Report - saint2.su/embed/fZfZicAe2Ba

Report Overview

Visited public
2024-05-02 19:05:31
Tags
URL
saint2.su/embed/fZfZicAe2Ba
Finishing URL
saint2.su/embed/fZfZicAe2Ba
IP / ASN
91.149.226.78
#201744 Bulletnet Ltd
Title
32581b2d4c9cbb7620e0dff7f1767374.mp4

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-05-01 20:33:00	846 B	73 kB	104.17.25.14
fonts.bunny.net	unknown	1999-11-22	2022-03-21 08:38:02	2024-05-01 14:34:37	926 B	22 kB	194.242.11.186
68aq8q352.com	unknown	2024-04-27	2024-04-28 12:16:07	2024-05-01 16:10:32	1.9 kB	111 kB	212.117.190.210
thumbs-saint-to.bunkr.ru	unknown	2022-08-25	2023-11-05 05:18:15	2024-02-29 21:36:20	449 B	64 kB	104.22.41.103
cdn.plyr.io	14223	2015-02-16	2015-03-05 07:48:14	2024-05-01 11:23:40	1.2 kB	75 kB	104.27.195.88
saint2.su	unknown	2024-02-05	2024-02-05 14:02:28	2024-03-23 00:33:42	2.4 kB	72 kB	91.149.226.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	68aq8q352.com	Sinkholed
2024-05-02	medium	68aq8q352.com	Sinkholed
2024-05-02	medium	68aq8q352.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	68aq8q352.com/aas/r45d/vki/2021529/8dbd2c8c.js	ScriptElement	106 kB	2024-05-02	2024-08-20
Pretty URL 68aq8q352.com/aas/r45d/vki/2021529/8dbd2c8c.js IP 212.117.190.210 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 05:23 Last Seen2024-08-20 01:19 Times Seen2 Hash 29fb8e7b0a97af3f20138643f135599b 551b9250615cb2cd19f223425e26af66fb900916 d6cd233b92dbeccac8e0cf8606a5b2f7d123e9fcb7222dc56191991a61dfac83 Loading...

	68aq8q352.com/get/2021529?zoneid=2021529&jp=_cld6j07zoopl6m9odx402x&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334497703312384&eclog=0&im=1&uf=0	ScriptElement	2.9 kB	2024-08-20	2024-08-20
Pretty URL 68aq8q352.com/get/2021529?zoneid=2021529&jp=_cld6j07zoopl6m9odx402x&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334497703312384&eclog=0&im=1&uf=0 IP 212.117.190.210 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 01:09 Last Seen2024-08-20 01:09 Times Seen1 Hash 50c88ef27b9f1ba196ddd836b548f900 23bf29561aa4f92056129fcb38678bf20fc2645d 26dfab505676fde23e9bc461e343004ba2ad874721c2a1f108f4146ad99c2cc9 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.js	ScriptElement	289 kB	2023-03-07	2025-06-12
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-06-12 19:21 Times Seen3672 Hash 2849239b95f5a9a2aea3f6ed9420bb88 af32f706407ab08f800c5e697cce92466e735847 1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239 Loading...

	saint2.su/embed/fZfZicAe2Ba	ScriptElement	1.1 kB	2024-05-02	2024-08-20
Pretty URL saint2.su/embed/fZfZicAe2Ba IP 91.149.226.78 ASN #201744 Bulletnet Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 05:23 Last Seen2024-08-20 01:19 Times Seen3 Hash d102b26dab96bca9369f0de93209eced f0cbf2575a41b8c4a328a126a79433c7495b526f ae97807820efc94fd1321e83e86d02194d25f1172005188ce4a9845ba429244a Loading...

	saint2.su/embed/fZfZicAe2Ba	ScriptElement	1.8 kB	2024-08-20	2024-08-20
Pretty URL saint2.su/embed/fZfZicAe2Ba IP 91.149.226.78 ASN #201744 Bulletnet Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 01:09 Last Seen2024-08-20 01:09 Times Seen1 Hash 8a0abe1cc952bd6f99dff39a11726056 d89ab055a9bd6eef2224f5af35ba4a803c6c1921 ac47e82b16344e74011cb7033e00fac8c9de8aafdc89908ff0b088f5c7c7fd77 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.3.1/jquery.cookie.js	ScriptElement	2.1 kB	2023-03-07	2025-06-06
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.3.1/jquery.cookie.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-06-06 20:44 Times Seen122 Hash 86bfb3ae149e79524eafbcd1cd0a613a 4c7b840648637688378d746f24037cfdc7a5d2d0 5f8d4cdb53aa201c8dd93712d1342157480d75d03859ea50656ab9ab3d298d30 Loading...

	cdn.plyr.io/3.7.8/plyr.js	ScriptElement	113 kB	2023-07-02	2025-06-12
Pretty URL cdn.plyr.io/3.7.8/plyr.js IP 104.27.195.88 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-02 08:01 Last Seen2025-06-12 04:29 Times Seen125 Hash 937aa0b508e5b8c675ccc9e44c1158af ab39c0e9b0ab16e21b410d0ae43a6756c741c0ba 4bdc4c42a18797aaabe38f455613328f0b27fc5279a907b0fac82c6ab2bcc67a Loading...

	saint2.su/embed/fZfZicAe2Ba	ScriptElement	812 B	2024-05-02	2024-08-20
Pretty URL saint2.su/embed/fZfZicAe2Ba IP 91.149.226.78 ASN #201744 Bulletnet Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 05:23 Last Seen2024-08-20 01:19 Times Seen3 Hash ca4c655b625145d81bff554dcffa0ad6 d46cefd8863ec002c9cdc968bdfc46a4c38fd154 76d0374c9c38dbfe45b9d317230219de5e787dfb23306c05d733a61198d1ca7d Loading...

	saint2.su/embed/fZfZicAe2Ba	ScriptElement	12 kB	2024-05-02	2024-08-20
Pretty URL saint2.su/embed/fZfZicAe2Ba IP 91.149.226.78 ASN #201744 Bulletnet Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 05:23 Last Seen2024-08-20 01:19 Times Seen3 Hash e652273182489eb5ce719bd52bf9c751 c2e44df0a8092b75f72379f1a82ab79dcd4c5823 5015c11dbbd6a721c05bd4be6aaa620917e1d65fcb9ed3003eec7a746ccf53e9 Loading...

HTTP Transactions (16)

URL IP Response Size

saint2.su/embed/fZfZicAe2Ba

91.149.226.78

200 OK

7.1 kB

URL User Request GET HTTP/1.1
saint2.su/embed/fZfZicAe2Ba
IP
91.149.226.78:443
ASN
#201744 Bulletnet Ltd

Certificate
IssuerLet's Encrypt
Subjectsaint2.su
FingerprintD8:91:2E:43:4A:2A:D0:43:F7:AC:98:03:5C:7B:C0:39:0E:78:3B:E1
ValidityFri, 05 Apr 2024 13:19:55 GMT - Thu, 04 Jul 2024 13:19:54 GMT

File type
HTML document, ASCII text, with very long lines (12263)
Size
7.1 kB (7097 bytes)
Hash
7bf164404a32ce3cd1132fbd6b91526a
266538ce75c15394616015aa79eac32f00c60910
040210b8556c4badd1e505be6f0bb3e2618b9a9049334e40c4aaddf9341b9766

HTTP Headers

GET /embed/fZfZicAe2Ba HTTP/1.1
Host: saint2.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 May 2024 19:05:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=jcvetehvh96hijnsl2mqdop4s6; path=/; domain=.saint2.su
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Encoding: gzip

saint2.su/css/player-additional.css

91.149.226.78

200 OK

1.8 kB

URL GET HTTP/1.1
saint2.su/css/player-additional.css
IP
91.149.226.78:443
ASN
#201744 Bulletnet Ltd

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerLet's Encrypt
Subjectsaint2.su
FingerprintD8:91:2E:43:4A:2A:D0:43:F7:AC:98:03:5C:7B:C0:39:0E:78:3B:E1
ValidityFri, 05 Apr 2024 13:19:55 GMT - Thu, 04 Jul 2024 13:19:54 GMT

File type
ASCII text
Size
1.8 kB (1775 bytes)
Hash
e194d3d68856c327660b808aec8a951b
110cac6be49b37530e50f74076b7042d6b75fefb
4bb8e34961f5716ecb8cf3e95e6473c4066bdfde2e05e72e5a1f6312ba480120

HTTP Headers

GET /css/player-additional.css HTTP/1.1
Host: saint2.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/embed/fZfZicAe2Ba
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=jcvetehvh96hijnsl2mqdop4s6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 May 2024 19:05:05 GMT
Content-Type: text/css
Last-Modified: Fri, 19 Apr 2024 17:02:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6622a397-19c7"
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Encoding: gzip

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.3.1/jquery.cookie.js

104.17.25.14

200 OK

789 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.3.1/jquery.cookie.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
789 B (789 bytes)
Hash
86bfb3ae149e79524eafbcd1cd0a613a
4c7b840648637688378d746f24037cfdc7a5d2d0
5f8d4cdb53aa201c8dd93712d1342157480d75d03859ea50656ab9ab3d298d30

HTTP Headers

GET /ajax/libs/jquery-cookie/1.3.1/jquery.cookie.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://saint2.su
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 19:05:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 789
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-85e"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 81121
expires: Tue, 22 Apr 2025 19:05:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eU2c2%2Bqxxj1pT5Ta2CNBIEMuO5hgA85Rx%2BM8%2B1JLvh3riCykb2nu6FyxhACljKM4bMWcHATboyJNqbuKvqy%2BnLPnTP7Bk%2BfnUJmrir05MCQRAuv%2BgmzDymLqqy8IabYbKm9Dna%2Bt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87da47e26f89b523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.js

104.17.25.14

200 OK

70 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
70 kB (70371 bytes)
Hash
2849239b95f5a9a2aea3f6ed9420bb88
af32f706407ab08f800c5e697cce92466e735847
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://saint2.su
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 19:05:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 70371
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-46744"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 78491
expires: Tue, 22 Apr 2025 19:05:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35dxGMwIBEG0ZukP%2FnjKjwkKv1%2Btwg9uzWghxrWLa4VNzB%2FgsCbtH9beaRjY87kMSZgvV9dMqkibjcQkGjTf%2BmwQJiUVujalhTwr8YIHXCSEU4N%2FKJj01SzJs0teN6LO7khsAL2q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87da47e26f9cb523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2

194.242.11.186

200 OK

18 kB

URL GET HTTP/2
fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerLet's Encrypt
Subjectfonts.bunny.net
FingerprintCB:89:86:8E:6D:0A:E5:60:AF:D4:50:FD:A4:62:99:B4:6C:13:A7:1F
ValidityTue, 09 Apr 2024 10:09:28 GMT - Mon, 08 Jul 2024 10:09:27 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18264, version 1.0
Size
18 kB (18264 bytes)
Hash
523db333665c3c4bfa066cd376a93065
6f857ba7e2b0feecaac1606886174a971ea1d5ce
e2ab9c14e82fc81f6a00ac2fd51038c8613ae1b29c9cc67205c6dd7bde44761a

HTTP Headers

GET /rubik/files/rubik-latin-500-normal.woff2 HTTP/1.1
Host: fonts.bunny.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://saint2.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.bunny.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 19:05:06 GMT
content-type: font/woff2
content-length: 18264
server: BunnyCDN-NO1-830
cdn-pullzone: 781720
cdn-uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000
etag: "64a64285-4758"
last-modified: Thu, 06 Jul 2023 04:26:45 GMT
cdn-storageserver: SE-344
cdn-fileserver: 318
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 20:02:29
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 45f73ea909b88790dd224b65650ba082
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

saint2.su/assets/saintLogo.png

91.149.226.78

200 OK

41 kB

URL GET HTTP/1.1
saint2.su/assets/saintLogo.png
IP
91.149.226.78:443
ASN
#201744 Bulletnet Ltd

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerLet's Encrypt
Subjectsaint2.su
FingerprintD8:91:2E:43:4A:2A:D0:43:F7:AC:98:03:5C:7B:C0:39:0E:78:3B:E1
ValidityFri, 05 Apr 2024 13:19:55 GMT - Thu, 04 Jul 2024 13:19:54 GMT

File type
PNG image data, 1842 x 1228, 8-bit/color RGBA, non-interlaced
Size
41 kB (41139 bytes)
Hash
9f0dabe61af44e2f7b87d49e4e7ee074
46909887ab5efbaeab1319273ae8adf79548cfa0
876e378d0fd81a2398b7634a828c983d334c578ece02066a8c14cbe24c5c687c

HTTP Headers

GET /assets/saintLogo.png HTTP/1.1
Host: saint2.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/embed/fZfZicAe2Ba
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=jcvetehvh96hijnsl2mqdop4s6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 May 2024 19:05:06 GMT
Content-Type: image/png
Content-Length: 41139
Last-Modified: Sat, 30 Apr 2022 21:33:16 GMT
Connection: keep-alive
ETag: "626dab1c-a0b3"
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes

68aq8q352.com/solid.gif?z=2021529&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334497703312384&eclog=0&im=1

212.117.190.210

200 OK

43 B

URL POST HTTP/2
68aq8q352.com/solid.gif?z=2021529&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334497703312384&eclog=0&im=1
IP
212.117.190.210:443
ASN
#7979 SERVERS-COM

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint0C:9E:BB:D9:DA:B8:74:37:CB:65:CD:13:B0:1B:DD:DF:B2:8F:61:74
ValiditySat, 27 Apr 2024 13:01:17 GMT - Wed, 23 Oct 2024 21:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /solid.gif?z=2021529&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334497703312384&eclog=0&im=1 HTTP/1.1
Host: 68aq8q352.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/
Origin: https://saint2.su
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 19:05:06 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
set-cookie: CHCK=1; Path=/; Expires=Thu, 05 Jun 2025 19:05:06 GMT; Secure; SameSite=None
UID=24050214058e5ad0176ae7446e94b2889a34; Path=/; Expires=Thu, 05 Jun 2025 19:05:06 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

thumbs-saint-to.bunkr.ru/thumbs/65e51bf47c08f-1709513716.jpg

104.22.41.103

200 OK

63 kB

URL GET HTTP/2
thumbs-saint-to.bunkr.ru/thumbs/65e51bf47c08f-1709513716.jpg
IP
104.22.41.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerGoogle Trust Services LLC
Subjectbunkr.ru
Fingerprint14:E8:5E:C2:5B:67:AF:C8:D0:4E:27:13:A1:54:DB:F6:64:17:7D:CB
ValiditySat, 23 Mar 2024 01:42:53 GMT - Fri, 21 Jun 2024 01:42:52 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1920, components 3
Size
63 kB (63282 bytes)
Hash
720fb4ca9d77a49ff4fdbf5c0dcea38f
3e3339a920320d59e0c5dac1ad38aec43e291555
c040c8c9f0ced3c9af219771581f89933aee54fc13de2bf276479e0038eb81ff

HTTP Headers

GET /thumbs/65e51bf47c08f-1709513716.jpg HTTP/1.1
Host: thumbs-saint-to.bunkr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 19:05:06 GMT
content-type: image/jpeg
content-length: 63282
access-control-allow-headers: *
access-control-allow-origin: *, *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=65287
etag: "65e51bf8-ff07"
expires: Mon, 13 May 2024 02:28:07 GMT
last-modified: Mon, 04 Mar 2024 00:55:20 GMT
referrer-policy: strict-origin-when-cross-origin
x-cached-at: Mon, 04 Mar 2024 00:56:22 GMT
x-config: /watch/
x-content-type-options: nosniff
x-proxy-cache: MISS
cf-cache-status: HIT
age: 95124
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87da47e60a5092cd-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

saint2.su/icons/apple-touch-icon.png

91.149.226.78

200 OK

19 kB

URL GET HTTP/1.1
saint2.su/icons/apple-touch-icon.png
IP
91.149.226.78:443
ASN
#201744 Bulletnet Ltd

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerLet's Encrypt
Subjectsaint2.su
FingerprintD8:91:2E:43:4A:2A:D0:43:F7:AC:98:03:5C:7B:C0:39:0E:78:3B:E1
ValidityFri, 05 Apr 2024 13:19:55 GMT - Thu, 04 Jul 2024 13:19:54 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
19 kB (19089 bytes)
Hash
dbb95acc5a518f4f0cb4ea29a376e64c
6ece49b91bca3f4b890a4d3536b7ea84b07593bc
4f541cb49b8de0d09c94f289d75e32fce004cd6caa74c1d8ef6f618a4caee707

HTTP Headers

GET /icons/apple-touch-icon.png HTTP/1.1
Host: saint2.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/embed/fZfZicAe2Ba
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=jcvetehvh96hijnsl2mqdop4s6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 May 2024 19:05:06 GMT
Content-Type: image/png
Content-Length: 19089
Last-Modified: Sun, 29 May 2022 00:01:46 GMT
Connection: keep-alive
ETag: "6292b7ea-4a91"
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes

68aq8q352.com/get/2021529?zoneid=2021529&jp=_cld6j07zoopl6m9odx402x&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334497703312384&eclog=0&im=1&uf=0

212.117.190.210

200 OK

2.2 kB

URL GET HTTP/2
68aq8q352.com/get/2021529?zoneid=2021529&jp=_cld6j07zoopl6m9odx402x&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334497703312384&eclog=0&im=1&uf=0
IP
212.117.190.210:443
ASN
#7979 SERVERS-COM

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint0C:9E:BB:D9:DA:B8:74:37:CB:65:CD:13:B0:1B:DD:DF:B2:8F:61:74
ValiditySat, 27 Apr 2024 13:01:17 GMT - Wed, 23 Oct 2024 21:59:00 GMT

File type
gzip compressed data, from Unix
Size
2.2 kB (2182 bytes)
Hash
585c5263986de3a2024d8a6809ca9ecf
36ce3ba8afce7675f925aab3dd9a54223b65ed57
5659ce369d24334105866ca0b995f2288459657168bd215ec441fa67b9463ea5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /get/2021529?zoneid=2021529&jp=_cld6j07zoopl6m9odx402x&nojs=0&abvar=0&febuild=1.0.233&t=0&wcks=1&wgl=0&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=4334497703312384&eclog=0&im=1&uf=0 HTTP/1.1
Host: 68aq8q352.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 19:05:06 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Thu, 05 Jun 2025 19:05:06 GMT; Secure; SameSite=None
UID=2405021405a91dfe4c1b394710bf0c455ff7; Path=/; Expires=Thu, 05 Jun 2025 19:05:06 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

cdn.plyr.io/3.7.8/plyr.js

104.27.195.88

200 OK

34 kB

URL GET HTTP/2
cdn.plyr.io/3.7.8/plyr.js
IP
104.27.195.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerCloudflare, Inc.
Subjectcdn.plyr.io
Fingerprint82:12:FB:B3:64:22:F5:22:7D:BA:01:9C:97:81:CF:4F:55:01:08:95
ValidityMon, 11 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (34359 bytes)
Hash
937aa0b508e5b8c675ccc9e44c1158af
ab39c0e9b0ab16e21b410d0ae43a6756c741c0ba
4bdc4c42a18797aaabe38f455613328f0b27fc5279a907b0fac82c6ab2bcc67a

HTTP Headers

GET /3.7.8/plyr.js HTTP/1.1
Host: cdn.plyr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 19:05:05 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-bgj: minify
cf-polished: origSize=113183
etag: W/"714122a0383a143c50c9629e2bcb7e1f"
last-modified: Thu, 20 Apr 2023 10:33:44 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 182840
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DU%2BFu5W5bLVEr2NE6y7eeXiIA%2FBu4to7NhKmxv4Hc4em6N42kwxnAuJ1kn2OQrSP%2FWL34W8BmFoMVaEBMDmf3ZxswfGnbSTNo40MOIL8ofimgs2%2BoS4k2dxvv4j8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87da47e28d1956b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.plyr.io/3.7.8/plyr.css

104.27.195.88

200 OK

32 kB

URL GET HTTP/2
cdn.plyr.io/3.7.8/plyr.css
IP
104.27.195.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerCloudflare, Inc.
Subjectcdn.plyr.io
Fingerprint82:12:FB:B3:64:22:F5:22:7D:BA:01:9C:97:81:CF:4F:55:01:08:95
ValidityMon, 11 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
32 kB (32499 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /3.7.8/plyr.css HTTP/1.1
Host: cdn.plyr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 19:05:05 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-bgj: minify
cf-polished: origSize=32564
etag: W/"411acf0fd5fe4d42c580db72f82077fd"
last-modified: Thu, 20 Apr 2023 10:33:44 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 174398
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L0EcdOl1aVYZd8xZENIthWJm3kl0mUm%2BC8kF2Uo4RnNAa2yijFmjDt4zKwtOdAP5r4pSU%2Fk6cvmc1kOJ9pTQZaElAJSzC0e79OluISg73NAWDBPO99JYn6GaK2ke"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87da47e27d0556b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.plyr.io/3.7.8/plyr.svg

104.27.195.88

200 OK

5.8 kB

URL GET HTTP/2
cdn.plyr.io/3.7.8/plyr.svg
IP
104.27.195.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerCloudflare, Inc.
Subjectcdn.plyr.io
Fingerprint82:12:FB:B3:64:22:F5:22:7D:BA:01:9C:97:81:CF:4F:55:01:08:95
ValidityMon, 11 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
5.8 kB (5785 bytes)
Hash
0515cfb132a7e4e063467814f50e32c4
2d89955170c71b3c1678526168318edd55e16996
f5322aaaaa48e83be4443010300845989622757a8b98ccab908f1e650171e4e2

HTTP Headers

GET /3.7.8/plyr.svg HTTP/1.1
Host: cdn.plyr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/
Origin: https://saint2.su
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 19:05:06 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
etag: W/"3a727a9b7eef825081d78cc6e48aaadf"
last-modified: Thu, 20 Apr 2023 10:33:44 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 168759
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nKx4ExPRK48U68oWN%2FrPIrjT9xcfYz3HhOVd%2B8rZtTttaJFGigRUwEfJp9OqhojD7dIuRt9h0LcJrVYtEDv4h1QjrjasOtBYLV1SdzUPP%2B9M5tWDZVrsDm2N3Dgf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87da47e4885656b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

saint2.su/icons/favicon-16x16.png

91.149.226.78

200 OK

610 B

URL GET HTTP/1.1
saint2.su/icons/favicon-16x16.png
IP
91.149.226.78:443
ASN
#201744 Bulletnet Ltd

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerLet's Encrypt
Subjectsaint2.su
FingerprintD8:91:2E:43:4A:2A:D0:43:F7:AC:98:03:5C:7B:C0:39:0E:78:3B:E1
ValidityFri, 05 Apr 2024 13:19:55 GMT - Thu, 04 Jul 2024 13:19:54 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
610 B (610 bytes)
Hash
4ef8321dcb1532430b28ca92ee1484d0
59268b58e87b9b50d36d9f389c47e8aca5e3be38
e3f9335cb577f4989998a20171ea8af2d2eac5f23603b0523a291ed49eaf47ab

HTTP Headers

GET /icons/favicon-16x16.png HTTP/1.1
Host: saint2.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/embed/fZfZicAe2Ba
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=jcvetehvh96hijnsl2mqdop4s6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 02 May 2024 19:05:06 GMT
Content-Type: image/png
Content-Length: 610
Last-Modified: Sun, 29 May 2022 00:01:46 GMT
Connection: keep-alive
ETag: "6292b7ea-262"
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes

fonts.bunny.net/css?family=rubik:500

194.242.11.186

200 OK

2.1 kB

URL GET HTTP/2
fonts.bunny.net/css?family=rubik:500
IP
194.242.11.186:443
ASN
#34989 ServeTheWorld AS

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerLet's Encrypt
Subjectfonts.bunny.net
FingerprintCB:89:86:8E:6D:0A:E5:60:AF:D4:50:FD:A4:62:99:B4:6C:13:A7:1F
ValidityTue, 09 Apr 2024 10:09:28 GMT - Mon, 08 Jul 2024 10:09:27 GMT

File type
ASCII text, with very long lines (2157), with no line terminators
Size
2.1 kB (2107 bytes)
Hash
21186584d76b3f07f9229759f86ea827
81ed815ff5a5b4ba0ac3d3d8ce6a771c46b19a88
81ca7c180f56219037333f77ae4ff1398c616477b11c9990d3680cd5e8a4fca0

HTTP Headers

GET /css?family=rubik:500 HTTP/1.1
Host: fonts.bunny.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 19:05:05 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
server: BunnyCDN-NO1-830
cdn-pullzone: 781720
cdn-uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000
last-modified: Tue, 23 Apr 2024 18:47:56 GMT
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/23/2024 18:47:56
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 1b14d414a96dc6dea8f813fb829fc8cb
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

68aq8q352.com/aas/r45d/vki/2021529/8dbd2c8c.js

212.117.190.210

200 OK

106 kB

URL GET HTTP/2
68aq8q352.com/aas/r45d/vki/2021529/8dbd2c8c.js
IP
212.117.190.210:443
ASN
#7979 SERVERS-COM

Requested by
https://saint2.su/embed/fZfZicAe2Ba
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint0C:9E:BB:D9:DA:B8:74:37:CB:65:CD:13:B0:1B:DD:DF:B2:8F:61:74
ValiditySat, 27 Apr 2024 13:01:17 GMT - Wed, 23 Oct 2024 21:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65106)
Size
106 kB (106460 bytes)
Hash
29fb8e7b0a97af3f20138643f135599b
551b9250615cb2cd19f223425e26af66fb900916
d6cd233b92dbeccac8e0cf8606a5b2f7d123e9fcb7222dc56191991a61dfac83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /aas/r45d/vki/2021529/8dbd2c8c.js HTTP/1.1
Host: 68aq8q352.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saint2.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 19:05:06 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 17:06:20 GMT
vary: Accept-Encoding
etag: W/"662a8d8c-1a022"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL User Request GET HTTP/1.1

IP

ASN