Report - 150.230.218.160:3500/wqj/nas-xunlei

Report Overview

Visited public
2023-10-29 08:28:29
Tags
URL
150.230.218.160:3500/wqj/nas-xunlei
Finishing URL
150.230.218.160:3500/wqj/nas-xunlei
IP / ASN
150.230.218.160
#31898 ORACLE-BMC-31898
Title
wqj/nas-xunlei: Linux迅雷下载服务（支持openwrt/lede），移植自群晖迅雷套件 - nas-xunlei - 老健的git

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
150.230.218.160:3500	unknown	unknown	No data	No data	4.0 kB	633 kB	150.230.218.160
img.shields.io	48293	2013-02-18	2013-11-01 01:22:36	2023-10-28 05:57:33	2.1 kB	8.7 kB	172.64.194.2
github.com	1423	2007-10-09	2016-07-13 12:28:22	2023-09-20 18:48:10	434 B	4.7 kB	140.82.121.3
secure.gravatar.com	1671	2004-07-15	2012-05-22 07:36:38	2023-10-28 19:22:59	438 B	3.4 kB	192.0.73.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-29 08:28:12	low	150.230.218.160	Client IP	ET INFO Git Service Hosted with Gittea

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-29	medium	150.230.218.160	Sinkholed
2023-10-29	medium	150.230.218.160	Sinkholed
2023-10-29	medium	150.230.218.160	Sinkholed
2023-10-29	medium	150.230.218.160	Sinkholed
2023-10-29	medium	150.230.218.160	Sinkholed
2023-10-29	medium	150.230.218.160	Sinkholed
2023-10-29	medium	150.230.218.160	Sinkholed
2023-10-29	medium	150.230.218.160	Sinkholed
2023-10-29	medium	150.230.218.160	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	150.230.218.160:3500/wqj/nas-xunlei	1.0 kB	2024-08-20 21:57	2024-08-20 21:57
Pretty URL 150.230.218.160:3500/wqj/nas-xunlei IP 150.230.218.160 ASN #31898 ORACLE-BMC-31898 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 21:57 Last Seen2024-08-20 21:57 Times Seen1 Hash 8226ef7ca8f5b6570eb58d49633583c5 c9469614cf53d51131809f019c1d7e74a84e363d 0ab87f722cda8c8148f4d570c9fa418b5286e28f1845f703e441f804f88d0d38 Loading...

	150.230.218.160:3500/assets/js/webcomponents.js?v=1.20.0~dev	415 B	2023-05-21 01:42	2023-10-29 09:28
Pretty URL 150.230.218.160:3500/assets/js/webcomponents.js?v=1.20.0~dev IP 150.230.218.160 ASN #31898 ORACLE-BMC-31898 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-21 01:42 Last Seen2023-10-29 09:28 Times Seen1 Hash 3b17cea46352fdc26792c3b9d8913f36 cd9c7b96a1e485d7f3576218e78f6d1ee31f2dee 12b822b62b2942dacff9550afe73732e2af21329d7e5c2122fb7c7c08e3856b3 Loading...

	150.230.218.160:3500/wqj/nas-xunlei	1.1 kB	2023-05-21 01:42	2024-08-20 21:57
Pretty URL 150.230.218.160:3500/wqj/nas-xunlei IP 150.230.218.160 ASN #31898 ORACLE-BMC-31898 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-21 01:42 Last Seen2024-08-20 21:57 Times Seen1 Hash 94842b01686d22caa739108d2516f5c3 c29dbf471736ef8ba842e31a5edffe310baed0eb 169b5a5ba38dbf63f364685cfde455705208749b7fb5508eda3c955be5b4019e Loading...

	150.230.218.160:3500/assets/js/index.js?v=1.20.0~dev	1.1 MB	2023-10-29 09:28	2023-10-29 09:28
Pretty URL 150.230.218.160:3500/assets/js/index.js?v=1.20.0~dev IP 150.230.218.160 ASN #31898 ORACLE-BMC-31898 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 09:28 Last Seen2023-10-29 09:28 Times Seen1 Hash b990344de28aa3d1411e68f3a89396cc c3a631322c2ad69fed49fae615f85afbe1ba9726 4779e8c538940aa67b5f3025ffa3d184bbdf69e28af12ff6307fb9eb74237fec Loading...

	unknown	11 kB	2024-08-20 21:57	2024-08-20 21:57
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-20 21:57 Last Seen2024-08-20 21:57 Times Seen1 Hash 47fce6da6c5d3d6343b14cea38191266 1ea627c8cc134c7921da3027e642c5864a309fc9 4a544134b15c8a14deb0d7ec7c3cb2a97e4e27d1dbfdb4f9b3c4c69546b8ffc0 Loading...

	unknown	414 B	2023-05-21 01:42	2024-08-20 21:57
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-05-21 01:42 Last Seen2024-08-20 21:57 Times Seen1 Hash 2ecdd57d9d748a712b3c67466621762a 5e21d73b473109079255791a0f2fb4ac5085142f 3d0d65c29319544b6dcd1c6008eb2b161689f107105714fe3f1799d822efb53d Loading...

HTTP Transactions (16)

URL IP Response Size

150.230.218.160:3500/assets/js/webcomponents.js?v=1.20.0~dev

150.230.218.160

200 OK

275 B

URL GET HTTP/1.1
150.230.218.160:3500/assets/js/webcomponents.js?v=1.20.0~dev
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei

File type
ASCII text, with very long lines (414)
Size
275 B (275 bytes)
Hash
3b17cea46352fdc26792c3b9d8913f36
cd9c7b96a1e485d7f3576218e78f6d1ee31f2dee
12b822b62b2942dacff9550afe73732e2af21329d7e5c2122fb7c7c08e3856b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/webcomponents.js?v=1.20.0~dev HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=69f52eb8a8596ad2; _csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
Etag: "NDE1d2ViY29tcG9uZW50cy5qc1dlZCwgMjIgRmViIDIwMjMgMTM6NTA6NTQgR01U"
Last-Modified: Wed, 22 Feb 2023 13:50:54 GMT
Date: Sun, 29 Oct 2023 08:28:11 GMT
Content-Length: 275

150.230.218.160:3500/wqj/nas-xunlei

150.230.218.160

200 OK

73 kB

URL User Request GET HTTP/1.1
150.230.218.160:3500/wqj/nas-xunlei
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1398)
Size
73 kB (73122 bytes)
Hash
ed4410210447b37f9f75cde4b48469d6
11ed081146ebfa1053f32026cf3505e0be3f5fad
72c222cf4ea46e97dfa0c212482715ba5724dae52e1adba7d1e90cdba92ba458

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wqj/nas-xunlei HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate, no-transform
Content-Type: text/html; charset=UTF-8
Set-Cookie: i_like_gitea=69f52eb8a8596ad2; Path=/; HttpOnly; SameSite=Lax
_csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA; Path=/; Expires=Mon, 30 Oct 2023 08:28:10 GMT; HttpOnly; SameSite=Lax
macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
Date: Sun, 29 Oct 2023 08:28:10 GMT
Transfer-Encoding: chunked

150.230.218.160:3500/assets/css/theme-auto.css?v=1.20.0~dev

150.230.218.160

200 OK

2.4 kB

URL GET HTTP/1.1
150.230.218.160:3500/assets/css/theme-auto.css?v=1.20.0~dev
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei

File type
ASCII text, with very long lines (9502)
Size
2.4 kB (2406 bytes)
Hash
c6312e02936244f17e8043364c979cce
e180412af095beb28ff60ecfc1748a820bcebc03
e4bf0cf37d684e0c331814f14b95b90b63ec14cd5438241887716ed05ea6f512

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/theme-auto.css?v=1.20.0~dev HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=69f52eb8a8596ad2; _csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Etag: "OTUwM3RoZW1lLWF1dG8uY3NzV2VkLCAyMiBGZWIgMjAyMyAxMzo1MDo1NCBHTVQ="
Last-Modified: Wed, 22 Feb 2023 13:50:54 GMT
Date: Sun, 29 Oct 2023 08:28:11 GMT
Transfer-Encoding: chunked

img.shields.io/github/release/gngpp/xunlei.svg?style=flat

172.64.194.2

301 Moved Permanently

0 B

URL GET HTTP/2
img.shields.io/github/release/gngpp/xunlei.svg?style=flat
IP
172.64.194.2:443
ASN
#13335 CLOUDFLARENET

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei
Certificate
IssuerGoogle Trust Services LLC
Subjectshields.io
FingerprintD0:80:D0:00:3B:88:E5:7E:25:BC:5D:02:B5:9B:28:1D:C6:47:19:00
ValidityMon, 04 Sep 2023 02:40:30 GMT - Sun, 03 Dec 2023 02:40:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /github/release/gngpp/xunlei.svg?style=flat HTTP/1.1
Host: img.shields.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Sun, 29 Oct 2023 08:28:11 GMT
content-length: 0
access-control-allow-origin: *
location: /github/v/release/gngpp/xunlei.svg?style=flat
cache-control: max-age=86400, s-maxage=86400
last-modified: Wed, 25 Oct 2023 19:57:32 GMT
via: 2 fly.io
fly-request-id: 01HDX8RDZ6JCKKXDZSWCT5VXMZ-lhr
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EW78KPvY8nM0eL4c2TmicTVrzxaEOV6AplXHUQQl54EHYfgKWYwU5MynJt4yU9BG6%2FnJMGobvcm0c5VOi%2BnwnnZkw3zPp8YX0ZSPZ2BTYlYsrOEP%2FJA8J3nkl05a1UOrhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81da0b2c9ad08867-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

github.com/gngpp/xunlei/actions/workflows/CI.yml/badge.svg

140.82.121.3

200 OK

972 B

URL GET HTTP/2
github.com/gngpp/xunlei/actions/workflows/CI.yml/badge.svg
IP
140.82.121.3:443
ASN
#36459 GITHUB

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei
Certificate
IssuerDigiCert Inc
Subjectgithub.com
FingerprintA3:B5:9E:5F:E8:84:EE:1F:34:D9:8E:EF:85:8E:3F:B6:62:AC:10:4A
ValidityTue, 14 Feb 2023 00:00:00 GMT - Thu, 14 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (713)
Size
972 B (972 bytes)
Hash
fd0a7edb026b1f9bb997ce3160899e20
820eb590dab61507b820987af124ef78b68abd0a
ad5834178f7599af9fdda11629d49cae07f2997beec49821b2920eff5bfd50e7

HTTP Headers

GET /gngpp/xunlei/actions/workflows/CI.yml/badge.svg HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: GitHub.com
date: Sun, 29 Oct 2023 08:28:11 GMT
content-type: image/svg+xml; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
cache-control: max-age=300, private
etag: W/"ad5834178f7599af9fdda11629d49cae"
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.githubcopilot.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events objects-origin.githubusercontent.com *.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ wss://*.actions.githubusercontent.com github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
set-cookie: _gh_sess=bosR27GOhz6E4OSphrpuDxbHXLkhwmxpgcu6tm4377P%2BfbqwEKKokfkkOj3FXCTFHz%2FxSQrd2y7dn32gj50o2GYoN%2BHK9MfRNRoGduYW1mtYhLrQME7DnWKWFjLEKrwr2OTLKyK37i51uQKoBqWmttUYty1HgPAZeDaDsgWF%2Fkl%2BICh9gTsSwLe07WZ9SF%2FZrX3uSwBs67ZJRiu4BwViCtnHRWT62oqgLJVF7xYssKEc1PJgbPvSYQ7%2B9yi6JcXkqOD78gIuVMN8lMLl3KQkRA%3D%3D--kICcCaMHsNm9NLHD--5%2BiFkCAxO%2FMtv8PTX2lL1Q%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
_octo=GH1.1.1469648114.1698568091; Path=/; Domain=github.com; Expires=Tue, 29 Oct 2024 08:28:11 GMT; Secure; SameSite=Lax
logged_in=no; Path=/; Domain=github.com; Expires=Tue, 29 Oct 2024 08:28:11 GMT; HttpOnly; Secure; SameSite=Lax
accept-ranges: bytes
content-length: 972
x-github-request-id: ED60:D7CC:962CDF5:98C9222:653E179B
X-Firefox-Spdy: h2

150.230.218.160:3500/assets/css/index.css?v=1.20.0~dev

150.230.218.160

200 OK

135 kB

URL GET HTTP/1.1
150.230.218.160:3500/assets/css/index.css?v=1.20.0~dev
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei

File type
ASCII text, with very long lines (65536), with no line terminators
Size
135 kB (134573 bytes)
Hash
168cbcc55f8dc71867363d91b30e21a7
d2fc1893272c137d06121ce9a7f7c0695e73528d
78c08162a306d9d4db3f42b73e9320ec9f93f4104f4952fa276eeec77f1c922b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/index.css?v=1.20.0~dev HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=69f52eb8a8596ad2; _csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Etag: "ODgyMjIyaW5kZXguY3NzV2VkLCAyMiBGZWIgMjAyMyAxMzo1MDo1NCBHTVQ="
Last-Modified: Wed, 22 Feb 2023 13:50:54 GMT
Date: Sun, 29 Oct 2023 08:28:11 GMT
Transfer-Encoding: chunked

150.230.218.160:3500/assets/img/logo.svg

150.230.218.160

200 OK

1.1 kB

URL GET HTTP/1.1
150.230.218.160:3500/assets/img/logo.svg
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2207), with no line terminators
Size
1.1 kB (1078 bytes)
Hash
040de3d1e9bbfb70fd0287dac0214106
576426b10f7441422977eed04e199112110e4dfa
e50bd7150872581fe0e1d1eea9872bfe08ec15f50d800bdd699d3c49c7792100

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/logo.svg HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=69f52eb8a8596ad2; _csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: image/svg+xml
Etag: "MjIwN2xvZ28uc3ZnV2VkLCAyMiBGZWIgMjAyMyAxMzo1MDo1NCBHTVQ="
Last-Modified: Wed, 22 Feb 2023 13:50:54 GMT
Date: Sun, 29 Oct 2023 08:28:12 GMT
Content-Length: 1078

150.230.218.160:3500/avatar/5eb2d761c22b643d27aa2f3303baec26?size=72

150.230.218.160

303 See Other

115 B

URL GET HTTP/1.1
150.230.218.160:3500/avatar/5eb2d761c22b643d27aa2f3303baec26?size=72
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei

File type
HTML document, ASCII text
Size
115 B (115 bytes)
Hash
ac56576a4eae6003a494ce5290369c92
67018dd1aa8ad5160a9d14a00a680f745fcc4ca9
a7add56198af1a403055aa75e9608150f24cae7f5c087c60552371f37b24725a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avatar/5eb2d761c22b643d27aa2f3303baec26?size=72 HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=69f52eb8a8596ad2; _csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 303 See Other
Cache-Control: private, max-age=300
Content-Type: text/html; charset=utf-8
Location: https://secure.gravatar.com/avatar/5eb2d761c22b643d27aa2f3303baec26?d=identicon&s=72
Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
Date: Sun, 29 Oct 2023 08:28:12 GMT
Content-Length: 115

150.230.218.160:3500/assets/fonts/icons.9451d5fe.woff2

150.230.218.160

200 OK

79 kB

URL GET HTTP/1.1
150.230.218.160:3500/assets/fonts/icons.9451d5fe.woff2
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei

File type
Web Open Font Format (Version 2), TrueType, length 79444, version 331.524\012- data
Size
79 kB (79444 bytes)
Hash
b15db15f746f29ffa02638cb455b8ec0
75a88815c47a249eadb5f0edc1675957f860cca7
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/icons.9451d5fe.woff2 HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://150.230.218.160:3500/assets/css/index.css?v=1.20.0~dev
Cookie: i_like_gitea=69f52eb8a8596ad2; _csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Length: 79444
Content-Type: font/woff2
Etag: "Nzk0NDRpY29ucy45NDUxZDVmZS53b2ZmMldlZCwgMjIgRmViIDIwMjMgMTM6NTA6NTQgR01U"
Last-Modified: Wed, 22 Feb 2023 13:50:54 GMT
Date: Sun, 29 Oct 2023 08:28:12 GMT

150.230.218.160:3500/assets/js/index.js?v=1.20.0~dev

150.230.218.160

200 OK

338 kB

URL GET HTTP/1.1
150.230.218.160:3500/assets/js/index.js?v=1.20.0~dev
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei

File type
ASCII text, with very long lines (29667)
Size
338 kB (337802 bytes)
Hash
b990344de28aa3d1411e68f3a89396cc
c3a631322c2ad69fed49fae615f85afbe1ba9726
4779e8c538940aa67b5f3025ffa3d184bbdf69e28af12ff6307fb9eb74237fec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/index.js?v=1.20.0~dev HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=69f52eb8a8596ad2; _csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
Etag: "MTA3MTMwM2luZGV4LmpzV2VkLCAyMiBGZWIgMjAyMyAxMzo1MDo1NCBHTVQ="
Last-Modified: Wed, 22 Feb 2023 13:50:54 GMT
Date: Sun, 29 Oct 2023 08:28:11 GMT
Transfer-Encoding: chunked

secure.gravatar.com/avatar/5eb2d761c22b643d27aa2f3303baec26?d=identicon&s=72

192.0.73.2

200 OK

2.9 kB

URL GET HTTP/2
secure.gravatar.com/avatar/5eb2d761c22b643d27aa2f3303baec26?d=identicon&s=72
IP
192.0.73.2:443
ASN
#2635 AUTOMATTIC

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei
Certificate
IssuerSectigo Limited
Subject*.gravatar.com
Fingerprint40:4E:21:9D:74:27:BC:64:DC:8B:81:06:B1:0E:76:4E:0D:AE:2B:C6
ValidityWed, 23 Nov 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Size
2.9 kB (2937 bytes)
Hash
7c906a56681c9526304d52f6f595de7c
99d047eb8c8053938a982ef0694b9edbd2d3b85a
1eeca08196e7f965e1dbddcf17b6f3a161f86762884497246c67feea1e53e373

HTTP Headers

GET /avatar/5eb2d761c22b643d27aa2f3303baec26?d=identicon&s=72 HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 29 Oct 2023 08:28:13 GMT
content-type: image/png
content-length: 2937
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://gravatar.com/avatar/5eb2d761c22b643d27aa2f3303baec26?d=identicon&s=72>; rel="canonical"
access-control-allow-origin: *
expires: Sun, 29 Oct 2023 08:33:13 GMT
cache-control: max-age=300
x-nc: MISS arn 1
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

150.230.218.160:3500/assets/img/favicon.svg

150.230.218.160

200 OK

1.1 kB

URL GET HTTP/1.1
150.230.218.160:3500/assets/img/favicon.svg
IP
150.230.218.160:3500
ASN
#31898 ORACLE-BMC-31898

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2207), with no line terminators
Size
1.1 kB (1078 bytes)
Hash
040de3d1e9bbfb70fd0287dac0214106
576426b10f7441422977eed04e199112110e4dfa
e50bd7150872581fe0e1d1eea9872bfe08ec15f50d800bdd699d3c49c7792100

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/favicon.svg HTTP/1.1
Host: 150.230.218.160:3500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: i_like_gitea=69f52eb8a8596ad2; _csrf=8kqd8YyZ26Iew83w1RRb5cNQdQ06MTY5ODU2ODA5MDYyOTAwMDY2MA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, max-age=21600
Content-Encoding: gzip
Content-Type: image/svg+xml
Etag: "MjIwN2Zhdmljb24uc3ZnV2VkLCAyMiBGZWIgMjAyMyAxMzo1MDo1NCBHTVQ="
Last-Modified: Wed, 22 Feb 2023 13:50:54 GMT
Date: Sun, 29 Oct 2023 08:28:13 GMT
Content-Length: 1078

img.shields.io/docker/pulls/gngpp/xunlei.svg

172.64.194.2

200 OK

1.2 kB

URL GET HTTP/2
img.shields.io/docker/pulls/gngpp/xunlei.svg
IP
172.64.194.2:443
ASN
#13335 CLOUDFLARENET

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei
Certificate
IssuerGoogle Trust Services LLC
Subjectshields.io
FingerprintD0:80:D0:00:3B:88:E5:7E:25:BC:5D:02:B5:9B:28:1D:C6:47:19:00
ValidityMon, 04 Sep 2023 02:40:30 GMT - Sun, 03 Dec 2023 02:40:29 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1275), with no line terminators
Size
1.2 kB (1157 bytes)
Hash
605f46b49a57629da6269ab8f2e763ec
e0882e44a27eeb3d637d3340e07b5d20232aae5b
4ad1b377913185a7468704a16780e804df8339543899e510a592a5165ec10892

HTTP Headers

GET /docker/pulls/gngpp/xunlei.svg HTTP/1.1
Host: img.shields.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 29 Oct 2023 08:28:11 GMT
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400, s-maxage=14400
expires: Sun, 29 Oct 2023 12:28:11 GMT
via: 2 fly.io
fly-request-id: 01HDX8RDZ91TWP8GVR8BGNB4RZ-lhr
cf-cache-status: MISS
last-modified: Sun, 29 Oct 2023 08:28:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pn%2FCgq1t%2Fcy7LTeM20RgQ%2BdQk2xvE3QSGEfdz38ct93UrbBk7LPDC35daXdy0ku9L3v2%2BHHrCn8yLuRQAM3diH6m0uA6w1IGVZ1RS7CaIPnD588SOsADNa5Pj4UcSWUNCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81da0b2c9ad38867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.shields.io/github/downloads/gngpp/xunlei/total?style=flat&?

172.64.194.2

200 OK

1.1 kB

URL GET HTTP/2
img.shields.io/github/downloads/gngpp/xunlei/total?style=flat&?
IP
172.64.194.2:443
ASN
#13335 CLOUDFLARENET

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei
Certificate
IssuerGoogle Trust Services LLC
Subjectshields.io
FingerprintD0:80:D0:00:3B:88:E5:7E:25:BC:5D:02:B5:9B:28:1D:C6:47:19:00
ValidityMon, 04 Sep 2023 02:40:30 GMT - Sun, 03 Dec 2023 02:40:29 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1260), with no line terminators
Size
1.1 kB (1142 bytes)
Hash
883883bfcd54716b28094a4145c8c85f
b4c63d4c4eebad60cd6d418b5c65183ce6fefffc
de37dd57f757fec42e100bce42997e98c361f592d48e44bbaae3676b268da4a0

HTTP Headers

GET /github/downloads/gngpp/xunlei/total?style=flat&? HTTP/1.1
Host: img.shields.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 29 Oct 2023 08:28:12 GMT
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=900, s-maxage=900
expires: Sun, 29 Oct 2023 08:43:12 GMT
via: 2 fly.io
fly-request-id: 01HDX8RDZDTHAB6EJCTT8Y3BYR-lhr
cf-cache-status: MISS
last-modified: Sun, 29 Oct 2023 08:28:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oMg5nL3W%2FmoxiGESvq%2F2Vnpb0XuhZZAy%2BkIAXPOQ%2BC0%2BWFcXA8STPNCoq5J%2Blwl6wxc7ENNWuV6cTyqCnoLl8DW1hBCf5rDGNndYd1DT%2BMMsZ%2Fmnhmh4tErWTLk4DNm4sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81da0b2c9ad28867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.shields.io/github/v/release/gngpp/xunlei.svg?style=flat

172.64.194.2

200 OK

1.2 kB

URL GET HTTP/2
img.shields.io/github/v/release/gngpp/xunlei.svg?style=flat
IP
172.64.194.2:443
ASN
#13335 CLOUDFLARENET

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei
Certificate
IssuerGoogle Trust Services LLC
Subjectshields.io
FingerprintD0:80:D0:00:3B:88:E5:7E:25:BC:5D:02:B5:9B:28:1D:C6:47:19:00
ValidityMon, 04 Sep 2023 02:40:30 GMT - Sun, 03 Dec 2023 02:40:29 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1279), with no line terminators
Size
1.2 kB (1161 bytes)
Hash
ff12a2b4edb19f41bb25a99bcc9c5107
d8a26290482293e4c36170e67bdc8f2584505346
548a3f84272cc2a23c53f5dc4ea9e918fdcae53cc86a2142dac6f7748e97e708

HTTP Headers

GET /github/v/release/gngpp/xunlei.svg?style=flat HTTP/1.1
Host: img.shields.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 29 Oct 2023 08:28:12 GMT
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=300, s-maxage=300
expires: Sun, 29 Oct 2023 08:33:12 GMT
via: 2 fly.io
fly-request-id: 01HDX8RE5BZBKYM0YGD67EB7N6-lhr
cf-cache-status: MISS
last-modified: Sun, 29 Oct 2023 08:28:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IfHqSbwEM5dymzaiHm63nsEXssQuS7BQsitKMnMepDUypiG3K1RbjKfgtx50%2BEr%2BRqrRE87P7gydD1Ue6P8A4Jo0W%2FWC2so1MPoCE1pP2hZDRr7hiqtWkqqxKpD0W5Folw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81da0b2dcc9f8867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.shields.io/github/license/gngpp/xunlei?style=flat

172.64.194.2

200 OK

1.1 kB

URL GET HTTP/2
img.shields.io/github/license/gngpp/xunlei?style=flat
IP
172.64.194.2:443
ASN
#13335 CLOUDFLARENET

Requested by
http://150.230.218.160:3500/wqj/nas-xunlei
Certificate
IssuerGoogle Trust Services LLC
Subjectshields.io
FingerprintD0:80:D0:00:3B:88:E5:7E:25:BC:5D:02:B5:9B:28:1D:C6:47:19:00
ValidityMon, 04 Sep 2023 02:40:30 GMT - Sun, 03 Dec 2023 02:40:29 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1248), with no line terminators
Size
1.1 kB (1130 bytes)
Hash
7ae1a34d4d18e83f81e17fe88d280b1e
cb42b476de3ccf07a265cd12a0d327287825172a
9d19ef6f88283f50938f73869c309a4cd2248cf4018385141b053b053c4fdc79

HTTP Headers

GET /github/license/gngpp/xunlei?style=flat HTTP/1.1
Host: img.shields.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 29 Oct 2023 08:28:11 GMT
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=3600
expires: Sun, 29 Oct 2023 09:28:11 GMT
via: 2 fly.io
fly-request-id: 01HDX8RDZGRHBQCB6X7B0XA3V9-lhr
cf-cache-status: MISS
last-modified: Sun, 29 Oct 2023 08:28:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8JGnaSI1qH4Os3vkG8pMgfLf999WK%2FTcytLnv8mVBQbQFR66xrt5%2BTnYLoFnpU3b6758R6st8TiUucHpcQXo5xBjABtB6h8aLZIF57RC9moQrjhEQuGoCTQ%2FNtZn7huM%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81da0b2c9ace8867-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by