Report - nxsisgod.com/bins/UnHAnaAW.mpsl

Report Overview

Submitted URL
nxsisgod.com/bins/UnHAnaAW.mpsl
IP
172.67.190.191
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 12:49:18
Access
public
Website Title
404 Not Found
Final URL
nxsisgod.com/bins/UnHAnaAW.mpsl
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nxsisgod.com	unknown	2024-01-28	2024-02-26	2024-03-31	7.9 kB	363 kB	104.21.20.7
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-05-06	4.5 kB	129 kB	104.17.2.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed
2024-05-07	medium	nxsisgod.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (33)

	URL	Size	First Seen	Last Seen
	nxsisgod.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDA0JTIwTm90JTIwRm91bmQlMjIlMkMlMjJ4JTIyJTNBMC4yNTIzNDEzMzAwMDkyMjc3NiUyQyUyMnclMjIlM0ExMjgwJTJDJTIyaCUyMiUzQTEwMjQlMkMlMjJqJTIyJTNBMTAyNCUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGbnhzaXNnb2QuY29tJTJGYmlucyUyRlVuSEFuYUFXLm1wc2wlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZueHNpc2dvZC5jb20lMkZiaW5zJTJGVW5IQW5hQVcubXBzbCUzRl9fY2ZfY2hsX3RrJTNEZ0hSSnBsZFZvNUg2LmhmZ1dBWTdWbTlhQ0tHTkJYWUswNmFpNTZfZXN6MC0xNzE1MDg2MTM2LTAuMC4xLjEtMTMyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q=	4.9 kB	2024-05-07	2024-05-15
Pretty URL nxsisgod.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDA0JTIwTm90JTIwRm91bmQlMjIlMkMlMjJ4JTIyJTNBMC4yNTIzNDEzMzAwMDkyMjc3NiUyQyUyMnclMjIlM0ExMjgwJTJDJTIyaCUyMiUzQTEwMjQlMkMlMjJqJTIyJTNBMTAyNCUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGbnhzaXNnb2QuY29tJTJGYmlucyUyRlVuSEFuYUFXLm1wc2wlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZueHNpc2dvZC5jb20lMkZiaW5zJTJGVW5IQW5hQVcubXBzbCUzRl9fY2ZfY2hsX3RrJTNEZ0hSSnBsZFZvNUg2LmhmZ1dBWTdWbTlhQ0tHTkJYWUswNmFpNTZfZXN6MC0xNzE1MDg2MTM2LTAuMC4xLjEtMTMyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q= IP 104.21.20.7 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-15 13:18:13 Times Seen20 Hash eb0564056e296bed9c8d0b6512aa8866 b00cc9f9767220c74d4f61f9b0bd4a1f7aa41e75 29a13cf464347e5a961598f0d272b8bdc031b31f91813c4cd9c4f7e8bc0578eb Loading...

	unknown	247 B	2024-05-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-07 14:49:18 Times Seen1 Hash 5590f7b324b4fc805943168bad4e4911 32a8ff88bffcc3097e432abded08effb2b3a90be 577acb4f1bee6323a94c303a280be62d64c32cd412177ef93559ebd78394060f Loading...

	unknown	98 B	2023-04-12	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 12:52:26 Last Seen2024-05-19 09:15:26 Times Seen740 Hash 9c2355c1862f27be33f1d1c490852011 df4b4ecfcbcb400ba65c6db887bb7b0c34967fc2 cd886e4500625ef3ab17e2ecc8d0d25c8545ab87769755796aa71a412f19c2f3 Loading...

	nxsisgod.com/bins/UnHAnaAW.mpsl	1.6 kB	2024-05-07	2024-05-11
Pretty URL nxsisgod.com/bins/UnHAnaAW.mpsl IP 104.21.20.7 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-11 23:03:59 Times Seen6 Hash 5f814d50d342e015ab74142d3a8c224e e4d61ee2f7b4ea6562a4e5ce929b13ec3f6db826 af01a082cb4e84df10c0613236abe6bb212979558bb536cb54804c1cfbf6ca3e Loading...

	nxsisgod.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-05-07	2024-05-07
Pretty URL nxsisgod.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.20.7 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-07 14:49:20 Times Seen2 Hash c47be944d79a66bf357994b6b6f0e162 8b6c76e1a235fcf6f2a0be367db00ca3e1a7b985 9d1132fb6b984009e236bf1615a15c04c42a5085dc2b7a6a705fa93eab1b7dd9 Loading...

	nxsisgod.com/bins/UnHAnaAW.mpsl	1.1 kB	2024-05-07	2024-05-07
Pretty URL nxsisgod.com/bins/UnHAnaAW.mpsl IP 104.21.20.7 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-07 14:49:18 Times Seen1 Hash f162acdbc37c2cd9215df691adb3462d 2c655cf8c959eea720e19dc4b1865a15abfd16b1 72412c8a8aa5b61c0ca9b2d07c24248cf633522dadde61d1178ecb6d28b7c7a4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 37ebdd5a923a86eebf548fb9926fdb4d	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-07 14:49:18 Times Seen1 Hash 37ebdd5a923a86eebf548fb9926fdb4d 5ebabf511e9e6e235f3c6daabe3d131a87738c6a c67a8780d0da31b1238ff5afac196a2620fa2c8420a65dfdb4431b5713634def Loading...

	#2 Eval - e253ca43c90e56eb36534fe7218dd74f	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-07 14:49:18 Times Seen1 Hash e253ca43c90e56eb36534fe7218dd74f f20b8ac6620c6a5d1921d77c6636793be966c572 518860b76ec68eeb41bb9a81f666c11b2a8a7ad95a9dc3064142ec39872dc276 Loading...

	#3 Eval - a60563197b9198b27537d0bad3b84223	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-07 14:49:18 Times Seen1 Hash a60563197b9198b27537d0bad3b84223 06ae6e90ab4e1fbbf113855de8402b90d852374d 2b492572330bb6683d48200c60ce85a0c9452672c6923634a8901f10f94a8736 Loading...

	#4 Eval - 1dde0eb947e9055acd45d1268de06357	1.1 kB	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:18 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 1dde0eb947e9055acd45d1268de06357 10f134cc87ed5c9539f9f5c01e7e0a25278ec5e5 a507b992c6d0ae8a485dc01f50b5ce15dab226fa68eb7f26cccfa70ea736546f Loading...

	#5 Eval - 393d01de748f1bca0fbbde638446aa1c	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 393d01de748f1bca0fbbde638446aa1c 867f8e864d18622d710a9c98c16d90c2daefedad 842c90799d03b8b94ae15b79c1cc61b5125bdb4d199eb647f71509e2ff454ab7 Loading...

	#6 Eval - 61ca1f5a6b52e986ada87bf4126992aa	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 61ca1f5a6b52e986ada87bf4126992aa 0f1a74fe32a64a6c4343d9eb994e244f6e3c7a04 d26a1e77f160f038c3cc955b61fc7f3c8f62ab57a9da66fa4242921b5b3143bc Loading...

	#7 Eval - 5c52af002275c6228f38435787eadcc7	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 5c52af002275c6228f38435787eadcc7 ad3539560fd522fa56ac07fa1203e05f7be741cb 7145d24b407136023dff7698f82bc549b3e9589dbb33a2d2f21a2f17e539a578 Loading...

	#8 Eval - 045d77193635fbd5f1fe227924675915	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 045d77193635fbd5f1fe227924675915 eacc49c6599334a31db2d5ee8dab504af20c1deb 538aef065bf604bf425bf21b983d42d407131987a6287b69397813b5570f0713 Loading...

	#9 Eval - de9be1ac30a6a567f9c0537a6e4af474	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash de9be1ac30a6a567f9c0537a6e4af474 ddf136a35fc817a9f2d19bd2f65fa7d5c0e8ce3c 09e1283806d7ab300cb49dee4521413e076fe732fc0aebbba767f0c8c1293d29 Loading...

	#10 Eval - 24d76bf23bc3a906629e8d28d68720cd	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 24d76bf23bc3a906629e8d28d68720cd b47303f342dcff85d464ce2737b9000e39ed0300 d30b784b8a978e7ff745a6e286f5629bf09fcd515f616e54ed589340414a8546 Loading...

	#11 Eval - 885137f6380f9b7eb095f6944ceefd00	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 885137f6380f9b7eb095f6944ceefd00 2c8c1d8d67be5c643f911981d102cfba5cc0525e 39ea66b39dcc541ebd558458b61f25b8109ac7e46a46b36ff1f5f3797e72df5c Loading...

	#12 Eval - 71961411f114ca10d9dc9938101040f9	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 71961411f114ca10d9dc9938101040f9 99dfbf8b1d2c9e30d7d622e4ce55e9880ec03647 792da0ba35d4a6260989e029d3d86a852dca18845aaebe75426e40e1185e9681 Loading...

	#13 Eval - 9acc8251ebb9e2b42cf1410a6c29c953	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 9acc8251ebb9e2b42cf1410a6c29c953 f33adbaab8d16fa02533ede21b6e19220ebc7efe dcc8341bbcc9bc007f563d3bc6b3a9b1c70ff1fd60b83f26c596fb76fcfdd758 Loading...

	#14 Eval - ad9b97f0b498dc02817de1f47b8c0893	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash ad9b97f0b498dc02817de1f47b8c0893 756c61d5233a64c37950f6ef39874a3ff93ebc0d be8b8a438eaab182edd1669a43783e2923d1810769495d8e340366152c4906a2 Loading...

	#15 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-19
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-19 15:28:26 Times Seen353094 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#16 Eval - da433b6ce5a96b4c0d928202adfb88aa	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash da433b6ce5a96b4c0d928202adfb88aa 2e3ac079119e8bc608ee982e0a54373b4becd7ca e7e4d86e8ee60eb7d7e352de49152f2601a7f2055425892688dcb74abd22aa64 Loading...

	#17 Eval - c4a93954c228ceb587c2a64a35d5679a	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash c4a93954c228ceb587c2a64a35d5679a 9937a592d7494023969cc657640c2dbffbcf80bd 2ea7697339f8e85479752d35c78b72b0f43501be09b19c4802dcc88bf173e2c0 Loading...

	#18 Eval - 189c9ef0b2e4c1da3c27ce9169b69285	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 189c9ef0b2e4c1da3c27ce9169b69285 80e1d2a9249c035e54be7956541e6489efba8f2d b451876cae26ff48225cc5df174d99ebf9eeb98465de45586a6237a548b6d446 Loading...

	#19 Eval - c84f95e33ad338401186b82bcde5feee	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash c84f95e33ad338401186b82bcde5feee e69e23e381fecab8e1426877296b175a3bafd91c 35ee8a33bcd0db59f20b4267bda5566769591cf0f7a4234125a63761e401e070 Loading...

	#20 Eval - 1839bc814b7cf201739aa5abcc95a119	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 1839bc814b7cf201739aa5abcc95a119 017d047948ea8944d8746d8b8cd2654a15ca1453 f206241443df78122d15a5d44d03435814b78ccf03752b88e311585c22cc4255 Loading...

	#21 Eval - e488b88cea0ae11c60ac188f98630f1c	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash e488b88cea0ae11c60ac188f98630f1c a021be368c470d172b206f5a3dae11d0d7d21f30 ec091c1a2933a9a52eaaa2e5c5d03470b81835ae9689ca8e457a2d6cfb9afcc1 Loading...

	#22 Eval - ffd8c7321c8ba007e42f3cf8cc07db36	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash ffd8c7321c8ba007e42f3cf8cc07db36 3c8e2c9d2818f6e018b337b807be13dcc81cd103 5480c0ac4622837cb4dc276ba02ba9e2c80b427ecc0fbdfb3c6f834b6f8788e0 Loading...

	#23 Eval - 7d8e786e38c8854b20a4b71fb0d313b2	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 7d8e786e38c8854b20a4b71fb0d313b2 87948ef8252ffb7d9412feaeba0f5312e3a6e3bf 8fcf296595168c7ce2822bf0ff06914bfdda0b8cdfc9ba1c8892a6acfa409a28 Loading...

	#24 Eval - e9665956bea85a1f78ae6a706da8f3a7	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash e9665956bea85a1f78ae6a706da8f3a7 c06aab338adeb1c4c4574069c4e1434a3d828ec8 eb54a39352835668111e98cb4e461b1d85c2f172af7687408f486f7c61048ade Loading...

	#25 Eval - 44ce9c2b5dbdc0f28d7037c070550b74	62 B	2024-05-03	2024-05-09
Pretty Observations First Seen2024-05-03 14:37:29 Last Seen2024-05-09 15:26:38 Times Seen386 Hash 44ce9c2b5dbdc0f28d7037c070550b74 a9d8ff605c113bef81e606ea0bb2d8b0d65bd13e b87899b17160a1ab0138f3ff2eacc0c7c9107f22f6ab3ad6e9d9973b98deb26d Loading...

	#26 Eval - 2c978b94f996e885cba8cfbf3453da59	28 B	2024-05-07	2024-05-07
Pretty Observations First Seen2024-05-07 14:49:19 Last Seen2024-05-07 14:49:19 Times Seen1 Hash 2c978b94f996e885cba8cfbf3453da59 1770b0fb13f854d8fd5b75131a7a533fecc25010 7e517b2ef3195edb0d26a6f48be33bdf0b280556c4d41303d69e765b298e3210 Loading...

	#27 Eval - b054e39123dcea9128dbab31ee5c62bc	144 B	2024-05-03	2024-05-09
Pretty Observations First Seen2024-05-03 17:22:42 Last Seen2024-05-09 14:34:52 Times Seen40 Hash b054e39123dcea9128dbab31ee5c62bc 16bf068d714789cb64c56fc988ba383728ec81ba 6d9936ae6387805decf9710670ffe1ac519a9a74ed473ca3c95962067dc32dfe Loading...

HTTP Transactions (19)

URL IP Response Size

nxsisgod.com/bins/UnHAnaAW.mpsl

104.21.20.7

403 Forbidden

5.9 kB

URL User Request GET HTTP/2
nxsisgod.com/bins/UnHAnaAW.mpsl
IP
104.21.20.7:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
HTML document, ASCII text, with very long lines (14433), with no line terminators
Size
5.9 kB (5868 bytes)
Hash
ee42d6f321dc3410013193554a306035
167342213fd486bae258a27a1c3281eeafae3a3b
02e975bddae1281447a54d2178ea48860f5d9123eff29a94f25d73b554106c27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bins/UnHAnaAW.mpsl HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Tue, 07 May 2024 12:48:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-mitigated: challenge
cf-chl-out: NYNPGsMIAQ49DrwFdVrzAaEVv5Z89Vg8tUhzTVeRAhNA+YVzP2mealBRqpJw/1sfgQc+Zdezh+14cNABwMW/FALqFP0FupSqEkb168hA+mLdtQGPgV4cNm6KAF8hfeSxQBy9VUHzdu2tmVz1aRVO2g==$Rle6hwJG/RqurdNfjCY5Qw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t2OflRNZDpMzGkYCmrLI3psnIlas5dhSTAz%2FE0z%2Fu2ApU0i6jq87do%2B%2BEj%2Bn%2BQq%2BgJWMDCSwxPJW4%2BD5w1JwAO7uADi8S891ch3loSO4go%2B2CNoHDpf%2FnuGh4argGvA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Server: cloudflare
CF-RAY: 880153a9a954b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

nxsisgod.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880153a9a954b4fd

104.21.20.7

115 kB

URL
nxsisgod.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880153a9a954b4fd
IP
104.21.20.7:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
115 kB (115329 bytes)
Hash
f508d5193b5bfd5ea43139a004872c8f
972635f602b6f6a3601635f19be1880ea11a95ce
c031cc2c15bca7dfa6825721d2dde2eb4393765538dc489da5f3e68078fb453f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880153a9a954b4fd HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nxsisgod.com/bins/UnHAnaAW.mpsl?__cf_chl_rt_tk=YyjyFWr9V3dkNZ1mCrZDJGjyDAdpuizvdBr4IfouCjs-1715086132-0.0.1.1-1322
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 12:48:53 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1R4zMwtcTb6HfZihp5nXqOpTI2BA6O02%2BoJS1MXMblgSTDNBefkS%2BrHNQkk9Oen8zCUQXN9SuAJilrr8wtzwCDixj6i4JjnE9ThirF%2BMmqDaFxvHBvsaZM%2FfZf9q%2FsU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Server: cloudflare
CF-RAY: 880153ab4e800b69-OSL
alt-svc: h2=":443"; ma=60

nxsisgod.com/favicon.ico

104.21.20.7

404 Not Found

5.9 kB

URL GET HTTP/3
nxsisgod.com/favicon.ico
IP
104.21.20.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nxsisgod.com/bins/UnHAnaAW.mpsl
Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
HTML document, ASCII text, with very long lines (14423), with no line terminators
Size
5.9 kB (5864 bytes)
Hash
a12dc3fda415505bef7859036b3c37a9
77bfeafcb342c4f4a5b42f4079d2bdb5c837fe93
4a545d710bd0136f6ccb75ed87ff2c6a63375ad7a73a6b728988116990150e90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nxsisgod.com/bins/UnHAnaAW.mpsl
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=6e0dffe6facd9e8
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Tue, 07 May 2024 12:48:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-mitigated: challenge
cf-chl-out: y+033TVxQtdEZoPXT4DYbKjK4McIqxRU2KamXAUSlqanr2BkJPmSfM3HXJ7rCERVrrdKav/NH+QpZXIApVplj5HGjarfl0E9ylBnjVXityHaojMpRm61hUVSBO0GvOVaaVMETZar6rxSJOvhQTjFHQ==$fXT8pwqIsr5s4FeBduMj/g==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K9XpdRvvPc8LH2kDWDKRz%2FufS7ah%2FNFIpTlJyAnQkshjey8i%2FDglnWcvFSssrpafMAn6YHn%2FHk5IPV1awy2XDh%2Fo014q%2F2C1mbRHHBQmx0Y1N9Frnb5EGBNb03ql3jc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Server: cloudflare
CF-RAY: 880153ac4cb856a5-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

nxsisgod.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1354236343:1715083807:WLvAFchR_oQ4PETm26HgWTkFOgjpy6Px27beAMqr8_c/880153a9a954b4fd/6e0dffe6facd9e8

104.21.20.7

12 kB

URL
nxsisgod.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1354236343:1715083807:WLvAFchR_oQ4PETm26HgWTkFOgjpy6Px27beAMqr8_c/880153a9a954b4fd/6e0dffe6facd9e8
IP
104.21.20.7:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
ASCII text, with very long lines (15648), with no line terminators
Size
12 kB (11905 bytes)
Hash
087b3e93d70419e8e29085c6d69cbb67
3fd2e80c66fd205332c9f9d0846320a6feb0721b
13bdcd0fb4f6c16a3e1577d0eecf8d5d8835122dbaf403cd1c9c6c7e52533f6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1354236343:1715083807:WLvAFchR_oQ4PETm26HgWTkFOgjpy6Px27beAMqr8_c/880153a9a954b4fd/6e0dffe6facd9e8 HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nxsisgod.com/bins/UnHAnaAW.mpsl
Content-type: application/x-www-form-urlencoded
CF-Challenge: 6e0dffe6facd9e8
Content-Length: 1873
Origin: http://nxsisgod.com
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=6e0dffe6facd9e8
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 12:48:53 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: qosapVIdbiaIb7qLsd+aODjYWGAUQ+BFf40oPuOwVMTDkiSFIzX5ofb+hVjCjvGx$sSFoustONLE+bXvtRmITcw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKbH20kQGY904scDWtQ7MBKjDqUfAFevt1iba%2Fyab%2FbG6Uwjv0e8PWnEVbr3wxn9liwozBKH0M9NP3RVFgtEyHxxY%2Bou5MxxSkfgj3bjKYtqKIRq0z5aMQNedQ9Uqkw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Server: cloudflare
CF-RAY: 880153acc94f5690-OSL
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/pfvpx/0x4AAAAAAADnOjc0PNeA8qVm/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:48:53 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 880153ae48fb56c4-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880153adbfda56c4/1715086133874/O72vWnwW8xx8k78

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880153adbfda56c4/1715086133874/O72vWnwW8xx8k78
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 97 x 8, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
6bd427a98d0f8c0ce01048bcb46cc95f
28a4ecabf92299bad562d71568b2379ecb7d1146
0c25344ca984a76faf9715f7a61a75d720e06c1c4572b147e4e49e5fbc8c33e9

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/880153adbfda56c4/1715086133874/O72vWnwW8xx8k78 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/pfvpx/0x4AAAAAAADnOjc0PNeA8qVm/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:48:54 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880153b3fadf56c4-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit

104.17.2.184

17 kB

URL
challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42565)
Size
17 kB (16752 bytes)
Hash
a5b92920e25651d2058f4982a108347b
caeeadd68d38fdb681c52006c68880abc2e8a1a6
49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5

HTTP Headers

GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nxsisgod.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 12:48:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 880153ac5f4b0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nxsisgod.com/bins/UnHAnaAW.mpsl

104.21.20.7

403 Forbidden

1.8 kB

URL User Request GET HTTP/2
nxsisgod.com/bins/UnHAnaAW.mpsl
IP
104.21.20.7:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
HTML document, ASCII text, with very long lines (1716), with CRLF line terminators
Size
1.8 kB (1845 bytes)
Hash
49a8d843819ddc7e24f2354ea2486c76
1bb4364026428ae66fa1629ec40b02fd2b658438
c3028efd4d36177e151e7e271296a39ec5bd5bf14b699e78699b4f7f062078fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /bins/UnHAnaAW.mpsl HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nxsisgod.com/bins/UnHAnaAW.mpsl?__cf_chl_tk=YyjyFWr9V3dkNZ1mCrZDJGjyDAdpuizvdBr4IfouCjs-1715086132-0.0.1.1-1322
Content-Type: application/x-www-form-urlencoded
Content-Length: 2479
Origin: http://nxsisgod.com
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=6e0dffe6facd9e8
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 07 May 2024 12:48:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_chl_3=; path=/; expires=Thu, Jan 01 1970 00:00:00 UTC; domain=.nxsisgod.com
cf_clearance=Z2FsVCB7q.iONatdsS_k8kb74UZdJyFe7JtQ_k7PO8c-1715086132-1.0.1.1-_Xvy3k7UJVU87p9sh9GVnjaWFzRuAsOuCSXLcRCLdKSOisumjKl46vlp6L0Pgqkm6Z9jmBBzo.F4yciggpB6Iw; path=/; expires=Wed, 07-May-25 12:48:56 GMT; domain=.nxsisgod.com; HttpOnly; SameSite=None
Location: https://nxsisgod.com/bins/UnHAnaAW.mpsl
CF-Ray: 880153c2de615690-OSL
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSQWJkcHtmYhKCwD7TBVa3Ktl638%2F7PRSwP6pFJVPTgoLZ75PXZst5bqLP%2BYfjtIZXc1ySpdRayeq%2Bt%2Fj7q4%2FnS0e6VtOapjc76bcUMI6fFwbAnuC9pnimKyrxjPRHc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Server: cloudflare
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/eooml/0x4AAAAAAADnOjc0PNeA8qVm/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:48:57 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 880153c7e8020b59-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/880153c74efb0b59/1715086138031/9180ab8f38f3bd714b26d413e800f7c8f1231331a38ace988a85c11ad74bc6f1/IlVPnQuq6BNnYaO

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/880153c74efb0b59/1715086138031/9180ab8f38f3bd714b26d413e800f7c8f1231331a38ace988a85c11ad74bc6f1/IlVPnQuq6BNnYaO
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/880153c74efb0b59/1715086138031/9180ab8f38f3bd714b26d413e800f7c8f1231331a38ace988a85c11ad74bc6f1/IlVPnQuq6BNnYaO HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/eooml/0x4AAAAAAADnOjc0PNeA8qVm/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Tue, 07 May 2024 12:49:00 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gkYCrjzjzvXFLJtQT6AD3yPEjEzGjis6YioXBGtdLxvEAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAycESnW8nWijopFBbXs0ShsFXencIiaM4x8DmoYUMDVIj9LKs0W82Vt7SxGoLjV854ZLsONjPcD9gaNsV1U7ial-U1eHrh6bc6pi2_dUVK8NsyLnCLOtvOiP0SY8vabqRR4dPd6S61Y-diDWwToPoCSioJqJhohK4pCLZ5_YF-5VfEFiyMTtIeFQadCwQWCTWWHJgK8wlIzn3e6mBeQZJ1VsOf21BzIlCKUydJy4Pf1ah0N7KjgN2pp4S9j2sSUl0ZbfnPznB7zO130ijqjcDO7wydsvznYw_ApvEdn5mKTlOFBQM1jktH72KBkAGAS-M4Zko5MazCXVbKxK3oLAhkwIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIJGAq484871xSybUE-gA98jxIxMxo4rOmIqFwRrXS8bxABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 880153d8cf680b59-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880153c74efb0b59/1715086138032/xz4wsEYXdqvaYna

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880153c74efb0b59/1715086138032/xz4wsEYXdqvaYna
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 75 x 82, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
c33c25632fa0395326a8ea6e9976836d
320e8d2455095d6c6144b651d2f63fd8ca995fa1
b88bef2bc89f1df272c99c552c12a429b1615ce30a0ef6218a7007ed22831fe7

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/880153c74efb0b59/1715086138032/xz4wsEYXdqvaYna HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/eooml/0x4AAAAAAADnOjc0PNeA8qVm/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:49:00 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880153d8ffc10b59-OSL
alt-svc: h3=":443"; ma=86400

nxsisgod.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.20.7

302 Found

0 B

URL GET HTTP/3
nxsisgod.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.20.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nxsisgod.com/bins/UnHAnaAW.mpsl
Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=7df25ce72d8327a; cf_clearance=Mn4cAYrZSZI.aUID6Z8L5Y4OPSCdkTeyQlCfRVpb_Fg-1715086136-1.0.1.1-NvhWaw5nqSYrsCvfJQ_43mH6L.XwsyuywzvnqV_DXAj4buCntw81QlJ3XFv0pwCL0_1wy0BS5qQFDIMJYHxmwg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 07 May 2024 12:49:01 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4XsfSs52bWIJMIIe%2B1AGF3hMTOpGI0G%2BeKMTFXBwuldCDtr9DlXxnajlupMkImtFCYFs0RU9KaeGNykc8LP6LNJsNqu0kqDSW%2B2rlYf7zsYbof9E7gCF2MMdLViwr8Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 880153dfd84956c6-OSL
alt-svc: h3=":443"; ma=86400

nxsisgod.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1327350836:1715083856:nES-E13sxYM5fMZZ7MROMGAFS3cefXsBptc3DssL24M/880153c3dfb056c6/7df25ce72d8327a

104.21.20.7

19 kB

URL
nxsisgod.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1327350836:1715083856:nES-E13sxYM5fMZZ7MROMGAFS3cefXsBptc3DssL24M/880153c3dfb056c6/7df25ce72d8327a
IP
104.21.20.7:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
ASCII text, with very long lines (15624), with no line terminators
Size
19 kB (18879 bytes)
Hash
fbb0c4adc90e58f3ca32e02cb045aa54
f88a447bdfa52a51998fbed9e899d8b060f1cf2b
8de23c390efdab685640bb4ccc7d1368b3cd65152617a6d9213785d45213f8d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1327350836:1715083856:nES-E13sxYM5fMZZ7MROMGAFS3cefXsBptc3DssL24M/880153c3dfb056c6/7df25ce72d8327a HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nxsisgod.com/bins/UnHAnaAW.mpsl
Content-type: application/x-www-form-urlencoded
CF-Challenge: 7df25ce72d8327a
Content-Length: 1893
Origin: https://nxsisgod.com
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=7df25ce72d8327a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:48:57 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: AbNQtwrKluhGYlherdDQ/ILE2ZRb159MBtzRIND84I9Ck5zjcPTdcHvdyFqlzbbk$Y/OQiNTHWIIJ7eeLotT7Sg==
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yydbgzhjo4GQyfm55CSC9II9Y92iqplrZgxrXNuuHSQNokxxX8OCLEFsgXmRj%2FT%2B9PfKXpJ4Yqkwqk5j6zc1wKXuIwFjOaSDB6YweM8UYzrSHvAjmd4%2BEMv1gl7055k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 880153c65cd756c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nxsisgod.com/cdn-cgi/challenge-platform/h/b/jsd/r/880153dd8a9f56c6

104.21.20.7

200 OK

0 B

URL POST HTTP/3
nxsisgod.com/cdn-cgi/challenge-platform/h/b/jsd/r/880153dd8a9f56c6
IP
104.21.20.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nxsisgod.com/bins/UnHAnaAW.mpsl
Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/880153dd8a9f56c6 HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12164
Origin: https://nxsisgod.com
DNT: 1
Connection: keep-alive
Referer: https://nxsisgod.com/bins/UnHAnaAW.mpsl
Cookie: cf_chl_3=7df25ce72d8327a; cf_clearance=Mn4cAYrZSZI.aUID6Z8L5Y4OPSCdkTeyQlCfRVpb_Fg-1715086136-1.0.1.1-NvhWaw5nqSYrsCvfJQ_43mH6L.XwsyuywzvnqV_DXAj4buCntw81QlJ3XFv0pwCL0_1wy0BS5qQFDIMJYHxmwg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:49:01 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=o7hjVvbVLSdvpzZfkyyFNq9XSqB2q_jn1ZAmW.MUzJo-1715086141-1.0.1.1-ZOGsDD8tiBy9MAshrgl8N9mLmOqVQAsp1GpZaK6FyAWekOnKMWysLU1hSYZfGdndlVcm0NAEg4Bw6nqed6.tpg; path=/; expires=Wed, 07-May-25 12:49:01 GMT; domain=.nxsisgod.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JQzBFoLKTsP7uI4coOteDoxlwaPaqzxTvVPRQsj4hH6wGaCtrQde0UlTN7l2jC4q24RjL%2FB%2B6r5AFOJKXvg0t4QyUCnY92QVVQ4eL3d09ZQEV2oecI0T1Hx5Q0Vq030%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 880153e15ba656c6-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1607257739:1715083779:E1tGODfXS-5F7jl-65k5R2yVBrOOOV9cyGOPYlIZVdw/880153c74efb0b59/7961643bc1152b1

104.17.3.184

109 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1607257739:1715083779:E1tGODfXS-5F7jl-65k5R2yVBrOOOV9cyGOPYlIZVdw/880153c74efb0b59/7961643bc1152b1
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108898 bytes)
Hash
f60325f562a673cd2a6987550d18627a
3e12c3cdc7832b0ed1f0bc4201105479ef7e2b40
03365c75cce57c2a30b8eab6fcc2ff13b1bee8ec63292f1ccbcc76c22d1c5663

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1607257739:1715083779:E1tGODfXS-5F7jl-65k5R2yVBrOOOV9cyGOPYlIZVdw/880153c74efb0b59/7961643bc1152b1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/eooml/0x4AAAAAAADnOjc0PNeA8qVm/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 7961643bc1152b1
Content-Length: 3565
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:48:58 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: aYxG9IL86zyZXjzo68G2XPNo0OQOK1jjnRmamS+Rb9F6yOJVbEEXzrFTcT9wBEritwWjs6y5Ieys8D/qHT5t5EIEevfEwxlEBcheqRwJwJalVIBEWNlxPfTDXzPWSUEMPUK0fDkpX5tJHE41kXcpk15v+1eJ66gwpT7s/LOY42Mla4uKau9kyn+Iccp4GCj25AKhwrtkpYd6DhPPltvUiVRxBDFI4OhdYZHLcgrjjCMvvbs4InN962fNuWoFVgPs03n+8JiA2GQiVYTdjqG2wcKeTRGyz9xq4IV0wS5s0zIYGkyc9h7AOl9ssp95VvnrxxngwnojcRi/fTRSWjPesFzBFhUljk4sWkPOqwVtrYw5mao/hVYHYsOXbM/yl0WijXZTiQCOUIRI6CQww0xI4aMAlkwbyUZyUGQeUSh2EgKGlUlyujhN/KoU/nyHlWMK$862rzuPLcMgamjWb/9F3yw==
vary: accept-encoding
server: cloudflare
cf-ray: 880153ca9c990b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nxsisgod.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880153c3dfb056c6

104.21.20.7

171 kB

URL
nxsisgod.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880153c3dfb056c6
IP
104.21.20.7:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
171 kB (170656 bytes)
Hash
b7c5ded7a5eb43a7413636913f444316
3fd02d187a4df78342eecec011e936f9b9a409f7
80bb1bbc11000173fae5f78ac13332728e2d30896989436ca38c20c5b3e30e71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880153c3dfb056c6 HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nxsisgod.com/bins/UnHAnaAW.mpsl?__cf_chl_rt_tk=gHRJpldVo5H6.hfgWAY7Vm9aCKGNBXYK06ai56_esz0-1715086136-0.0.1.1-1322
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=6e0dffe6facd9e8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 12:48:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RYrTqwoc%2FIO24BL1rrET0S2pCkbQJsnNe6B%2BCpG%2BySRDdvQaIT8jtxZ%2BAR8BTISZNWguZyTUg58YA2pshQVmViXwZtdP1hOjU7AuBhV24S1H%2BzxdNCZkY%2F3Ds%2FZn9Zk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 880153c4991e56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nxsisgod.com/bins/UnHAnaAW.mpsl

104.21.20.7

403 Forbidden

6.9 kB

URL User Request GET HTTP/2
nxsisgod.com/bins/UnHAnaAW.mpsl
IP
104.21.20.7:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
HTML document, ASCII text, with very long lines (1708), with CRLF line terminators
Size
6.9 kB (6874 bytes)
Hash
ec50f0f43869c5b8fa248c66d13f7653
97f4e63ba52dc5ca568ebeb47d2c2a1d83ff6a26
5b4ae3df10d0944f731faa9cd6ed8e07c8dce344efd4583e98a9212f8f90681b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /bins/UnHAnaAW.mpsl HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nxsisgod.com/bins/UnHAnaAW.mpsl?__cf_chl_tk=gHRJpldVo5H6.hfgWAY7Vm9aCKGNBXYK06ai56_esz0-1715086136-0.0.1.1-1322
Content-Type: application/x-www-form-urlencoded
Content-Length: 3994
Origin: https://nxsisgod.com
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=7df25ce72d8327a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Tue, 07 May 2024 12:49:01 GMT
content-type: text/html
set-cookie: cf_chl_3=; path=/; expires=Thu, Jan 01 1970 00:00:00 UTC; domain=.nxsisgod.com; Secure
cf_clearance=Mn4cAYrZSZI.aUID6Z8L5Y4OPSCdkTeyQlCfRVpb_Fg-1715086136-1.0.1.1-NvhWaw5nqSYrsCvfJQ_43mH6L.XwsyuywzvnqV_DXAj4buCntw81QlJ3XFv0pwCL0_1wy0BS5qQFDIMJYHxmwg; path=/; expires=Wed, 07-May-25 12:49:01 GMT; domain=.nxsisgod.com; HttpOnly; Secure; SameSite=None
cf-ray: 880153dd8a9f56c6-OSL
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ql1XdjnTBxW9FDxZ5qLO%2Bl0d2ubduNREzbOdinkDHjjRdgd5p8%2BkJgZxnxo31J9eXgX4fOkLcdl9lHDYTocTMM%2FOzL4CG2ALO3hPp2PM5%2BJutJjAaIG6q5%2Fv8nLC8i0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

nxsisgod.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

104.21.20.7

200 OK

7.9 kB

URL GET HTTP/3
nxsisgod.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
104.21.20.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nxsisgod.com/bins/UnHAnaAW.mpsl
Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
JavaScript source, ASCII text, with very long lines (7859), with no line terminators
Size
7.9 kB (7859 bytes)
Hash
c47be944d79a66bf357994b6b6f0e162
8b6c76e1a235fcf6f2a0be367db00ca3e1a7b985
9d1132fb6b984009e236bf1615a15c04c42a5085dc2b7a6a705fa93eab1b7dd9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=7df25ce72d8327a; cf_clearance=Mn4cAYrZSZI.aUID6Z8L5Y4OPSCdkTeyQlCfRVpb_Fg-1715086136-1.0.1.1-NvhWaw5nqSYrsCvfJQ_43mH6L.XwsyuywzvnqV_DXAj4buCntw81QlJ3XFv0pwCL0_1wy0BS5qQFDIMJYHxmwg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:49:01 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Or8exOFd%2BcMhx%2BRdHn9iZEwfsCnN0j9KGZH1gU3anVionGtnhYiwQC0TOzo21zoak99oTmLo%2BP1yhDGpLu4%2BEL%2FaSX3urpWAWw1BodYCcuyVCCfuFuwCLPpq4eTbBQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 880153e018f556c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nxsisgod.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDA0JTIwTm90JTIwRm91bmQlMjIlMkMlMjJ4JTIyJTNBMC4yNTIzNDEzMzAwMDkyMjc3NiUyQyUyMnclMjIlM0ExMjgwJTJDJTIyaCUyMiUzQTEwMjQlMkMlMjJqJTIyJTNBMTAyNCUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGbnhzaXNnb2QuY29tJTJGYmlucyUyRlVuSEFuYUFXLm1wc2wlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZueHNpc2dvZC5jb20lMkZiaW5zJTJGVW5IQW5hQVcubXBzbCUzRl9fY2ZfY2hsX3RrJTNEZ0hSSnBsZFZvNUg2LmhmZ1dBWTdWbTlhQ0tHTkJYWUswNmFpNTZfZXN6MC0xNzE1MDg2MTM2LTAuMC4xLjEtMTMyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q=

104.21.20.7

200 OK

4.9 kB

URL GET HTTP/3
nxsisgod.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDA0JTIwTm90JTIwRm91bmQlMjIlMkMlMjJ4JTIyJTNBMC4yNTIzNDEzMzAwMDkyMjc3NiUyQyUyMnclMjIlM0ExMjgwJTJDJTIyaCUyMiUzQTEwMjQlMkMlMjJqJTIyJTNBMTAyNCUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGbnhzaXNnb2QuY29tJTJGYmlucyUyRlVuSEFuYUFXLm1wc2wlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZueHNpc2dvZC5jb20lMkZiaW5zJTJGVW5IQW5hQVcubXBzbCUzRl9fY2ZfY2hsX3RrJTNEZ0hSSnBsZFZvNUg2LmhmZ1dBWTdWbTlhQ0tHTkJYWUswNmFpNTZfZXN6MC0xNzE1MDg2MTM2LTAuMC4xLjEtMTMyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q=
IP
104.21.20.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nxsisgod.com/bins/UnHAnaAW.mpsl
Certificate
IssuerLet's Encrypt
Subjectnxsisgod.com
Fingerprint36:4B:62:F7:CA:63:AD:0E:71:DF:AD:17:2C:97:8D:F0:D9:03:45:54
ValiditySat, 30 Mar 2024 04:55:40 GMT - Fri, 28 Jun 2024 04:55:39 GMT

File type
JavaScript source, ASCII text, with very long lines (5044), with no line terminators
Size
4.9 kB (4947 bytes)
Hash
2f6e5c5c53b1cdb5b7dfcff2097695fa
10afedc65461c7e8a7b2ba661b961b3ad4dfef24
b22a247e54da1e843abd6600d87df8d9d22ae5db1e3bfe0a8a0c74961b6b546d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDA0JTIwTm90JTIwRm91bmQlMjIlMkMlMjJ4JTIyJTNBMC4yNTIzNDEzMzAwMDkyMjc3NiUyQyUyMnclMjIlM0ExMjgwJTJDJTIyaCUyMiUzQTEwMjQlMkMlMjJqJTIyJTNBMTAyNCUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGbnhzaXNnb2QuY29tJTJGYmlucyUyRlVuSEFuYUFXLm1wc2wlMjIlMkMlMjJyJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZueHNpc2dvZC5jb20lMkZiaW5zJTJGVW5IQW5hQVcubXBzbCUzRl9fY2ZfY2hsX3RrJTNEZ0hSSnBsZFZvNUg2LmhmZ1dBWTdWbTlhQ0tHTkJYWUswNmFpNTZfZXN6MC0xNzE1MDg2MTM2LTAuMC4xLjEtMTMyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q= HTTP/1.1
Host: nxsisgod.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nxsisgod.com/
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=7df25ce72d8327a; cf_clearance=Mn4cAYrZSZI.aUID6Z8L5Y4OPSCdkTeyQlCfRVpb_Fg-1715086136-1.0.1.1-NvhWaw5nqSYrsCvfJQ_43mH6L.XwsyuywzvnqV_DXAj4buCntw81QlJ3XFv0pwCL0_1wy0BS5qQFDIMJYHxmwg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 12:49:01 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://nxsisgod.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-max-age: 600
x-robots-tag: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Qhx96%2BZl9ihFsy80U9TI6xpT8K%2BDuYBBg5pag8ZATWFETmirbdn0dMKO0OdP1NKPjxNutIR1augyxRnkO3FKQH9mku1wlggZhj60oWWGl9NLfz36r5HrZyzVQkB3UM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 880153dfe87556c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash