Report - surl.li/lmljj

Report Overview

Submitted URL
surl.li/lmljj
IP
104.26.4.19
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 01:43:40
Access
public
Website Title
Surli redirect page
Final URL
surl.li/lmljj
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
surl.li	unknown	unknown	2014-02-25	2024-04-18	16 kB	1.0 MB	172.67.69.76
web-screen.com	unknown	2022-08-29	2022-09-03	2024-03-21	871 B	19 kB	104.21.20.132
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	465 B	863 B	142.250.74.132
t3.gstatic.com	unknown	2008-02-11	2013-05-06	2024-05-02	523 B	1.0 kB	142.250.74.100
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-02	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed
2024-05-04	medium	surl.li	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	surl.li/lmljj	656 B	2023-03-07	2024-05-08
Pretty URL surl.li/lmljj IP 172.67.69.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:17:17 Last Seen2024-05-08 21:48:44 Times Seen50 Hash df778921590215698107aace10c02c87 dc29195d36827035014f1178d13a0ca82362ab88 5fc4c8108d3bc539cae87bdc5638e21a2bdc5d3b249c4bb5919166d3fd1c9e7b Loading...

	surl.li/js/preview.js	90 kB	2024-02-02	2024-05-08
Pretty URL surl.li/js/preview.js IP 172.67.69.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-02 16:05:11 Last Seen2024-05-08 21:48:44 Times Seen24 Hash d6cc50ebd8325127ffa10f492624d26c 6ad43cb17ca53d08d360e0bcfe9e909f694f2c86 9d6dfd360ccbae2e81dc8f69b9c561e99e7034b0417b2a0bcbc85c2ff629ab6d Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-05-18
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-18 06:51:39 Times Seen21482 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	surl.li/sandbox%20eval%20code	147 B	2023-04-11	2024-05-18
Pretty URL surl.li/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-18 06:58:09 Times Seen350166 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-18
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-18 06:58:09 Times Seen349655 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	surl.li/sandbox%20eval%20code	128 B	2023-05-06	2024-05-18
Pretty URL surl.li/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-18 06:51:39 Times Seen21625 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	surl.li/js/app.js	191 kB	2024-01-30	2024-05-08
Pretty URL surl.li/js/app.js IP 172.67.69.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-30 09:31:09 Last Seen2024-05-08 21:48:44 Times Seen19 Hash 3b7dcb881b63a2390982ba3bb199029d 3faa66779e78dd9ccf65e3a725e17dd49e40475c cf2029cd54d2545c7d89a4f818bbf38ff19936018dfc6ad48236fa9f60dd333a Loading...

HTTP Transactions (19)

URL IP Response Size

surl.li/img/pc-rouded-icon.svg

172.67.69.76

200 OK

15 kB

URL GET HTTP/2
surl.li/img/pc-rouded-icon.svg
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
15 kB (14985 bytes)
Hash
7005e41f692583c19abac0a7fd5b7c5f
bda49cd99401420d490a32f2f547e4ddd43b7300
2f9e711abfb70ec1515ded7f4c18c9208b1325f53b551698b90fa4664542ceed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pc-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-4f3e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3277
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p6SP1%2BVXt0FALZgDunsgEZhFiL7wfBh22a11pRB4nP9gqqwFw7GcwAd%2BCrFoxnRCsyTT%2Fa2s3eoWLxrdkeXoXbxw6%2Br%2BHtk77Ad3fdu041RPgpYhealp%2B84%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc85db97568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/surli-logo.svg

172.67.69.76

200 OK

30 kB

URL GET HTTP/2
surl.li/img/surli-logo.svg
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
30 kB (30151 bytes)
Hash
482601fd25a8410e0868ce1e178cbaea
79a25cfa623613a31fc7d3813cfa9a223b54b2a8
f389fb51afbd8077d4e8e260bf820115f7111c246e02cc4aab081c5317c56db6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/surli-logo.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-233d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3277
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6851q5q10G1D7P2zqTv0WpCar2vj3UjlwOyV19dzO9QdHIgIMIvwjBjK4ZVoYew%2Fhq3uDbeH83HuXiQ75LEkP1qFSQJq5Dpv60nYOboZmRXgZ85WNnoTSjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc85cb95568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

web-screen.com/img/plug.jpg

104.21.20.132

200 OK

14 kB

URL GET HTTP/2
web-screen.com/img/plug.jpg
IP
104.21.20.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 1280 x 720, 8-bit/color RGB, non-interlaced
Size
14 kB (13510 bytes)
Hash
6448aca5739995f3b9c1b3c5e50ce7a0
f50fa07327f55f864a42698fd8fa86270f35da9b
856f999ea580bfa2f03ce5872b848246a66492f17675693e2f429938250d231a

HTTP Headers

GET /img/plug.jpg HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: image/jpeg
content-length: 13510
last-modified: Mon, 29 Aug 2022 13:27:44 GMT
etag: "630cbed0-34c6"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PcHhaJTKLge%2FJm%2B6Noyrdb0vcGlr8Oj4sECbk6APfAMiHxV0ncs33nRqTdQuRPMV4fnGmYhS3Z%2FvdSUuiEx3hElPeaYvyF%2Fj7OmYxYB8lZjvl96%2F7BENMSb5iYICOgs8Mw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc86bf84b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

surl.li/css/app.css

172.67.69.76

200 OK

167 kB

URL GET HTTP/2
surl.li/css/app.css
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
167 kB (166864 bytes)
Hash
35d7f9d315121fd599e1846b3f885fca
3bf5b710c6dd300b25ef7943490e716cae8e38a7
c20eff650c669edbdae775787c8c9fa6acf6e7f640bc3ff7fd6582c4cbf6fe75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.css HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: text/css
last-modified: Tue, 30 Apr 2024 07:35:00 GMT
etag: W/"66309f24-27979"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3277
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PHKPCvm5Um2s1WRYMHaKMKsXdK5oHR25ipU9uhvD7wZFBxu64usFBegUkHXne6VtonvfRvoBdjsRRX0cZKI%2BG2aqlrRqt2NdnjJojmP4%2FIszwDAJq0kHCmg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc85cb8f568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/fonts/rubik/Rubik-Medium.ttf

172.67.69.76

200 OK

116 kB

URL GET HTTP/2
surl.li/fonts/rubik/Rubik-Medium.ttf
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409
Size
116 kB (116056 bytes)
Hash
4dd3023b03ba2b68d4b9da9176b7285a
d734c149587c12d9083c03bc90009c84b52aec78
ce40d27c6c90b990229510c46115ec852237276e1aa09cdebffc6ae085b1d1e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/rubik/Rubik-Medium.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: application/octet-stream
content-length: 116056
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-1c558"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AOjHn8ktKSBYLfQpmVl851yCO54BbNLGGRRABQMn7dKHt9JofQaFjV9Zupfvyp6P6LKdzh343TXyWjERi6vFlOhYqQ1%2FcgxeRkVGcAwdMD5fj9kIsNdekf4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc866bc7568e-OSL
X-Firefox-Spdy: h2

surl.li/img/planet-rouded-icon.svg

172.67.69.76

200 OK

132 kB

URL GET HTTP/2
surl.li/img/planet-rouded-icon.svg
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
132 kB (132202 bytes)
Hash
7a6de872239474d5c24060e4d6b89bae
9c921e59d96e37770aad1045ba2900e233d5b657
6c847af4400d327ad6a64ae87c50f6990011348f1cbbe293de44b7bc283eb379

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/planet-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-1574"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3277
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f1lWvZvMMWlfHzxrSqTiVRhsN8kQsEjZVXgFUJTdpSmue4JLf1VFbM%2FcIVitPx9IQSiysIbeX7H3RD4EsC3%2Fqj50s5X86PJIB33iVad5TKb0C1FM2azBBQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc85db9c568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

web-screen.com/storage/screenshots/2024/05/a6029b92-aadd-4266-9497-7797ba74dc00.png

104.21.20.132

200 OK

4.3 kB

URL GET HTTP/3
web-screen.com/storage/screenshots/2024/05/a6029b92-aadd-4266-9497-7797ba74dc00.png
IP
104.21.20.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced
Size
4.3 kB (4299 bytes)
Hash
efd5cb5b22a365f63513dcb27a6417e8
26b0f6e5eb3fd68c5b554f353590899dcdcc1626
1cfd620057709d4c00b28fd86e8b4b7dd9ef4d2a6ec10440ba3718887378275b

HTTP Headers

GET /storage/screenshots/2024/05/a6029b92-aadd-4266-9497-7797ba74dc00.png HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: image/png
content-length: 4299
last-modified: Sat, 04 May 2024 01:43:08 GMT
etag: "663592ac-10cb"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LNdWaudUaPPldCOk0qBepDJD9itlkAXfESWcAmAtKqVKc%2B2gTuccQ2wx2vvdkJMHZM4NTlDWd5sk7DfEjjX3A%2FunDfJ9CSak%2Bgncl1Qe6rfwpA5d2FMZWYl7qF9l%2FefFrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc8a1ce8568e-OSL
alt-svc: h3=":443"; ma=86400

www.google.com/s2/favicons?domain=https://facebook.com-survey@shrtco.de/IMhns6

142.250.74.132

301 Moved Permanently

357 B

URL GET HTTP/2
www.google.com/s2/favicons?domain=https://facebook.com-survey@shrtco.de/IMhns6
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
357 B (357 bytes)
Hash
b97286b662b633f10aabde35eb7e29b0
d110b88217696097a87f8212a77d17d203e47230
b40a4d9466d7a08de0c736525ea78f47ca9e19f0d94cb509ada8e4801f1b7b50

HTTP Headers

GET /s2/favicons?domain=https://facebook.com-survey@shrtco.de/IMhns6 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://facebook.com-survey@shrtco.de/IMhns6&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 04 May 2024 01:43:16 GMT
expires: Sat, 04 May 2024 02:13:16 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 357
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

surl.li/img/favicon.ico

172.67.69.76

200 OK

4.1 kB

URL GET HTTP/2
surl.li/img/favicon.ico
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
4.1 kB (4095 bytes)
Hash
ec9741289f19f212fd2ffb2dda1df05c
9b97a75a795b848f086f75db50903dd15954a573
13c9447a56e92641eff376880ff848e6e8e25719f721421f9b276a9b152753d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6IjBnU0swYVE2SERzMGVrbVBjVWJWU1E9PSIsInZhbHVlIjoiSnNqMXgxMHo5TmZuL3VVL1lPMmczUC9yQndxd1lJUml3RDNod1BFbVhGSjVJZ01YQjBaZUhtTGdtdGN6WWQ3dlV0TURnTUZYMHRYUyt1K3ZoVW41Z0R1OWFPNi9GTVJXOHJlRWhvbWZDNlVzTlF2ZFhEOVA4S0VSbUJMbnVNZlEiLCJtYWMiOiIwZDk2MjE3ZWZhN2RkYjUyYTEyYzA0MmM0Yjg2OGVhYWI5NTQxNTNmYTdiYmUxNGNhOWE4MDA1OGE0MGVlYmYzIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IjhkdmNaM3JRc3pxcmgrVldMN1RhUWc9PSIsInZhbHVlIjoiRHZEZnFmWUxGRERqT1crVytMVFBhdEhhOVJwVFNqMHdodVNRa0hodURMMjhiNzhaTDdlck1mNU9QY3IrOW5uZ1RhdTZ6T2pXU2xFYzJMRk1TcnkxUGU4NmVoZEJOaE11ck5DcEZuWjhnUm1UTjhHcFduMENDR2x0OVZPc2JTN1ciLCJtYWMiOiI5ZGM5MjhmNjU2OGMxOTlmN2U3ZGZkNWQwYjFjYTc0N2ZiYTUzZDNhNDBkMTFlOGI0ZjkzYTdlMWM5NjkxYTlkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: image/x-icon
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-3aee"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RE2eVZMHzt%2B9US0FStLXmsqfdIGc19PMkp00iOEN58xYkefUBKD4qn8%2FTD53jFnLiVUaxGpb2SCOpHv1PFazKGuq3dEG58cWS9ltz18PZv8pEnU5tAykP3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc89fce1568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://facebook.com-survey@shrtco.de/IMhns6&size=16

142.250.74.100

404 Not Found

726 B

URL GET HTTP/2
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://facebook.com-survey@shrtco.de/IMhns6&size=16
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://facebook.com-survey@shrtco.de/IMhns6&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surl.li/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Sat, 04 May 2024 01:43:17 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

surl.li/lmljj

172.67.69.76

200 OK

14 kB

URL User Request GET HTTP/2
surl.li/lmljj
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
14 kB (13494 bytes)
Hash
f9ad0f2e553628351f75e217cb21609e
03438d2aba11ecc0babfef46d28c0ba74f7fa842
af6796830b5719ac49d0aeea88bd55b774912ea91f40ebcc0386708ad1cd2b9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lmljj HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:15 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; expires=Sat, 04 May 2024 03:43:15 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D; expires=Sat, 04 May 2024 03:43:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iali83QmVTYc9mFLG9s7Oa%2FfBTEG9ZMBaL%2FwkXFOLr0b7x6quqQ8KJfqyWc0FzCv127AxESMeJv8kgC27A5GeplQEV3t2F2lVvv5Oo6kVKcpq6M6bOtXP84%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4cc807856568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=j6QrdFIhxGCqQIrJa-_ALE3mo3ZhPl-xHPq208jeouxw7Vx2t5NRVV_bTbqycnP-5KjFAwG7s1XPlMkLFig-KiHDTOjgpNFDxA_B9oJh8L9h17Zbp2cknBcgl63G5N15
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Sat, 04 May 2024 01:41:55 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 99
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

surl.li/img/gears-rouded-icon.svg

172.67.69.76

200 OK

3.6 kB

URL GET HTTP/2
surl.li/img/gears-rouded-icon.svg
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
3.6 kB (3615 bytes)
Hash
885433deecd92aadc9f592c46910e45e
99d2add61faead1d839e483908ffef51ad3841b6
310d329ed1bf4b78504ec8186a7dd107440303f4abee0335c729ebc7d77a2649

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gears-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-e1f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3277
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ToNjVBlkcDYqlL2GsB0CAcAs077VVXa6puQPUoLv3bVbf8RQFXPd%2Fth2KRgOzE8b9%2B%2FhoiTeHED0pKZIUvW1KdNrJfpec769w7VJuk8U107H3mi%2F19ujhRw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc85db99568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/js/preview.js

172.67.69.76

200 OK

90 kB

URL GET HTTP/2
surl.li/js/preview.js
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type

Size
90 kB (90357 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/preview.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-160f5"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3277
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dCwptmt%2Fc4UlM%2FWRiPrz16V8%2FfuU41AEZIOkBWszP2EgRZxAdzAvUxiApwcdy6S00b6kWX%2FF2zvBa3BleL9Aazy115Glt411fr7nWfGrM8y5yuRLXRvUzyk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc85dba0568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/getPreview

172.67.69.76

200 OK

100 B

URL POST HTTP/2
surl.li/getPreview
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
100 B (100 bytes)
Hash
08b05f1e3fbae2ace0a5c32fffcf27c4
7ab295eacfa8bd1167ef9249ba895a1ab2633ffa
a241bf563657fad31d79fea940af972cd1f640e194b7dad945bde4c64e9f540e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /getPreview HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: lbVlVP3qbi9ilbg7PqFPjLhnSNTpREVduDwFe2WJ
X-Requested-With: XMLHttpRequest
Content-Length: 58
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ik96ZGRseGwwRkgzWDFoT2FRa2J5TGc9PSIsInZhbHVlIjoiamYwbDRkTTEwejZmZm1VcGQ5OEZ4Vk1yK21BUTdNamVvR1NROWpnSXdiZUtKWUFYR1FPcVNMenEwaFU1bFRsbDFONTkvc2VpZlB5NE8xSHVRenJmUVE5WWF5UCtUY0p0M2pRS3FHM3VvTysrU24xcnV5U25HeGVRcWNLNnpYNmIiLCJtYWMiOiJlNGRhYjE1YjU2M2IyNjJlZjc2NmI4ZmMzMTUyMDQ4M2VjNDVkMmYyOWNiM2VkMjliZWFhN2FlNWY2NjZjZjU0IiwidGFnIjoiIn0%3D; expires=Sat, 04 May 2024 03:43:16 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IkxZYjJBL3pROVBnRVBWRkl2SHJBbkE9PSIsInZhbHVlIjoiYWJrYXByZlpqZUM3WFhIY2h3Sk5zMHgxTWREMW8xMjhFMHArNEFaQW5qSUFDZWxScGc1bHcyU3JaODRKWlA2SjBRcWFIbmJiYW9aUWFLdjR3Rk5ndzhXNWJjWUo0SWNYdjFSQmtScjNvWDlDYzIzVCtuOUVHV2JCdEIwUzVCRkkiLCJtYWMiOiI3OTFkZmQ1Mzg1MWYyZjY5ODVhMDQwOWUyMjI1YzdkZWM1MjkyZjM1N2I4Njk5Y2VkNWJlN2Q3YWI4YmQ5Njc5IiwidGFnIjoiIn0%3D; expires=Sat, 04 May 2024 03:43:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYCbMQV9wnKpSKCelBCUMQgrL9wFHN3vvhQspP4f67oDsIpzA4Ez4X4XhH7l%2FJj0oPnreQD22N6ao%2BRGXU2knYaWofcmEK1fkEpP6z3XvhzottKX7zfsRU8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4cc874c01568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/getMetaInfo

172.67.69.76

200 OK

22 B

URL POST HTTP/2
surl.li/getMetaInfo
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
1575fabf35d8220d0591bf8f3f174746
026ac3e98f003e9e8fe1611371bf661d283f74bf
49ae85f64d254140d72ab6e98d1dc4db3e064ee84e68ef1e5e05a6ee2cf1f7d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /getMetaInfo HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: lbVlVP3qbi9ilbg7PqFPjLhnSNTpREVduDwFe2WJ
X-Requested-With: XMLHttpRequest
Content-Length: 58
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjBnU0swYVE2SERzMGVrbVBjVWJWU1E9PSIsInZhbHVlIjoiSnNqMXgxMHo5TmZuL3VVL1lPMmczUC9yQndxd1lJUml3RDNod1BFbVhGSjVJZ01YQjBaZUhtTGdtdGN6WWQ3dlV0TURnTUZYMHRYUyt1K3ZoVW41Z0R1OWFPNi9GTVJXOHJlRWhvbWZDNlVzTlF2ZFhEOVA4S0VSbUJMbnVNZlEiLCJtYWMiOiIwZDk2MjE3ZWZhN2RkYjUyYTEyYzA0MmM0Yjg2OGVhYWI5NTQxNTNmYTdiYmUxNGNhOWE4MDA1OGE0MGVlYmYzIiwidGFnIjoiIn0%3D; expires=Sat, 04 May 2024 03:43:16 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IjhkdmNaM3JRc3pxcmgrVldMN1RhUWc9PSIsInZhbHVlIjoiRHZEZnFmWUxGRERqT1crVytMVFBhdEhhOVJwVFNqMHdodVNRa0hodURMMjhiNzhaTDdlck1mNU9QY3IrOW5uZ1RhdTZ6T2pXU2xFYzJMRk1TcnkxUGU4NmVoZEJOaE11ck5DcEZuWjhnUm1UTjhHcFduMENDR2x0OVZPc2JTN1ciLCJtYWMiOiI5ZGM5MjhmNjU2OGMxOTlmN2U3ZGZkNWQwYjFjYTc0N2ZiYTUzZDNhNDBkMTFlOGI0ZjkzYTdlMWM5NjkxYTlkIiwidGFnIjoiIn0%3D; expires=Sat, 04 May 2024 03:43:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OiYwUONhB8B7DXfjj1GHEdds0LS9dsJ5ltXe9JfgOuFlEqX48SaeT5rk2zoj0v8SMQiKTHL5oGmjGzMERH47TTFqcdbfolTwSIvMpEqKeUpaP2Y71cdoRLA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e4cc874c03568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea

172.67.69.76

200 OK

139 kB

URL GET HTTP/2
surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2016 The Nunito Sans Project Authors (https://github.com/Fonthausen/NunitoSans)Nunito
Size
139 kB (139168 bytes)
Hash
4dac705158fb1ca226d583b3829f82a0
771b9299e1d5d4239c032c7d4243a6f9343f89c4
7acb3e456d98d55be401bb07a32c9cb04e074de37bd58932b11bcf0fe9f59ab0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: application/octet-stream
content-length: 139168
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-21fa0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WbRfOHqlNCXosu7LiQtkP197SdYqC5EeO89ABCadI97VRNK7UmebxFJ8%2Bk36%2BFP%2BUNT%2Fy56hCYlyHUYoVPyiCuir59BUPfveksAFxMv8JxF%2FyfDAACP3R1w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc865bc1568e-OSL
X-Firefox-Spdy: h2

surl.li/fonts/roboto/Roboto-Regular.ttf

172.67.69.76

200 OK

130 kB

URL GET HTTP/2
surl.li/fonts/roboto/Roboto-Regular.ttf
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularhtt
Size
130 kB (129584 bytes)
Hash
afe8eacfc0903cc0612dc696881f0480
ba879317acdc045b8fa78cb8f948650627d0477c
7277cfb805def6410f317129b8e1f78bdd47d1a4e24c233077d06e88a36e57ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/roboto/Roboto-Regular.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: application/octet-stream
content-length: 129584
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-1fa30"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BSU8UtoGDgAB4Xyk%2FNVScNBL4zFakY5Lf60%2BQOJ66h580H5kMqsJvxIylCf0Hm7evnupugIcS3mpfgQEEbmWb8o8vsKdOcWACrM3NLhxEOziKnbPhmhGNeM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc865bc3568e-OSL
X-Firefox-Spdy: h2

surl.li/js/app.js

172.67.69.76

200 OK

191 kB

URL GET HTTP/2
surl.li/js/app.js
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/lmljj
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type

Size
191 kB (190893 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/lmljj
Cookie: XSRF-TOKEN=eyJpdiI6ImY4YkhBVzRNZHBwZXRpaGw3b3VxUWc9PSIsInZhbHVlIjoiOXZ5OVBhMkE2UVFKRXJ5UUppT080YW1zYUJYaXI2Yml6ZWM0WUIwRWJ1NWRuWUIwQ2lMWDRFT3Yycms3ZGpMVmIxK2JnSktoQWJxWkxlaWYxaWhpMWNWMmpVdzhwZHFWVzFjTElqSllCeDcxdWJpZno0d3pBMDFQMTY1TGhZM0kiLCJtYWMiOiJkMWUyMjc0NTcxMGU5NjM5Yzk2NTE3YTM0MDEwMzk5NWI2OGU2MjE5Y2JlMmRkYjc2MTQxZWQxYzZlODI3ZTZmIiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6Im1LMWZpbE1yQTdqUnpuOGdyVGMzTlE9PSIsInZhbHVlIjoiU2pWT25FMnlVNzRWMGFvbG5DMDdWNU5ES1A5OFlmOSt2L3BlcDZxZUNTZDc2ZStkeTRkajdqM2ZGMFZvMFpLSE5CUzhGUG9tYklOTVV2SVlCeU8vaVNyemxERlRsU1ZxVys5TDJGTGo4RllOcERKdVpTOE0vT2QvNnh2cjBuMkgiLCJtYWMiOiJiN2E4ZmVhYTczYzU3YWYwOTBhNDU0MTlmNzg0ZGYzZmIxNjA1MmUxODBjOWYzMWQwMDczYjg3MjdjNWE0ODgyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 01:43:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-2e9ad"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3277
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Rsjaxm04ZRQCRZqyt8HZfOoWrKfQo3D6VVT7CKcqocpbq4u99F5DyHLVEbjW7h9fBw1KDsIpdzCh64axoaTKNgNYzKCuZlfWeRaIFd5Hdq90I1Z4VEU2HA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4cc85db9f568e-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL GET HTTP/2

IP

ASN

Requested by