Report - staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1

Report Overview

Submitted URL
staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
IP
104.21.1.235
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-09 18:41:22
Access
public
Website Title
Click to continue watching
Final URL
staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-09	914 B	1.5 kB	139.45.195.8
staixourtee.com	unknown	unknown	No data	No data	5.3 kB	58 kB	172.67.152.147
jouteetu.net	260109	2021-07-08	2021-07-15	2024-05-08	1.3 kB	1.9 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-08	495 B	644 B	139.45.197.250
static.staixourtee.com	unknown	unknown	No data	No data	546 B	7.8 kB	172.67.152.147
littlecdn.com	11785	2019-06-04	2019-06-04	2024-05-08	474 B	2.9 kB	104.22.24.116

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	staixourtee.com	Sinkholed
2024-05-09	medium	staixourtee.com	Sinkholed
2024-05-09	medium	staixourtee.com	Sinkholed
2024-05-09	medium	amunfezanttor.com	Sinkholed
2024-05-09	medium	staixourtee.com	Sinkholed
2024-05-09	medium	staixourtee.com	Sinkholed
2024-05-09	medium	staixourtee.com	Sinkholed
2024-05-09	medium	staixourtee.com	Sinkholed
2024-05-09	medium	staixourtee.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	86 B	2024-05-09	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 20:41:28 Last Seen2024-05-09 20:41:28 Times Seen1 Hash 944053d3572bfa05dbd913e300caf354 1be1fdf1b3a271fe67c4011c6aa640754248bf44 b2e4fd7dd88b6e208f7a9985286a37fd8d908c327d24ad5ed2f6668cd67ad286 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	390 B	2024-01-23	2024-05-20
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-23 11:20:02 Last Seen2024-05-20 12:17:48 Times Seen2308 Hash 5247fca34d34a05ed1f8838aeba83b47 564b1f3eacda75db2aa6b35b218bedb8a0388cd2 6c3667edbc99573fa96be6a762d2d1a3cbf7269e3f40031b03f3766a5f6cd8ba Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	548 B	2024-04-18	2024-05-20
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 22:14:33 Last Seen2024-05-20 12:17:48 Times Seen289 Hash 6c1a77038dcd135252bab3b9e3303813 a41463947ff0faeba9b74957b1e660d5c48bea1b bcdb63ed672335accac8933777b08db48dceae4645aeb9c4d4d81d429a27787f Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	1.0 kB	2023-09-15	2024-05-20
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-15 06:48:32 Last Seen2024-05-20 12:17:48 Times Seen5414 Hash 1e000d88343060c761e3d7ae644a8732 98f67005a3b038378596137e93681310c394d980 cea17ebf90b967d519365b4f2c3a89f73e6b70003e81841d6b8696df4304210e Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	2.9 kB	2024-04-01	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-01 01:54:57 Last Seen2024-05-09 20:41:28 Times Seen2 Hash e7c541329af5fbcc737864c1fa5d4971 bdc16d7eceafdd6cfe6a5c89c910f186ddffdbe8 5e031f91cc064f267285cd99927b29ca0293a727c2806b7af7057c2f765ed946 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	321 B	2024-03-16	2024-05-20
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:53:06 Last Seen2024-05-20 11:32:51 Times Seen228 Hash 7871eb351b7621935fa9c7235ea23fec dc9e9141d124263e37f8f36a2a9a3a04fe48e34a 35a2fe87f3d74d7791097c7670e83fbd42c90b97cc393527309235d358809683 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	97 B	2024-03-16	2024-05-20
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-16 20:53:06 Last Seen2024-05-20 11:32:51 Times Seen228 Hash 77b5a2581e051e76ee3c38a50a873548 029ab99e3748ace3d701b0d8e22f2eca860ff701 6cdef993f9cba362e089f1dc186ebd08a995de0fdb582440ba0d892f34325c48 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	2.0 kB	2024-05-09	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 20:41:28 Last Seen2024-05-09 20:41:28 Times Seen1 Hash f6dbcdd7e57280e3ac94239dc3b52ed0 06a5ed8503ed75e34dfb4c78fe2850f62c832eab 7f9a4dc1c756b4863cb080bf15afcfe05eb2f738bad39251c5edb2e813a11695 Loading...

	staixourtee.com/pfe/current/micro.tag.min.js?z=7270212&ymid=797757430711717888&var=1320852&sw=/sw-check-permissions/7270212&uhd=1&os_version=x86.64	37 kB	2024-04-25	2024-05-15
Pretty URL staixourtee.com/pfe/current/micro.tag.min.js?z=7270212&ymid=797757430711717888&var=1320852&sw=/sw-check-permissions/7270212&uhd=1&os_version=x86.64 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-15 20:42:51 Times Seen2522 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	38 B	2023-03-13	2024-05-20
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 22:51:58 Last Seen2024-05-20 11:32:51 Times Seen5521 Hash 3ea1379d18e4ec6bccefeba76a1b33b4 90afb068cee6917494ddd820bcb2fe44de7e5e43 15c832dee58f1c08fb6bf51935a10f95cb0482d19441cefbb469a82278e54bae Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	3.7 kB	2024-05-09	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 20:41:28 Last Seen2024-05-09 20:41:28 Times Seen1 Hash 12f74414a1cb781ff767905320734c61 82b4b77c93b2afed46b7944116d443508949aed3 46b513808ac7653771cdb866275e09d123bad7cf94c3cdaa6605b7d65b56115f Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	432 B	2023-08-15	2024-05-20
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-15 17:07:57 Last Seen2024-05-20 12:57:40 Times Seen5434 Hash a68df917a9d58006028bbbc7b6f30aa0 8412b7650e9351c4826eee83dc944ab8e7a5a660 003c5bfe078f1901b11f14e32f824a1696e54b3a72cd7462395986063f0cd571 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	3.5 kB	2024-05-09	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 20:41:28 Last Seen2024-05-09 20:41:28 Times Seen1 Hash 960ffff952156741a7aec74400d1477d b1de3223fff3add5d35e9ffac71a102c096f1ef6 95d84c29aab4b818d479a8188196e9efbfaf29c7cd301407ce85c9452c03aff6 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	5.1 kB	2024-05-09	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 20:41:28 Last Seen2024-05-09 20:41:28 Times Seen1 Hash 1d13068648db9400dbc1efb4309a6870 41fedc713556e2468f4139dce12fab60251f4373 d8ac7fe51d3d67691f5ceedb6a2cb06caf8c0fee0fce19814df63469e6c46d59 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	4.0 kB	2024-05-09	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 20:41:28 Last Seen2024-05-09 20:41:28 Times Seen1 Hash add0a3678b2cd2f70fd5d109fbbb4fbe f8532412fa499ca062dd10ec9232d0a3d95be337 95dd9cc2374aa036248bf4b32778165f1415b7139fb80f4b2556a3eecd20068c Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	3.1 kB	2024-05-09	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 20:41:28 Last Seen2024-05-09 20:41:28 Times Seen1 Hash 442adc2efedd31245a43404c862084bf 8ecc0158f6fcec8e0cd3df2e97b47ece885cec0a eac6689d76533e22cc7fad4f9a7318ed3c061b901ec501ec424a75a9876bcd85 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	797 B	2023-09-04	2024-05-20
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-04 22:45:48 Last Seen2024-05-20 10:17:49 Times Seen2268 Hash 596782cac20eea614d88cf844297d59e 8c395c61d973d6f8bfbbf349bf7e4a9fb3caeefa 5295e4e76fcb1fa95499ae21a8fe34e3911975e1d4a996b9293e0d18b882f501 Loading...

	staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1	2.1 kB	2024-05-09	2024-05-09
Pretty URL staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 IP 172.67.152.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 20:41:28 Last Seen2024-05-09 20:41:28 Times Seen1 Hash d5e1234a4d8b54b80105b23258ddf6ad 8109fe18af761e112d7d2d982dc26affac5ae521 9464609352fe07b7a21fbb3b2e035f9ffe8245edfb77ebec744764bb2611e096 Loading...

HTTP Transactions (15)

URL IP Response Size

static.staixourtee.com/templates/_assets/sounds/blip1/default.mp3

172.67.152.147

206 Partial Content

6.7 kB

URL GET HTTP/3
static.staixourtee.com/templates/_assets/sounds/blip1/default.mp3
IP
172.67.152.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerGoogle Trust Services LLC
Subjectstaixourtee.com
FingerprintDD:FE:6C:5F:81:03:83:0C:93:03:24:01:76:BF:F7:73:C5:CF:F2:E8
ValidityTue, 26 Mar 2024 19:30:57 GMT - Mon, 24 Jun 2024 19:30:56 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural
Size
6.7 kB (6712 bytes)
Hash
6422f23e1751d74410347e02c0210a60
0e3e65be6b5fbb76f6a52191e973bd37368be204
4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /templates/_assets/sounds/blip1/default.mp3 HTTP/1.1
Host: static.staixourtee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Thu, 09 May 2024 18:40:57 GMT
content-type: audio/mpeg
content-length: 6712
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: "663b7e85-1a38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=86400
cf-cache-status: MISS
content-range: bytes 0-6711/6712
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BIqfvdhisEi38d5a%2BUIbCknRBnvuMnKOEm2e9a%2B0l1cDbkbnWNm5JWI2jlpA4mVvQXheL3aY%2FJPbKJ9QVbV7AJSYONri7LtC2jZJb%2B1hTEuUU039BMAVmFbT349Zq%2BKdnP%2BlwWzNVOba"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8813d2250f150b06-OSL
alt-svc: h3=":443"; ma=86400

littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6

104.22.24.116

200 OK

2.2 kB

URL GET HTTP/2
littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6
IP
104.22.24.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerLet's Encrypt
Subjectlittlecdn.com
FingerprintFF:86:21:24:8E:21:B3:E4:6D:43:EF:9E:9E:F0:C2:37:3D:27:04:67
ValidityThu, 09 May 2024 02:26:29 GMT - Wed, 07 Aug 2024 02:26:28 GMT

File type
assembler source, ASCII text
Size
2.2 kB (2180 bytes)
Hash
77800b67413ed2d93cda5fbffdee9c80
e4c0cc617a79bc021ab2b114d76497dfc10f45df
df72ad7033ec4e39d4cd75b51d6600837e5f46af3bb31fed01bb07aabb61cede

HTTP Headers

GET /apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 18:40:57 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 13:30:45 GMT
vary: Accept-Encoding
etag: W/"663b7e85-1af3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 5307
server: cloudflare
cf-ray: 8813d224dda50b59-OSL
content-encoding: br
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=2b0b30dc9758a09de97781afd96de51a

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=2b0b30dc9758a09de97781afd96de51a
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
83e10f48299a5fc00933427200c7da7e
c88652d436f90118238f19e8f118cee298bbe93e
e471fa93f0af7a53cf5f928a8d45760d6d2ffe85aa9dec8cb15f1d1a39ecdc33

HTTP Headers

GET /gid.js?userId=2b0b30dc9758a09de97781afd96de51a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://staixourtee.com/
Origin: https://staixourtee.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://staixourtee.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2b0b30dc9758a09de97781afd96de51a; expires=Fri, 09 May 2025 18:40:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
760a4efbcfd4a5d6df2b5284f461c070
f8295531582a27ec2fd6fef27dae84b96feba670
34a56c59d75017f4a5d474952b8dc5112557bd3e59a7eaca21f50b026fb10b74

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://staixourtee.com/
Origin: https://staixourtee.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://staixourtee.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=080057bd874843f5e57d42aaa55915f5; expires=Fri, 09 May 2025 18:40:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

staixourtee.com/zone?&pub=0&zone_id=7270212&is_mobile=false&domain=staixourtee.com&var=1320852&ymid=797757430711717888&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=57925fdf-3fa8-475c-a0aa-fd1fd51b57e0&action=prerequest

172.67.152.147

200 OK

0 B

URL POST HTTP/3
staixourtee.com/zone?&pub=0&zone_id=7270212&is_mobile=false&domain=staixourtee.com&var=1320852&ymid=797757430711717888&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=57925fdf-3fa8-475c-a0aa-fd1fd51b57e0&action=prerequest
IP
172.67.152.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerGoogle Trust Services LLC
Subjectstaixourtee.com
FingerprintDD:FE:6C:5F:81:03:83:0C:93:03:24:01:76:BF:F7:73:C5:CF:F2:E8
ValidityTue, 26 Mar 2024 19:30:57 GMT - Mon, 24 Jun 2024 19:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=7270212&is_mobile=false&domain=staixourtee.com&var=1320852&ymid=797757430711717888&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=57925fdf-3fa8-475c-a0aa-fd1fd51b57e0&action=prerequest HTTP/1.1
Host: staixourtee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://staixourtee.com
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Cookie: reverse=IcnJMHgXFPPpCBBNbcFVe0CAw0eOOXOCcbqxUys2j0Y; OAID=2b0b30dc9758a09de97781afd96de51a; oaidts=1715280056; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 18:40:57 GMT
content-length: 0
x-trace-id: 984741be65ac1582401b9dabcb14cc55
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://staixourtee.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ki%2FbZalxpJXFfH1xgAdBIEvMd5wssPfVwolCOoFNIdknOE1mgPn9%2BpRQjLruhgUlB4qqqmZY5dlEn6auyR%2BnnNYthJE2qI2WLk%2FF8VUJlDFRWQUPrZSzDWyHMYSZeXG%2Bw4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8813d22669070b06-OSL
alt-svc: h3=":443"; ma=86400

staixourtee.com/pfe/current/micro.tag.min.js?z=7270212&ymid=797757430711717888&var=1320852&sw=/sw-check-permissions/7270212&uhd=1&os_version=x86.64

172.67.152.147

200 OK

14 kB

URL GET HTTP/3
staixourtee.com/pfe/current/micro.tag.min.js?z=7270212&ymid=797757430711717888&var=1320852&sw=/sw-check-permissions/7270212&uhd=1&os_version=x86.64
IP
172.67.152.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerGoogle Trust Services LLC
Subjectstaixourtee.com
FingerprintDD:FE:6C:5F:81:03:83:0C:93:03:24:01:76:BF:F7:73:C5:CF:F2:E8
ValidityTue, 26 Mar 2024 19:30:57 GMT - Mon, 24 Jun 2024 19:30:56 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
14 kB (13510 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=7270212&ymid=797757430711717888&var=1320852&sw=/sw-check-permissions/7270212&uhd=1&os_version=x86.64 HTTP/1.1
Host: staixourtee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Cookie: reverse=IcnJMHgXFPPpCBBNbcFVe0CAw0eOOXOCcbqxUys2j0Y; OAID=2b0b30dc9758a09de97781afd96de51a; oaidts=1715280056
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=86400
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drJyRyLmirysST8f2uwyUfzSW2yqk7ZJH5UXgAAhW5VXUzw%2FRHe3Cf2CYMyZwkfVhsgVp6q%2FjKjteO3j8gE6jtSyh2w6fCZ8hoKNPoPv5VaP1RJxPJivOA%2BnLYCoLN2VWts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8813d2249e8d0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 419
Origin: https://staixourtee.com
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b4f68eeb2271bc15876e7fbc98b40a84
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://staixourtee.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 416
Origin: https://staixourtee.com
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4fc4e2b728176687014ec1816850765e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://staixourtee.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 418
Origin: https://staixourtee.com
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e34594f35e30480d39a1797e7f4fd8b1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://staixourtee.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
4c678bec5757256fe2da5307764d937f
69e4929f5476f8954108990d79d9e7e07122358f
8f697aa1031a4595ad24c83cf2b73df3e2a38c0ba06da93f14f5679dc65fafa1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://staixourtee.com/
Content-Type: application/json
Content-Length: 1296
Origin: https://staixourtee.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://staixourtee.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

staixourtee.com/favicon.ico

172.67.152.147

204 No Content

0 B

URL GET HTTP/3
staixourtee.com/favicon.ico
IP
172.67.152.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerGoogle Trust Services LLC
Subjectstaixourtee.com
FingerprintDD:FE:6C:5F:81:03:83:0C:93:03:24:01:76:BF:F7:73:C5:CF:F2:E8
ValidityTue, 26 Mar 2024 19:30:57 GMT - Mon, 24 Jun 2024 19:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: staixourtee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Cookie: reverse=IcnJMHgXFPPpCBBNbcFVe0CAw0eOOXOCcbqxUys2j0Y; OAID=080057bd874843f5e57d42aaa55915f5; oaidts=1715280056; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 09 May 2024 18:40:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2FbIRL2tiYnv%2FhHCLZQNSzXei139lrgWbevB35NyLl9u0ZTFuGApeTDYvgFF2qvmhxLUiUE60J9qrGVFgM4R6e6uIYrgsy98flrCcP%2FSqjMRJYCxjtv5%2BrLxjUadhlgSRj0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8813d2289c4f0b06-OSL
alt-svc: h3=":443"; ma=86400

staixourtee.com/sw-check-permissions/7270212?var=1320852&ymid=797757430711717888&uhd=1&zoneId=7270212

172.67.152.147

200 OK

1.3 kB

URL GET HTTP/3
staixourtee.com/sw-check-permissions/7270212?var=1320852&ymid=797757430711717888&uhd=1&zoneId=7270212
IP
172.67.152.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerGoogle Trust Services LLC
Subjectstaixourtee.com
FingerprintDD:FE:6C:5F:81:03:83:0C:93:03:24:01:76:BF:F7:73:C5:CF:F2:E8
ValidityTue, 26 Mar 2024 19:30:57 GMT - Mon, 24 Jun 2024 19:30:56 GMT

File type
ASCII text, with very long lines (1420), with no line terminators
Size
1.3 kB (1336 bytes)
Hash
66b6b8e1d19625d0522c9655ca60cc06
2e3941fbdce07db6833a775562bc9a35d195af34
7fc95dd9b94a92bc95c9865010b72601cbd3ead3620ee4a7c6390c632a77c21b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-check-permissions/7270212?var=1320852&ymid=797757430711717888&uhd=1&zoneId=7270212 HTTP/1.1
Host: staixourtee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Cookie: reverse=IcnJMHgXFPPpCBBNbcFVe0CAw0eOOXOCcbqxUys2j0Y; OAID=2b0b30dc9758a09de97781afd96de51a; oaidts=1715280056; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ABNM4tWOorwphPNpJ9TZBFWXT%2BraSCQckPonxji1H4IGIBbVPeiEeFNq5xSxnrlFU%2Bnye2uHQj1%2FKN2bYzeIbR1m6TSqYcG6pCgyjZ6cDl5UlX8k1smmpcJwgn5pfk01QJY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8813d22699400b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1

172.67.152.147

200 OK

35 kB

URL User Request GET HTTP/2
staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
IP
172.67.152.147:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectstaixourtee.com
FingerprintDD:FE:6C:5F:81:03:83:0C:93:03:24:01:76:BF:F7:73:C5:CF:F2:E8
ValidityTue, 26 Mar 2024 19:30:57 GMT - Mon, 24 Jun 2024 19:30:56 GMT

File type
HTML document, ASCII text, with very long lines (1952), with CRLF, LF line terminators
Size
35 kB (35069 bytes)
Hash
3f8e61528b6ec71cff07c43a979d359e
0609d785947e4eeea1a79b3ecaf016e8ddf6ce65
be64a248cb27ee8b48b2027efab505653c53a30ae69e18133c828814ee888b59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1 HTTP/1.1
Host: staixourtee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 May 2024 18:40:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=IcnJMHgXFPPpCBBNbcFVe0CAw0eOOXOCcbqxUys2j0Y; expires=Thu, 09-May-2024 19:40:56 GMT; Max-Age=3600; path=/
OAID=2b0b30dc9758a09de97781afd96de51a; expires=Sat, 16-Sep-2079 13:21:52 GMT; Max-Age=1746816056; path=/
oaidts=1715280056; expires=Sat, 16-Sep-2079 13:21:52 GMT; Max-Age=1746816056; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d2B%2FHYU4NBLuovf%2FoPmqT%2F9elgK%2BlkA8%2FM5eaZIFKzUINdKZUfzXqZmLySfSSdkATll2bUm8MZcDJjuXzF0GL26mtbQ%2BZbJ3e2ZtW%2BfNMxcaKAugr%2BD8wMe3IKB3bhBW9CQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8813d220af705685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

staixourtee.com/rotate?zz=6568142&var=1320852&ymid=dsxvzmszte&uid=080057bd874843f5e57d42aaa55915f5&os_version=x86.64

172.67.152.147

200 OK

677 B

URL GET HTTP/3
staixourtee.com/rotate?zz=6568142&var=1320852&ymid=dsxvzmszte&uid=080057bd874843f5e57d42aaa55915f5&os_version=x86.64
IP
172.67.152.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerGoogle Trust Services LLC
Subjectstaixourtee.com
FingerprintDD:FE:6C:5F:81:03:83:0C:93:03:24:01:76:BF:F7:73:C5:CF:F2:E8
ValidityTue, 26 Mar 2024 19:30:57 GMT - Mon, 24 Jun 2024 19:30:56 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (687), with no line terminators
Size
677 B (677 bytes)
Hash
6b9ea00edc5515d235278419f109f621
839720695858b09a9ec8f485ed00d11c70119945
cb107bddac4087ad60b412e8410d141eef800d48112de6d29aa8b1020958ef16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotate?zz=6568142&var=1320852&ymid=dsxvzmszte&uid=080057bd874843f5e57d42aaa55915f5&os_version=x86.64 HTTP/1.1
Host: staixourtee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
DNT: 1
Connection: keep-alive
Cookie: reverse=IcnJMHgXFPPpCBBNbcFVe0CAw0eOOXOCcbqxUys2j0Y; OAID=2b0b30dc9758a09de97781afd96de51a; oaidts=1715280056; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: beb9134f72d9c3d291d2e3b9b10fe570
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
access-control-allow-origin: https://staixourtee.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=080057bd874843f5e57d42aaa55915f5; expires=Fri, 09 May 2025 18:40:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lyMw4lmtAP%2F6l24CQAPiAmdC11H6cdic03w2Qyn0NV6p77RfGH43BjIfKYCVVg9JuV4CRdDRrcClAssxNgUPxPABvElYwXQqPWPS49Gn8JlcD49iG4L%2Fk4Y7jtIxHybuBZ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8813d22699430b06-OSL
alt-svc: h3=":443"; ma=86400

staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1&mprtr=1&os_version=x86.64

172.67.152.147

200 OK

2 B

URL POST HTTP/3
staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1&mprtr=1&os_version=x86.64
IP
172.67.152.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Certificate
IssuerGoogle Trust Services LLC
Subjectstaixourtee.com
FingerprintDD:FE:6C:5F:81:03:83:0C:93:03:24:01:76:BF:F7:73:C5:CF:F2:E8
ValidityTue, 26 Mar 2024 19:30:57 GMT - Mon, 24 Jun 2024 19:30:56 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1&mprtr=1&os_version=x86.64 HTTP/1.1
Host: staixourtee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://staixourtee.com
DNT: 1
Connection: keep-alive
Referer: https://staixourtee.com/are-you-human/13/1/?s=797757430711717888&var=dsxvzmszte&z=1320852&browser=chrome&os=android&osversion=android12&mprtr=1
Cookie: reverse=IcnJMHgXFPPpCBBNbcFVe0CAw0eOOXOCcbqxUys2j0Y; OAID=2b0b30dc9758a09de97781afd96de51a; oaidts=1715280056; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Thu, 09 May 2024 18:40:57 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OHq6mXwPZhcQkIllXoE0dCtGFxLqD76XRrN2EfzgPXul2Rlp2jTzAItT5IkTI3NiEd4Y3y6AFIfmFh31EfTlq0jmfngRKqDpXv2jUAeN%2B7Qr3%2BQz8eI3PICfKivIbciy42g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8813d22669030b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML