc Fingerprint82:78:19:37:25:01:0B:57:80:60:A3:5B:BD:C6:5F:E4:E7:21:3D:A6 ValidityMon, 06 May 2024 02:54:16 GMT - Sun, 04 Aug 2024 02:54:15 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wdxpoe3w.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://wdrrx66ae.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gjlavZpdF9AVIZ83qRKV4A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: H8OOhTiXWPyyzzk/svpZIVNW3wVBGBiAlc8srTblLwFjOQ6AOJWofVxScSHNMrC7mc5uhtyz+XK83cZZBnoEeSmmjRJ1AbQVJPau6RHboiw=$6Jf7mTZ76ZYSn68pxE9cVw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e0Ai%2FS6if6S4ZbBkZYaCkB5nvIqgBY9o8O2a9H6PHe6vEYmmJRpOOslmPtcUvPVXHFE%2FSGxnsNo5c3Vaa%2BvzFhDgxzX4oUOn76TcLvSBHPWbyvSnPQRrjK8KCnUb9w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8809936d8af31c02-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket | 188.114.96.1 | 403 Forbidden | 0 B |
URL GET HTTP/1.1wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket IP188.114.96.1:443
Requested byhttp://wdrrx66ae.cc/invite/i=27020 CertificateIssuerGoogle Trust Services LLC Subjectwdxpoe3w.cc Fingerprint82:78:19:37:25:01:0B:57:80:60:A3:5B:BD:C6:5F:E4:E7:21:3D:A6 ValidityMon, 06 May 2024 02:54:16 GMT - Sun, 04 Aug 2024 02:54:15 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wdxpoe3w.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://wdrrx66ae.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tejSfDqvWpX+VTTzoBwxng==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: mqqQFcwAVbk1JRpTffarQtLSX0oD0kwdSlhZ9mpxAYzaTxTdcWQXWtqV4vlpzQIeJzjHuPn0+EmHV+NBNvOJSlNoNP1Z1kkWbkIvi2+XH3xrVG/EpPQGIC+FBffqCBZ8$vgVrR8gm4bdB3qeYV15vbw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wd05CxlTrOjiwe0RoDSFVKWrqpx8yXPqYGtk6Fo%2BD6oVxOAIzqOAWZ5Emt23%2F92QBh6R73FNA6Ahxf2mxmD8FjYwuygENiJDzC9VkJyXkX8MBd0LDBbcGAbg4C8lPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8809933eebd556ab-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket | 188.114.97.1 | 403 Forbidden | 0 B |
URL GET HTTP/1.1wdxpoe3w.cc/socket.io/?EIO=3&transport=websocket IP188.114.97.1:443
Requested byhttp://wdrrx66ae.cc/invite/i=27020 CertificateIssuerGoogle Trust Services LLC Subjectwdxpoe3w.cc Fingerprint82:78:19:37:25:01:0B:57:80:60:A3:5B:BD:C6:5F:E4:E7:21:3D:A6 ValidityMon, 06 May 2024 02:54:16 GMT - Sun, 04 Aug 2024 02:54:15 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wdxpoe3w.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://wdrrx66ae.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Xizr8ln5XemJZ3GG6TO4Vg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 12:50:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: RUIJdRa8IJvyTwFQBxAspbC3jxtVarS6lB9X+Nr982HGAAvkeup7omvAQVKmqEXj+e15EtyHU11K+oRqfAqcwbezSnBpyJWI44Fc6klNN2U=$NVM8nkJO/zHQyN0UT2gJ8A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ejOZ8p3oHssTUPl4b3iJ4lNh4keZL1SM1Zuoxv4usISCcwgeLg197zt%2FTyc%2BLQSoe69hAVhhYL%2BF67DPA3Q%2F6S0R5N5PxC2WbVRF2H5MMyCZxfowLjmW06cGPst8lw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88099348af6fb4f7-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400
|
|