Report - blox-tools.xyz/V8nGameStealer

Report Overview

Visited public
2024-09-23 15:54:19
Tags
Submit Tags
URL
blox-tools.xyz/V8nGameStealer
Finishing URL
blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
IP / ASN
68.66.200.213
#55293 A2HOSTING
Title
BloxTools

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-23 07:24:14	1.3 kB	3.6 kB	23.36.76.226
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-09-23 07:25:33	1.3 kB	2.8 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-09-23 12:42:16	2.1 kB	35 kB	142.250.74.67
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2024-09-23 07:47:19	956 B	90 kB	172.67.142.245
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-09-23 14:15:37	546 B	12 kB	142.250.74.74
unpkg.com	11693	2016-01-06	2016-01-08 00:26:01	2024-09-23 08:08:08	827 B	42 kB	104.17.249.203
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-23 07:24:11	2.0 kB	5.3 kB	23.36.76.226
blox-tools.xyz	unknown	2024-09-08	2024-09-09 01:48:53	2024-09-23 17:53:52	9.5 kB	294 kB	68.66.200.213
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-09-23 07:30:12	1.8 kB	165 kB	104.18.187.31
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2024-09-23 13:16:31	429 B	31 kB	142.250.74.42

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed
2024-09-23	medium	blox-tools.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/typed.js@2.0.12	ScriptElement	12 kB	2023-03-07	2025-07-18
Pretty URL cdn.jsdelivr.net/npm/typed.js@2.0.12 IP 104.18.187.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:55 Last Seen2025-07-18 03:03 Times Seen273 Hash 477fdd6405150093080290d2e8153eac eaf2798298790ec3fad17f6c68b5d3b02dfd069c 5154391ed1d39ada814f7298e5c77802f238ee9a74809c0833eab8e470fda0b9 Loading...

	cdn.jsdelivr.net/npm/sweetalert2@11	ScriptElement	71 kB	2024-09-22	2025-07-01
Pretty URL cdn.jsdelivr.net/npm/sweetalert2@11 IP 104.18.187.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-22 08:48 Last Seen2025-07-01 01:37 Times Seen82 Hash e7ab2d22059493e08068585b2936fe92 5064547076ac474b07266a04d74daf08483b792d 84c733b55ba8c2a952391013ce80772d11acab1840b420dfa6c775c9593b3a4c Loading...

	blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780	ScriptElement	0 B	0001-01-01	2025-07-18
Pretty URL blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780 IP 68.66.200.213 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-18 04:32 Times Seen5450128 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780	ScriptElement	0 B	0001-01-01	2025-07-18
Pretty URL blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780 IP 68.66.200.213 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-18 04:32 Times Seen5450128 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-07-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-18 04:23 Times Seen65933 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	blox-tools.xyz/controlPage/apis/main.js	ScriptElement	8.7 kB	2024-09-28	2024-09-28
Pretty URL blox-tools.xyz/controlPage/apis/main.js IP 68.66.200.213 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-28 08:15 Last Seen2024-09-28 08:15 Times Seen1 Hash b7975a4e5bcb85da0389fc9c650db540 cfbbbd7c5259019bb721e6bd7eb8e964157752c7 2507ed15daaae96e0b5358a1297b10db5957ea1279d726308e74e57d9ffa7f8b Loading...

	blox-tools.xyz/assets/js/bootstrap.js	ScriptElement	78 kB	2023-03-25	2025-07-18
Pretty URL blox-tools.xyz/assets/js/bootstrap.js IP 68.66.200.213 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 22:58 Last Seen2025-07-18 03:03 Times Seen51 Hash 414a2b4b72b7b317530f51f6fdac4c34 e2fa5d6ab23d390627f8687090ba8bcbc748f93d eb1cffdbba9987456be7210c9ac7a451a31630e4fe71446dfb4b47d459282172 Loading...

	unpkg.com/aos@2.3.1/dist/aos.js	ScriptElement	14 kB	2023-03-07	2025-07-18
Pretty URL unpkg.com/aos@2.3.1/dist/aos.js IP 104.17.249.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-07-18 03:03 Times Seen4432 Hash 70b4897108480dbe11c443c2ab7679c9 70dbfd38a0f1fc3b1a7d9fadab58786484c34f17 f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e Loading...

	blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780	ScriptElement	0 B	0001-01-01	2025-07-18
Pretty URL blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780 IP 68.66.200.213 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-18 04:32 Times Seen5450128 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (44)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
72e206e9b89445fb2fb4031a6abe6169
a18bebfb86a71685bd817c15e348cfb5ea438c72
856f85441e043130f88668be6cf68110187856f17999bddc4332437d383c79b6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "856F85441E043130F88668BE6CF68110187856F17999BDDC4332437D383C79B6"
Last-Modified: Mon, 23 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9737
Expires: Mon, 23 Sep 2024 18:36:09 GMT
Date: Mon, 23 Sep 2024 15:53:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
958365f13a7c9c28b36a627ba4bb6988
7be2ef560d38e1108a0568e27c637bb3f1c3ba93
7c4568d9d4d6a64ec9f5f43f410373d3c6fb8969a5a5a876087f46b0e713647f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7C4568D9D4D6A64EC9F5F43F410373D3C6FB8969A5A5A876087F46B0E713647F"
Last-Modified: Mon, 23 Sep 2024 13:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13910
Expires: Mon, 23 Sep 2024 19:45:42 GMT
Date: Mon, 23 Sep 2024 15:53:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b3e9dbf48fb15b7ebe030820e496a4a2
a0afffcc59e40c53dc7aef18623c759d63eb794e
b299e84f35cc7722bbd1f7046cfb1d5c5be6460946551d5a55d90bb3e7dd556d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B299E84F35CC7722BBD1F7046CFB1D5C5BE6460946551D5A55D90BB3E7DD556D"
Last-Modified: Sun, 22 Sep 2024 22:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4486
Expires: Mon, 23 Sep 2024 17:08:38 GMT
Date: Mon, 23 Sep 2024 15:53:52 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8ab80371465a057b549a046eb6f97853
0ccf179fc8a2f02fc91bdb73161837daf6f5c08a
e8d786bfe63e0db6078c37a721dcd2c244ca27d70e5ecc8d99ccea1755073729

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E8D786BFE63E0DB6078C37A721DCD2C244CA27D70E5ECC8D99CCEA1755073729"
Last-Modified: Sun, 22 Sep 2024 14:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12309
Expires: Mon, 23 Sep 2024 19:19:01 GMT
Date: Mon, 23 Sep 2024 15:53:52 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
886fa32ca3a667c0a1dfd18da1dd7a8b
b89f81f349abba5e624945ae0f982b6457a0dd48
605b7b69dd3a60a2e77ee4a4495d5557e4780bf0ee7be9d6c66a9cdffa993c3e

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "605B7B69DD3A60A2E77EE4A4495D5557E4780BF0EE7BE9D6C66A9CDFFA993C3E"
Last-Modified: Sat, 21 Sep 2024 13:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 23 Sep 2024 21:53:53 GMT
Date: Mon, 23 Sep 2024 15:53:53 GMT
Connection: keep-alive

blox-tools.xyz/V8nGameStealer

68.66.200.213

1.5 kB

URL
blox-tools.xyz/V8nGameStealer
IP
68.66.200.213:0
ASN
#55293 A2HOSTING

File type
JavaScript source, ASCII text
Size
1.5 kB (1507 bytes)
Hash
223316de043b786059c66729f8d1895b
82de9e78b8e005cdffcc66df945699bce54b602c
94bd731346f9f8637bb52e155eabce430d028a63ad184428ba61f7517aab9739

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /V8nGameStealer HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:53 GMT
content-length: 1507
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2

GET blox-tools.xyz/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=14405807

68.66.200.213

302 Found

0 B

URL User Request GET HTTP/2
blox-tools.xyz/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=14405807
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=14405807 HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/V8nGameStealer
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Mon, 23 Sep 2024 15:53:53 GMT
content-length: 0
location: https://blox-tools.xyz/V8nGameStealer?__im-PpLAEAZk=8925337967422073780
set-cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; Path=/; Domain=blox-tools.xyz; Max-Age=2592000; HttpOnly; SameSite=Lax
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2

GET blox-tools.xyz/V8nGameStealer?__im-PpLAEAZk=8925337967422073780

68.66.200.213

301 Moved Permanently

795 B

URL User Request GET HTTP/2
blox-tools.xyz/V8nGameStealer?__im-PpLAEAZk=8925337967422073780
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
795 B (795 bytes)
Hash
5d8d79c3cb9af023240b1be6f5057aaa
df22980677b134e83d878893f7c7984e0d78a240
e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /V8nGameStealer?__im-PpLAEAZk=8925337967422073780 HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blox-tools.xyz/V8nGameStealer
DNT: 1
Connection: keep-alive
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Mon, 23 Sep 2024 15:53:53 GMT
content-type: text/html
content-length: 795
location: https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2

GET blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780

68.66.200.213

200 OK

1.6 kB

URL User Request GET HTTP/2
blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
JavaScript source, ASCII text
Size
1.6 kB (1626 bytes)
Hash
f8eddf0ad655b4a050191d53d5145dff
935b0cd40c2524625939e4ace36f2073f62efd4b
5ff39b74db662e75cb6bac12ebf33eb2805eb7a0690f523d4a653b569f9f1ee3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /V8nGameStealer/?__im-PpLAEAZk=8925337967422073780 HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blox-tools.xyz/V8nGameStealer
DNT: 1
Connection: keep-alive
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: text/html; charset=UTF-8
content-length: 1626
set-cookie: PHPSESSID=gisme4e4oce6a9m40orguhs514; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
server: imunify360-webshield/1.21
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/sweetalert2@11

104.18.187.31

200 OK

18 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/sweetalert2@11
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (46581)
Size
18 kB (18281 bytes)
Hash
e7ab2d22059493e08068585b2936fe92
5064547076ac474b07266a04d74daf08483b792d
84c733b55ba8c2a952391013ce80772d11acab1840b420dfa6c775c9593b3a4c

HTTP Headers

GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 18281
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 11.14.1
x-jsd-version-type: version
etag: W/"1143e-UGRUcHasR0sHJmoE102vCEg7eS0"
content-encoding: br
x-served-by: cache-fra-eddf8230029-FRA, cache-lga21975-LGA
x-cache: HIT, MISS
vary: Accept-Encoding
cf-cache-status: HIT
age: 16348
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NYjSBriqBQLDPVt%2F9RGPTD8SUP51SWEeEGkZgxd0nan9ZboTluUjUoT8ZHaiQNo6a%2FD2RHQOpm%2B8w2vD71p16H2d%2F64ZJknTBiqaOPbVUU3Kv61nWU00diMrnR806kubZXU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c7bb5d1ff550b59-OSL
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css

104.18.187.31

200 OK

14 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
ASCII text
Size
14 kB (13745 bytes)
Hash
a8aec561d3b9b905472b815cb2b818c2
300eda4d6282a06d056239258fd3d3c344df4853
13e29a29baade86f4e7a88d8e076d6a6f3ac8950757b50a0f8bbea1c33658d5c

HTTP Headers

GET /npm/remixicon@2.5.0/fonts/remixicon.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: text/css; charset=utf-8
content-length: 13745
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 2.5.0
x-jsd-version-type: version
etag: W/"1af66-MA7aTWKCoG0FYjklj9PTw0TfSFM"
content-encoding: br
x-served-by: cache-fra-eddf8230041-FRA, cache-lga21931-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 8837542
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ry24u0VqHVSfZYkU9MfuhN%2BWI7Ppvwm1do%2FDjYfirP%2BqWLj7qfHJVyXsJhlkQvjEl87jOGRPhiuVDPMkJnsjvFKO9MVjADNKMOZtk%2F9trU9oNMikznJ15KvKlh6B4ms%2FENk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c7bb5d1ff580b59-OSL
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/typed.js@2.0.12

104.18.187.31

200 OK

3.5 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/typed.js@2.0.12
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (11549)
Size
3.5 kB (3522 bytes)
Hash
477fdd6405150093080290d2e8153eac
eaf2798298790ec3fad17f6c68b5d3b02dfd069c
5154391ed1d39ada814f7298e5c77802f238ee9a74809c0833eab8e470fda0b9

HTTP Headers

GET /npm/typed.js@2.0.12 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 3522
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 2.0.12
x-jsd-version-type: version
etag: W/"2e10-6vJ5gph5DsP60X9saLXTsC39Bpw"
content-encoding: gzip
x-served-by: cache-fra-etou8220057-FRA, cache-lga21942-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 8828880
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fhJZRmh%2F%2Bwp34RMWpEQaiVtiDgHzK9Bv0qSyXYg9KcP5egASQqWoDGMIjVjLJKf982DRs%2Bt3f4u%2BFhM%2BGLNzgtOl16qf%2Bne5ezlpyuDHNbE3LCAlgoNYRiFyP9qk3h%2BkeTo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c7bb5d1ff5e0b59-OSL
X-Firefox-Spdy: h2

GET blox-tools.xyz/assets/css/imports_new.css

68.66.200.213

200 OK

124 B

URL GET HTTP/3
blox-tools.xyz/assets/css/imports_new.css
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
ASCII text
Size
124 B (124 bytes)
Hash
7d5ba0170ca4d39fb2eb9174643a7821
228acd1874fb02d6769f9e691f1d1858910b4129
1601b804d2cd3ab41f386e2a02700d269f14c8798b358c8a52d22bc9774fcfc1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/imports_new.css HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: max-age=604800, public
expires: Mon, 30 Sep 2024 15:53:54 GMT
content-type: text/css
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-length: 124
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET blox-tools.xyz/assets/img/logo.png

68.66.200.213

200 OK

6.3 kB

URL GET HTTP/3
blox-tools.xyz/assets/img/logo.png
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
PNG image data, 250 x 250, 8-bit gray+alpha, non-interlaced
Size
6.3 kB (6278 bytes)
Hash
00034f7dfc4005c883780932482acbb7
17c27d3ea7b48508ad2cb58825695ab871c67dca
547139f52c542012d551dc5d3a11659fb4cf88db37ba5dc51a9e7b42b23dd6e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/logo.png HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: max-age=604800, public
expires: Mon, 30 Sep 2024 15:53:54 GMT
content-type: image/png
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-length: 6278
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

GET blox-tools.xyz/controlPage/apis/main.js

68.66.200.213

200 OK

942 B

URL GET HTTP/3
blox-tools.xyz/controlPage/apis/main.js
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
ASCII text
Size
942 B (942 bytes)
Hash
b7975a4e5bcb85da0389fc9c650db540
cfbbbd7c5259019bb721e6bd7eb8e964157752c7
2507ed15daaae96e0b5358a1297b10db5957ea1279d726308e74e57d9ffa7f8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /controlPage/apis/main.js HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 942
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=604800, public

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
175a2cf703a2aa3a6144b917f52d29dd
c2d060d580a7ce2fd95ac3814c71533ff3accd32
4b434c06d34d2805047e7565d32a43fc66bb0fb0bb17b886e096a9b5e4f29587

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Sep 2024 15:53:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET blox-tools.xyz/assets/js/bootstrap.js

68.66.200.213

200 OK

17 kB

URL GET HTTP/3
blox-tools.xyz/assets/js/bootstrap.js
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
JavaScript source, ASCII text, with very long lines (830)
Size
17 kB (17099 bytes)
Hash
414a2b4b72b7b317530f51f6fdac4c34
e2fa5d6ab23d390627f8687090ba8bcbc748f93d
eb1cffdbba9987456be7210c9ac7a451a31630e4fe71446dfb4b47d459282172

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/bootstrap.js HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 17099
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=604800, public

GET ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.42

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC6:E8:36:27:AB:3A:34:33:0B:85:2C:D8:6C:0A:74:34:71:6A:F5:62
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Sep 2024 11:11:20 GMT
expires: Tue, 23 Sep 2025 11:11:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 16954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
175a2cf703a2aa3a6144b917f52d29dd
c2d060d580a7ce2fd95ac3814c71533ff3accd32
4b434c06d34d2805047e7565d32a43fc66bb0fb0bb17b886e096a9b5e4f29587

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Sep 2024 15:53:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET blox-tools.xyz/assets/css/bootstrap.min.css

68.66.200.213

200 OK

22 kB

URL GET HTTP/3
blox-tools.xyz/assets/css/bootstrap.min.css
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
Unicode text, UTF-8 text, with very long lines (562)
Size
22 kB (21897 bytes)
Hash
1f80f3912e1dc2fc8f1c2a41bca07eee
cc0618c90dd64b4776796cfd18b805ded9643f05
1f310be844a0a343ed58e3709463e91f135b9a49e47f46b93f53bd6f9593d267

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/bootstrap.min.css HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/assets/css/imports_new.css
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: max-age=604800, public
expires: Mon, 30 Sep 2024 15:53:54 GMT
content-type: text/css
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 21897
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

GET blox-tools.xyz/assets/css/config.css

68.66.200.213

200 OK

137 B

URL GET HTTP/3
blox-tools.xyz/assets/css/config.css
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
ASCII text
Size
137 B (137 bytes)
Hash
58799cba614eb6bffe0dcce9f9dde1f3
c9a93fcebb59fe40bf90d3f038cac25eff80dd5f
389e01408765bf63c028118c3db5d0dc8dee916ee957b9aff3bb3f6423ca3d33

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/config.css HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/assets/css/imports_new.css
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: max-age=604800, public
expires: Mon, 30 Sep 2024 15:53:54 GMT
content-type: text/css
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-length: 137
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

GET blox-tools.xyz/assets/css/global.css

68.66.200.213

200 OK

1.7 kB

URL GET HTTP/3
blox-tools.xyz/assets/css/global.css
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
assembler source, ASCII text
Size
1.7 kB (1675 bytes)
Hash
ea4b3296c947c8fc7c3ca9fa78a7409c
de0a8e02d1cb3e3d09287ca3c8f3a243ab1ba7bf
aeeffb31c23c88f14b858d48ea168573d2a87202f522ebe681a70ce788051b0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/global.css HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/assets/css/imports_new.css
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: max-age=604800, public
expires: Mon, 30 Sep 2024 15:53:54 GMT
content-type: text/css
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1675
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

GET use.fontawesome.com/releases/v5.8.1/css/all.css

172.67.142.245

200 OK

14 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.1/css/all.css
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint1F:CF:A5:6E:0D:27:D7:21:A7:EA:06:61:45:FF:37:40:1C:7D:5B:36
ValidityMon, 09 Sep 2024 23:18:38 GMT - Mon, 09 Dec 2024 00:18:34 GMT

File type
ASCII text, with very long lines (54926)
Size
14 kB (14014 bytes)
Hash
e4c542a7f6bf6f74fdd8cdf6e8096396
3a0571a695a35f238026b9398386dc99d9a0c56d
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

HTTP Headers

GET /releases/v5.8.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
last-modified: Fri, 22 Sep 2023 01:45:55 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1580924
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KCBmN9qV8j0s9IqApO3pH7efcwmDADNSLWLkSI94GcjuEOpz424l2hW5q4H%2FTwHHZiUGSM%2BtjBbb2BsdVjjs2kAQNzJQnmIbRkFNusRyTZUw1bdy6TudOMf8qwEL9vpIaR1YZAcm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c7bb5d1edeb568b-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET blox-tools.xyz/assets/css/responsive.css

68.66.200.213

200 OK

828 B

URL GET HTTP/3
blox-tools.xyz/assets/css/responsive.css
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
ASCII text
Size
828 B (828 bytes)
Hash
60016ee14508a83305718fe5709d6505
5af2b4369bb439ba9c7e6a715402ff6bd086520a
7a4c6a5e898ac7b731e562686ab669badba22ef88273335ca6e129a64a404b8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/responsive.css HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/assets/css/imports_new.css
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: max-age=604800, public
expires: Mon, 30 Sep 2024 15:53:54 GMT
content-type: text/css
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 828
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
783d8759e48ca5283d591c5ca5f9f0e0
6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5
0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15293
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 15:53:54 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
783d8759e48ca5283d591c5ca5f9f0e0
6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5
0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15293
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 15:53:54 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
783d8759e48ca5283d591c5ca5f9f0e0
6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5
0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15293
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 15:53:54 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
783d8759e48ca5283d591c5ca5f9f0e0
6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5
0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15293
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 15:53:54 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
783d8759e48ca5283d591c5ca5f9f0e0
6048c4da0e39f36fe6cfd9dd5bb808c119a1d8e5
0cf24f3d42d7c022209841915273c0caeb1b1e570b1dab5d5712b8bbdd6df948

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0CF24F3D42D7C022209841915273C0CAEB1B1E570B1DAB5D5712B8BBDD6DF948"
Last-Modified: Sun, 22 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15293
Expires: Mon, 23 Sep 2024 20:08:47 GMT
Date: Mon, 23 Sep 2024 15:53:54 GMT
Connection: keep-alive

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e8f07e6ed105d28a80c1ba56d82452c5
1cdf7d20c4a586b808786925ce7c59e63a748ea1
4134c66a0a4479c05d93e21ebfabdfdd90de327102e9f9a1623d51f68e458720

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Sep 2024 15:53:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.67

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEA:6A:C6:A3:F6:90:16:40:23:03:8F:A5:6F:71:11:F6:FA:B7:5F:C3
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blox-tools.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Sep 2024 16:27:58 GMT
expires: Fri, 19 Sep 2025 16:27:58 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
content-type: font/woff2
age: 343556
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.74.67

200 OK

7.8 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEA:6A:C6:A3:F6:90:16:40:23:03:8F:A5:6F:71:11:F6:FA:B7:5F:C3
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blox-tools.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Sep 2024 15:06:30 GMT
expires: Fri, 19 Sep 2025 15:06:30 GMT
cache-control: public, max-age=31536000
age: 348444
last-modified: Fri, 22 Mar 2024 00:00:32 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2

172.67.142.245

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint1F:CF:A5:6E:0D:27:D7:21:A7:EA:06:61:45:FF:37:40:1C:7D:5B:36
ValidityMon, 09 Sep 2024 23:18:38 GMT - Mon, 09 Dec 2024 00:18:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74256, version 329.-17761
Size
74 kB (74256 bytes)
Hash
418dad87601f9c8abd0e5798c0dc1feb
a6b003ef506e92d05cde73adf67487d7fd7ec6df
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe

HTTP Headers

GET /releases/v5.8.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blox-tools.xyz
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: font/woff2
content-length: 74256
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "418dad87601f9c8abd0e5798c0dc1feb"
last-modified: Fri, 22 Sep 2023 01:45:57 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 284581
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UhYqGhOmse6yLPWMVeWpiozDg5cvG1WiiXmmSQnGrwZ7Vv5ZZ4x0kWb6nbWZfPJxc11Z38kkvSFBRkSGyCrh6e7JoqiKD5sl7zgTAMokk2F1q60CCQ%2FkT5acP01YQeSLTxMrps5d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c7bb5d6092e56c1-OSL
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

142.250.74.67

200 OK

8.0 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEA:6A:C6:A3:F6:90:16:40:23:03:8F:A5:6F:71:11:F6:FA:B7:5F:C3
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8000, version 1.0
Size
8.0 kB (8000 bytes)
Hash
72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

GET /s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blox-tools.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Sep 2024 15:06:02 GMT
expires: Fri, 19 Sep 2025 15:06:02 GMT
cache-control: public, max-age=31536000
age: 348472
last-modified: Fri, 22 Mar 2024 00:00:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

142.250.74.67

200 OK

7.8 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEA:6A:C6:A3:F6:90:16:40:23:03:8F:A5:6F:71:11:F6:FA:B7:5F:C3
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7840, version 1.0
Size
7.8 kB (7840 bytes)
Hash
8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

HTTP Headers

GET /s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blox-tools.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Sep 2024 15:11:43 GMT
expires: Fri, 19 Sep 2025 15:11:43 GMT
cache-control: public, max-age=31536000
age: 348131
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.woff2?t=1590207869815

104.18.187.31

200 OK

125 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.woff2?t=1590207869815
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 125268, version 1.0
Size
125 kB (125268 bytes)
Hash
9915fef980fa539085da55b84dfde760
4d375abf43ed18aa54264c1b59714b0a59c593a4
e61f0d10c8cac8cd0ecb36790d6cce883380c0b185ff3c9bf849ed336ba8285c

HTTP Headers

GET /npm/remixicon@2.5.0/fonts/remixicon.woff2?t=1590207869815 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blox-tools.xyz
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: font/woff2
content-length: 125268
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 2.5.0
x-jsd-version-type: version
etag: W/"1e954-TTdav0PtGKpUJkwbWXFLClnFk6Q"
x-served-by: cache-fra-eddf8230122-FRA, cache-lga21921-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 8838460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ko6hyHENbgJWBo6dlxT9GYmE%2BtnKo4M6pCutbVFbyuKIyGsodF641gYQlXG2DFx2sdRcpKwl8Q%2BBj2iECGNxr3tKZ8qiCcv2iEwD8pAnNYnuo2ICfurnzXvZxNf7zt%2FVIs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c7bb5d5fdf30b59-OSL
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e8f07e6ed105d28a80c1ba56d82452c5
1cdf7d20c4a586b808786925ce7c59e63a748ea1
4134c66a0a4479c05d93e21ebfabdfdd90de327102e9f9a1623d51f68e458720

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Sep 2024 15:53:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET blox-tools.xyz/assets/img/logo.png

68.66.200.213

200 OK

6.3 kB

URL GET HTTP/3
blox-tools.xyz/assets/img/logo.png
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
PNG image data, 250 x 250, 8-bit gray+alpha, non-interlaced
Size
6.3 kB (6278 bytes)
Hash
00034f7dfc4005c883780932482acbb7
17c27d3ea7b48508ad2cb58825695ab871c67dca
547139f52c542012d551dc5d3a11659fb4cf88db37ba5dc51a9e7b42b23dd6e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/logo.png HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: max-age=604800, public
expires: Mon, 30 Sep 2024 15:53:55 GMT
content-type: image/png
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-length: 6278
date: Mon, 23 Sep 2024 15:53:55 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

GET blox-tools.xyz/videos/CopyGames.mp4

68.66.200.213

206 Partial Content

218 kB

URL GET HTTP/3
blox-tools.xyz/videos/CopyGames.mp4
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
data
Size
218 kB (218366 bytes)
Hash
fc6cf16f4e869f054d1bb83ed6fe10ff
c99b480b860a9735f2b5a4e3ed8a070220600f86
8c052ddde007156885d61db4db0d3e47851ec699a5891d36bbcd490d98f55188

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /videos/CopyGames.mp4 HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=25657344-
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
content-type: video/mp4
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
content-range: bytes 25657344-25875709/25875710
content-length: 218366
date: Mon, 23 Sep 2024 15:53:55 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

GET fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,100;1,200;1,300;1,400;1,500;1,600;1,700&display=swap

142.250.74.74

200 OK

11 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,100;1,200;1,300;1,400;1,500;1,600;1,700&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC6:E8:36:27:AB:3A:34:33:0B:85:2C:D8:6C:0A:74:34:71:6A:F5:62
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
ASCII text
Size
11 kB (11189 bytes)
Hash
7c9f4090f0457c9d52d9524ebb388ccb
0ceb1ce4a2a1e5abfa105434190dbdf535f250a9
ac7702ff80eae30b61fd4583a76a3afa047ba81a79f57c92253d21f1c3c07ef1

HTTP Headers

GET /css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,100;1,200;1,300;1,400;1,500;1,600;1,700&amp;display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 23 Sep 2024 15:53:54 GMT
date: Mon, 23 Sep 2024 15:53:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET unpkg.com/aos@2.3.1/dist/aos.css

104.17.249.203

200 OK

26 kB

URL GET HTTP/2
unpkg.com/aos@2.3.1/dist/aos.css
IP
104.17.249.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type
ASCII text, with very long lines (26053), with no line terminators
Size
26 kB (26053 bytes)
Hash
847da8fca8060ca1a70f976aab1210b9
0557d37454b67f42f2cb101e57e5070fb1193570
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

HTTP Headers

GET /aos@2.3.1/dist/aos.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Thu, 17 May 2018 22:11:13 GMT
etag: "65c5-BVfTdFS2f0LyyxAeV+UHD7EZNXA"
via: 1.1 fly.io
fly-request-id: 01J087JGCNCBQ7X30J39AHS41E-arn
cf-cache-status: HIT
age: 8843533
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8c7bb5d1c96a56a5-OSL
X-Firefox-Spdy: h2

GET blox-tools.xyz/assets/css/new/custom.css

68.66.200.213

200 OK

9.4 kB

URL GET HTTP/3
blox-tools.xyz/assets/css/new/custom.css
IP
68.66.200.213:443
ASN
#55293 A2HOSTING

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type
ASCII text, with very long lines (9424), with no line terminators
Size
9.4 kB (9424 bytes)
Hash
4fd74ffdf37a68b5bf1e481a7717d541
d90db0292973f24b3d124e108333a79212e37643
90eb95757fd574353eaf313058ae08c4fd8b51264e5e971acde6b3df3afa8c56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/new/custom.css HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/assets/css/imports_new.css
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: max-age=604800, public
expires: Mon, 30 Sep 2024 15:53:54 GMT
content-type: text/css
last-modified: Sat, 24 Aug 2024 16:12:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1955
date: Mon, 23 Sep 2024 15:53:54 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

GET blox-tools.xyz/favicon.ico

0.0.0.0

0 B

URL GET
blox-tools.xyz/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerLet's Encrypt
Subjectmail.blox-tools.xyz
Fingerprint03:62:92:F1:02:AF:07:57:0F:A3:53:7D:27:14:2B:F8:30:93:F1:01
ValiditySun, 08 Sep 2024 23:14:21 GMT - Sat, 07 Dec 2024 23:14:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: blox-tools.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Cookie: wssplashuid=254d3e12369dcd1bc3dd42d422e9c20a8952c5c3.1727110433.1; PHPSESSID=gisme4e4oce6a9m40orguhs514
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

GET unpkg.com/aos@2.3.1/dist/aos.js

104.17.249.203

200 OK

14 kB

URL GET HTTP/2
unpkg.com/aos@2.3.1/dist/aos.js
IP
104.17.249.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blox-tools.xyz/V8nGameStealer/?__im-PpLAEAZk=8925337967422073780
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type
JavaScript source, ASCII text, with very long lines (14239), with no line terminators
Size
14 kB (14239 bytes)
Hash
70b4897108480dbe11c443c2ab7679c9
70dbfd38a0f1fc3b1a7d9fadab58786484c34f17
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e

HTTP Headers

GET /aos@2.3.1/dist/aos.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blox-tools.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 23 Sep 2024 15:53:54 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Thu, 17 May 2018 22:11:13 GMT
etag: "379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
via: 1.1 fly.io
fly-request-id: 01J214KSJRE0NRDRKMW6RM2CTC-arn
cf-cache-status: HIT
age: 6934034
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8c7bb5d1f9df56a5-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (44)

URL

IP

ASN