Report - vaer63kmp.cc/invite/i=959

Report Overview

Visited public
2024-06-18 01:06:39
Tags
URL
vaer63kmp.cc/invite/i=959
Finishing URL
vaer63kmp.cc/enter/register
IP / ASN
104.21.66.203
#13335 CLOUDFLARENET
Title
t33n leak 5-17 age

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-17 18:15:38	2.0 kB	5.3 kB	23.36.76.226
vaer63kmp.cc	unknown	unknown	No data	No data	8.8 kB	492 kB	172.67.207.62
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2024-06-17 18:18:26	1.7 kB	35 kB	104.17.2.184
cdn.discordapp.com	2474	2015-02-26	2015-08-24 15:06:21	2024-06-17 18:12:09	1.3 kB	2.9 kB	162.159.129.233
ocsp.sectigochina.com	unknown	2019-10-20	2022-02-25 07:42:56	2024-06-12 14:18:51	333 B	964 B	172.64.149.190
b.yzcdn.cn	425969	2014-12-08	2015-07-08 11:30:49	2023-10-23 14:59:32	425 B	9.8 kB	154.85.69.56

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed
2024-06-17	medium	vaer63kmp.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (29)

	URL	From	Size	First Seen	Last Seen
	vaer63kmp.cc/js/chunk-vendors.ea790e22.js	ScriptElement	949 kB	2023-03-07	2024-08-21
Pretty URL vaer63kmp.cc/js/chunk-vendors.ea790e22.js IP 172.67.207.62 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2024-08-21 09:33 Times Seen1004 Hash 4fee178f809d1b2a829099a8bb91c56c 178b6322fdc40c08fcbda0c096c668855ad49b51 c3580c9951b9554639c1404a246b3f27f818a99240c728f04cb964cd9e50b73d Loading...

	vaer63kmp.cc/js/app.6687d9a3.js	ScriptElement	171 kB	2024-06-17	2024-08-19
Pretty URL vaer63kmp.cc/js/app.6687d9a3.js IP 172.67.207.62 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-17 23:35 Last Seen2024-08-19 19:39 Times Seen2 Hash 968105d52b25adbaec5dbdae6c763d7c 220d130354002cfd827cd0bb20d30b5de6ccc72f 1080bfe3afc6f07bfdbe56b601dc7500ba722142e485c4ae2f8050f8878718c4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 280b1bd711616b8631d2b3aac43b4b7e	2.8 kB	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 280b1bd711616b8631d2b3aac43b4b7e f8147f094e7f764204d74a4e56621f597a467cbd 7a20a9b393bbe1959a09dcff1cc2c78811c0ecf736042ed677c29ff0b673ecb8 Loading...

	#2 Eval - 3cc9fde457d808914ce2e13648fd53f3	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 3cc9fde457d808914ce2e13648fd53f3 e838437c08caf25a19cf8d4ec6a191b27b7972a5 ecfc61127885e3221672b6d51953d909ba3aa81cb5cf22938fb059ca2be08557 Loading...

	#3 Eval - 8659c247b84ce780e40d88efb00b304c	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 8659c247b84ce780e40d88efb00b304c a18aa0baf03c38c9c89504f93daccecf0ca9278f 046fa31741f5c0eac2332506dff7804d6143de961b50e81eed7c1aec94bc75b6 Loading...

	#4 Eval - 9c3234ef6f19c38f612011992b418e25	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 9c3234ef6f19c38f612011992b418e25 f72519a415a8d3957f36724b70ca5c7918d458a1 58df654e4a720b381a2ba5076b3c598443c3a8fe34bd2bdc67fcecef31f9acfc Loading...

	#5 Eval - c962d8b36afc4c9fb49b7e0cd3dd1402	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash c962d8b36afc4c9fb49b7e0cd3dd1402 a461db7ea6159bd390f9e67f39168192ab5e364e ecccc2e9846fe8a6ce101daf889d7097b37dabe3d641f075517ea3f06e55367c Loading...

	#6 Eval - 2747fe7992bb23d52ba0bc68603d6437	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 2747fe7992bb23d52ba0bc68603d6437 e39a113321c0b5b0b44a0f1bcf51ce50658b5602 8de49228f9008ac4e80355f6c9469cfa418826071be8d95289ebe732734dd7b5 Loading...

	#7 Eval - e60e1d82d13d9c8c28bfba3d4db82bb3	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash e60e1d82d13d9c8c28bfba3d4db82bb3 a3b2566f30c402bcbf2599fbb4431259b3c86df3 c62f42946755ef43e8bebe3bbe3c1a26bb06e551311046bfb868d1a58d4b8280 Loading...

	#8 Eval - 40fa02ca1ab1636ac03fa73be300e754	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 40fa02ca1ab1636ac03fa73be300e754 07d31646947ee132045d29e2ef75b926117cb38f a9a580b2537428226fd0a1519f484269e50358d71154a1ff872e74ac259dce03 Loading...

	#9 Eval - 877694893c7d03b1c82fe852af639e07	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 877694893c7d03b1c82fe852af639e07 dbfe6eb13d377b09c0e94e2abcf04afb681503fc 55e0ffc614d722303f2b4a3d3aad411111279a46f787132edf173f7c892d6bdb Loading...

	#10 Eval - 25ceac48f4a7941c824abea14f6b5ff6	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 25ceac48f4a7941c824abea14f6b5ff6 1c7e169f266eb64a495c49f6843a3d3da99b5754 c5832de5d48171d6790d011ea9908c36559e39d467427118b6d875a33412a306 Loading...

	#11 Eval - f86c1d25b9de02d7f6555a3e524a3ad0	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash f86c1d25b9de02d7f6555a3e524a3ad0 2cc32157da704ff5520ec68dbe62a058d9a625fc 4cfa2df606a38e3e73ae4d947332bd1031c84a4bc8223df3f81f7f392b483285 Loading...

	#12 Eval - de1734295fa95cc6c604a881257ee36c	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash de1734295fa95cc6c604a881257ee36c eef5b691b3cac9161d4af909794f6037e8e9dd16 ff4f2c89d7d4df91d53f7bfdad4356ef2d28982eb3e1c7913be851111745fade Loading...

	#13 Eval - 2cd25870bcd993787cdaf7f1d4c1f109	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 2cd25870bcd993787cdaf7f1d4c1f109 877e468056aac2c226cbcf5fbf7778d6380ca469 db182ee5b290ed348f755e8d5bae79038749c6b68eb1460278a5209d30b97cab Loading...

	#14 Eval - 72c3d99f595727bea4c104b5a5f7760b	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 72c3d99f595727bea4c104b5a5f7760b 2fd1fb4786c905b9dfff2f37e26f6b9446e6d51f 2af92634bfcf3be42fd2956958b35e73d9b7466f362ba68b206ab4bbc9433e77 Loading...

	#15 Eval - 2a0b02ad5ba6c2e2f96ea9b8c2095358	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 2a0b02ad5ba6c2e2f96ea9b8c2095358 468a6394a7c68f4ce716d3802f25a58a02fd0bfc 4e458f5945d9cff63431b31eb11953c8d0bb64b4d2da96af98812fc568e05ecb Loading...

	#16 Eval - 6011fa95bc1338f14f7f4270891c190a	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 6011fa95bc1338f14f7f4270891c190a 17816733368b919c1534e0352fb7efac57ac8dec 2d902b78c6b38f3699f29afc2c1c9076e91916fe10db3175546b83f15a73f7ae Loading...

	#17 Eval - 8acf5b64cec30b160fc34b0fd05da3fa	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 8acf5b64cec30b160fc34b0fd05da3fa 051a3fbe76ea64c4a1f5847be02f75833d3f92c0 2d8ad87719d11337e6edbd6e68b51a995c4b2ec23ccdf29069ed1a18e575369d Loading...

	#18 Eval - 642b328eff656eb63e8c5f864fb72102	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 642b328eff656eb63e8c5f864fb72102 82e70bdcc51928705954786159d5a690cbb56cb8 59bc150118d89cf5be4cccb39013aa11cbe4865a3f0039155675d767baa9d342 Loading...

	#19 Eval - ed52aabe4876e880d98dfb95d5248a9a	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash ed52aabe4876e880d98dfb95d5248a9a 10b4a5728cb5bdd1721055c71c7c7e16e35eb133 5ad968c84e9b86df3df230aa2215bc2869692c05a50be7c2f54184ea8baebde9 Loading...

	#20 Eval - 6928799ddcbe978d210b24bec6db699d	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 6928799ddcbe978d210b24bec6db699d 86a70b1e5b7088134ac0344132595a671d6f9615 b992bcf27d7ceb7b371024b490b6926fcea81b9b7d69af3089f0baeab2d62d1d Loading...

	#21 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-03-15 04:06
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-03-15 04:06 Times Seen357829 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#22 Eval - 3abcbf325a5e5e5f18b6f5ca93a787fa	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 3abcbf325a5e5e5f18b6f5ca93a787fa 8cf4e3a9e85ba3d91d0e1de5b4315ea07f31884c fdbb753c065abe6f6129951ede78161e365a365ca5c426da0753e51c19cde0cf Loading...

	#23 Eval - 85be93f613ffc9ee87d9d786e54b8128	61 B	2024-06-07 12:20	2024-08-19 20:33
Pretty Observations First Seen2024-06-07 12:20 Last Seen2024-08-19 20:33 Times Seen1611 Hash 85be93f613ffc9ee87d9d786e54b8128 6a0fbcba18552dffd2f9d3858943c57a57b5e979 3bf44c20ef7ef0046995c5a49e8f11f4be9ea7c5cc52ca291e59c706b0643923 Loading...

	#24 Eval - 35435433e84712509de555b3135b340a	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 35435433e84712509de555b3135b340a 8f73931397f10c86a0dedaf8ff7e77364e735ab3 929c3ea5c9b0895f8b073af7116e84d8b048b261ac1c8215141b5bb83b6bfc65 Loading...

	#25 Eval - 402a19ef09a3018d3b5d588629d44758	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 402a19ef09a3018d3b5d588629d44758 0d312c61974116ed58cbdbbe2735beb31cb22a62 28346f2bc176806198e2d06b4a3fb6360dce53b336254f26acca4d49ebade9a5 Loading...

	#26 Eval - 29b3757ccb3317bca149328e1b0bba2a	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 29b3757ccb3317bca149328e1b0bba2a 29c213896500baed4318de1962d2e9b52d503cdc bb5964264edf864ecf66cf2fe625a3c7e5f8be0ba6a9fea3860e0f07ca610c2b Loading...

	#27 Eval - 253fe324586dc0603c678734dc5b2701	28 B	2024-08-19 19:38	2024-08-19 19:38
Pretty Observations First Seen2024-08-19 19:38 Last Seen2024-08-19 19:38 Times Seen1 Hash 253fe324586dc0603c678734dc5b2701 2bc4eff93936463860449f3f7d223b74809a600d 700823e8823011341e8ba727167acec2321e2d5153064076c692a177570989a8 Loading...

HTTP Transactions (29)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5c35a3180482afadf4e89f4cc249fa7b
8a088c184606fe3e4e0da8cd90b6eb5e6d30fb97
146fe131cf8436e3de4832a23b351400b4819dbd9b9716302248d3ab447f000c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "146FE131CF8436E3DE4832A23B351400B4819DBD9B9716302248D3AB447F000C"
Last-Modified: Sat, 15 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2862
Expires: Tue, 18 Jun 2024 01:53:55 GMT
Date: Tue, 18 Jun 2024 01:06:13 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9d139a09a36fce99ece1fb963d49d2a9
a7d96d8755d02c7204c147daade1b1168a6ddb73
f9a59ebef1ee608c709b274e1c7be1320323232cdc79b17bdbf453a5a5aead09

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9A59EBEF1EE608C709B274E1C7BE1320323232CDC79B17BDBF453A5A5AEAD09"
Last-Modified: Mon, 17 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12664
Expires: Tue, 18 Jun 2024 04:37:17 GMT
Date: Tue, 18 Jun 2024 01:06:13 GMT
Connection: keep-alive

vaer63kmp.cc/invite/i=959

172.67.207.62

200 OK

5.8 kB

URL User Request POST HTTP/1.1
vaer63kmp.cc/invite/i=959
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (14194), with no line terminators
Size
5.8 kB (5818 bytes)
Hash
8b97f719b73ab68ad3eea12a7cf4a343
1561e34bc35142fb3bc831fd64d2a49831d6b02b
05f8640c2fdf7e66c8e96a0631c47640a42708e9b14b921c06321d6deda19b1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /invite/i=959 HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Tue, 18 Jun 2024 01:06:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: THuRBws45/f6ouPT2Q4/KhxzWM/oaPfriEfzv7WN7Wrdtv4jfwU3k0+tzbwE8AJp9zgWkbZu6rzsGSIUS/NxWyPD23gVOhUnatpPQtlzJ5I=$KWNXZ0qClBqS8Y4itCYtWA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tr%2Bb0RN9fJ6TMTdN1C%2Bn6wci5IMYYxmYnSWejQkAJGlQuK9ezk1w%2FRn4tTNrm1XQtvK1JvHTbL5YVWd3TAEo%2F5Ms8GLzfcMZ%2BN1zY9zvieMcRFPV7g4KuwC5ReoSGSI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 895760251b0a56a2-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=895760251b0a56a2

172.67.207.62

105 kB

URL
vaer63kmp.cc/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=895760251b0a56a2
IP
172.67.207.62:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
105 kB (105269 bytes)
Hash
ded577ad6136b0b01b8258ac6e5d7407
405288c77d2a61edf42323c0bc2880ded2f1b755
bd4f34f69de128a57704c39605577f5d56fe286af5fafa6b75942650bab54029

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=895760251b0a56a2 HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vaer63kmp.cc/invite/i=959?__cf_chl_rt_tk=a0YPqbf6DGCUEsphwlGEbO.K0qGydVQiElANFBsXINE-1718672773-0.0.1.1-2302
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:14 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GBTebAm40TJsCxfWY62DeBnGtkffvC93kqG7S5VFEYBSrM6gmCEMNp%2BQHHpQN4xebzGF9i1JL%2BxXKPY78l464jnyOth7bA1hR1FCgrqvU%2F7RJHI1s4IGtroGEBPCVuo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89576027197a0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/favicon.ico

172.67.207.62

990 B

URL
vaer63kmp.cc/favicon.ico
IP
172.67.207.62:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (2705), with no line terminators
Size
990 B (990 bytes)
Hash
8b0160fab2baa77b32e956f38b5fb35a
b92fba0afa9922755a802b3f648d353dfb5abe81
67cc26fe6ca3ee3d13453edee5bcd2e905eb14f43c4ceb193601e7ba7d3396c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vaer63kmp.cc/invite/i=959?__cf_chl_rt_tk=a0YPqbf6DGCUEsphwlGEbO.K0qGydVQiElANFBsXINE-1718672773-0.0.1.1-2302
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 17 Jun 2024 22:54:43 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YXbHbBmvTjrIi77aIcG0aiP4WyQcRbWjNbhkDiwBpsjOq2cRZ9ScttuBE6ny7jSxAe5QgNUPhkyqjZB%2Fe%2FWbH5LzH9UGINW0R2bI3uEKI8Y7Y%2BGhez1Ugzm5%2FkUlS58%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89576027598b0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/favicon.ico

172.67.207.62

990 B

URL
vaer63kmp.cc/favicon.ico
IP
172.67.207.62:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (2705), with no line terminators
Size
990 B (990 bytes)
Hash
8b0160fab2baa77b32e956f38b5fb35a
b92fba0afa9922755a802b3f648d353dfb5abe81
67cc26fe6ca3ee3d13453edee5bcd2e905eb14f43c4ceb193601e7ba7d3396c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vaer63kmp.cc/invite/i=959
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 17 Jun 2024 22:54:43 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ol8IFbT6qruVnPm87de%2BGACracO1cbokJ%2BTiDMyQTIZiJg4i368bjjn%2F6IOnJt7xdNtPaD0KjPMK9jC6jlBvMsx6Drj3RrI%2Fx8ODh8jgbkhCAAX81kO7l8jc5U3YOyI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 89576027bf71b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/cdn-cgi/challenge-platform/h/g/flow/ov1/1117126911:1718669310:k-wZ4aZ2SgIy5Su69BzSbqBq_aG9sq_UfyE504suVRA/895760251b0a56a2/4152898432b5c71

172.67.207.62

12 kB

URL
vaer63kmp.cc/cdn-cgi/challenge-platform/h/g/flow/ov1/1117126911:1718669310:k-wZ4aZ2SgIy5Su69BzSbqBq_aG9sq_UfyE504suVRA/895760251b0a56a2/4152898432b5c71
IP
172.67.207.62:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (16528), with no line terminators
Size
12 kB (12486 bytes)
Hash
09b2d6917b290349b3f17d39b856695d
b09730483da0dd02cf228b1f3b36488ac6b5cb38
9855a57163339a9f761e4aa0025dd1107beff6386bba07b789701126b78d2817

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1117126911:1718669310:k-wZ4aZ2SgIy5Su69BzSbqBq_aG9sq_UfyE504suVRA/895760251b0a56a2/4152898432b5c71 HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vaer63kmp.cc/invite/i=959
Content-type: application/x-www-form-urlencoded
CF-Challenge: 4152898432b5c71
Content-Length: 1628
Origin: http://vaer63kmp.cc
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:14 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: 1ZB+9LWS3u4Vo2/MJPTqRHcbbRFr+Wu0+GNbuPTG1P9QXSOST0qZwP/inOSvMY7T$JyAj+JpUDltqTbK4jxTGDw==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FKsH6m5rQVZEaWBXh4c48Jhu8lI76nbMH7PagpxS%2F2SGVbHcVrULcY5wHbuxbJQgp79jrhiMRqh0GWsojurX464JEOxbGUOqlbjLOOsZIsyrBWSh0%2FSmjAmFBfrM1e0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8957602899f00b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/m907d/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

104.17.2.184

18 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/m907d/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (42150)
Size
18 kB (18389 bytes)
Hash
7537643c563d05f46918bd9b4eef0d40
95ffdbd83fab7725c8be96554f914b12e7bb7d49
4ada831ecf2d569be674d25c3bd65ae294b15fcd56e946972fab05b54fbc6dcb

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/m907d/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 18 Jun 2024 01:06:14 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
origin-agent-cluster: ?1
cross-origin-embedder-policy: require-corp
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
server: cloudflare
cf-ray: 895760299a19568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16061
Expires: Tue, 18 Jun 2024 05:33:56 GMT
Date: Tue, 18 Jun 2024 01:06:15 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16061
Expires: Tue, 18 Jun 2024 05:33:56 GMT
Date: Tue, 18 Jun 2024 01:06:15 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16061
Expires: Tue, 18 Jun 2024 05:33:56 GMT
Date: Tue, 18 Jun 2024 01:06:15 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16061
Expires: Tue, 18 Jun 2024 05:33:56 GMT
Date: Tue, 18 Jun 2024 01:06:15 GMT
Connection: keep-alive

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/895760299a19568f/1718672775053/TpuWn1eIDuuyhuN

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/895760299a19568f/1718672775053/TpuWn1eIDuuyhuN
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 97 x 40, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
0cb1e2e4098366f0a8393ee308341eef
a7efea809b455d34d07d79e5067f2c89223b0ae1
3c2c79fd3cbe10fece988ffbf862eacb1ed5f30b66f8a8638e192add0f678dff

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/895760299a19568f/1718672775053/TpuWn1eIDuuyhuN HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/m907d/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 18 Jun 2024 01:06:15 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8957602f0cee568f-OSL
alt-svc: h3=":443"; ma=86400

vaer63kmp.cc/cdn-cgi/challenge-platform/h/g/flow/ov1/1117126911:1718669310:k-wZ4aZ2SgIy5Su69BzSbqBq_aG9sq_UfyE504suVRA/895760251b0a56a2/4152898432b5c71

172.67.207.62

3.3 kB

URL
vaer63kmp.cc/cdn-cgi/challenge-platform/h/g/flow/ov1/1117126911:1718669310:k-wZ4aZ2SgIy5Su69BzSbqBq_aG9sq_UfyE504suVRA/895760251b0a56a2/4152898432b5c71
IP
172.67.207.62:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4304), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
def978f34091c95f9c87f8d9d9c438f3
eb4abcf6dcd1ed34e333cb4d1ae5b52d0bcac533
43628790b3888dbd3a38ed8e07660432f071dff3dbeb03ee5616fd92be223c04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1117126911:1718669310:k-wZ4aZ2SgIy5Su69BzSbqBq_aG9sq_UfyE504suVRA/895760251b0a56a2/4152898432b5c71 HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vaer63kmp.cc/invite/i=959
Content-type: application/x-www-form-urlencoded
CF-Challenge: 4152898432b5c71
Content-Length: 3073
Origin: http://vaer63kmp.cc
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: cf_chl_rc_m=;Expires=Mon, 17 Jun 2024 01:06:22 GMT;SameSite=Strict
cf-chl-out: +UWQsD9eJPBIbEdjK/XfjR1KM/qj7TpHGFQSgeP8r1nrW4EU0/r+OLWhk06OCo59rH5OtqKbsjRCqVy9rXLFYw==$mex3Nc90T6SmqkLV0sirMw==
cf-chl-out-s: 6OPZhzV69YyCiX+BmCgIr5f4/+7dmtSJfC9I8MGAHzMm+XVHy4RxDuMuVeyu/3iq1xXgGFmeldOfZZgZi5c2vraw6z6DKirYTUqlZXZ/oprTUgd6/0X13sgvI7S55iG+gQgBD4w4/PHacWpPsik1Rmq724P1PnaJ/QxdKc6lUVmtOPK2ojHPjOry7O6XdNHu9ifDnEYwq+m+8Gr80t9bb/5Kr7KkkBzVap+IPMT2I97SzlNETamwUelFIUrMzFGj5S4gkcN4o/ANNwfcWhBT7hGlAG66iM7O1GBvpKXbW1gyB3C1IDSPiQt40QIFDu1ujzbWICe3jSKSYeg+iYRmQf+6V5x7PEgjEyiIJgXOIa9hNILjEB2SL95AZVGdYkTJ0Dg5yf40J+O2ph+rizhUNrUw/hIAGwSae9CKDrMbQH08/hYtxJ88M55rBNSb51QYvpNgNUQCTeLLlvzoyJ+9gw==$lvpti67o2RGnCTlKjb6OZw==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGMuK9%2FXf%2BR9pbnjJP8Ts9%2B1xNjwmPRUxPoIl0mZtWN%2BNEVAq7MT3wtGJM6b%2Bx9owjJH0I6PaLaNwJaRIekzpJFwaFlAa%2BU8mQ8MFED%2FOtXhHBlx6%2BlWHrjO5ixaLVE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 895760594f840b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/invite/i=959

172.67.207.62

200 OK

996 B

URL User Request POST HTTP/1.1
vaer63kmp.cc/invite/i=959
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (2705), with no line terminators
Size
996 B (996 bytes)
Hash
8b0160fab2baa77b32e956f38b5fb35a
b92fba0afa9922755a802b3f648d353dfb5abe81
67cc26fe6ca3ee3d13453edee5bcd2e905eb14f43c4ceb193601e7ba7d3396c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /invite/i=959 HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vaer63kmp.cc/invite/i=959?__cf_chl_tk=a0YPqbf6DGCUEsphwlGEbO.K0qGydVQiElANFBsXINE-1718672773-0.0.1.1-2302
Content-Type: application/x-www-form-urlencoded
Content-Length: 2768
Origin: http://vaer63kmp.cc
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg; Path=/; Expires=Wed, 18-Jun-25 01:06:22 GMT; Domain=.vaer63kmp.cc; HttpOnly
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ws7ffiWuT7wAl24UiL5L06kxctx9wfG0uIkwyZLz83CgSWvZcSbTwq0rZpd0zR26FRGA83w1glJjaUi5THNFZcFNScWs4H8D7LRwxQwunv%2FjXWXlUPMWBGgDsXaNvgg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8957605a2fc40b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/css/chunk-vendors.c57533e1.css

172.67.207.62

200 OK

44 kB

URL GET HTTP/1.1
vaer63kmp.cc/css/chunk-vendors.c57533e1.css
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (43872 bytes)
Hash
ebfffebc1f62c3be51082e6595a0a005
e278fbd6fd48150b3f366b50ed388983d934978c
f5ce9e73e1f7cea326eedd4f39d9b2d703ba4ccb31a6078cdc1fb16481298a32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-vendors.c57533e1.css HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/invite/i=959
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:22 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 17 Jun 2024 13:38:46 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 279
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DOko3ywetnwOrMzAVUO%2BTgO9D764b5q1SR7h%2Bqq3Yudsuu%2FAmWeBfe1nHS79WUyIsjgA%2Fn3zCMMP1raisKLVjC9yuTpV9uj0L8UIk63gEWDTySEyf%2Fl%2BVN%2BsCTK%2BQBI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8957605b0a5656a2-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/css/app.97fad072.css

172.67.207.62

200 OK

2.5 kB

URL GET HTTP/1.1
vaer63kmp.cc/css/app.97fad072.css
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959

File type
ASCII text, with very long lines (14103), with no line terminators
Size
2.5 kB (2491 bytes)
Hash
e31dd697eaed2512cb39fae0bdbbab65
a80f3d838c23d268faa5bb2754bed04d6032e574
a7e6f753d63c5a637b95f40e49ba8b7f676afb81749c9067f9392aeca61ddd4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.97fad072.css HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/invite/i=959
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:22 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 17 Jun 2024 13:38:28 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 279
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hk3nqqTgzsxR5k6BXSg2ubOyVmXqrAQ5%2FPd%2F6V607MG7xxqhPgsV2lLOzHRjRJncoY8fXCUUJY%2FHXzzSQENkfXEFCemEpd%2B6wGEP3AG9RF%2F10Iaai7dre67pmeYSTHo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8957605b08050b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/js/app.6687d9a3.js

172.67.207.62

200 OK

24 kB

URL GET HTTP/1.1
vaer63kmp.cc/js/app.6687d9a3.js
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23869 bytes)
Hash
968105d52b25adbaec5dbdae6c763d7c
220d130354002cfd827cd0bb20d30b5de6ccc72f
1080bfe3afc6f07bfdbe56b601dc7500ba722142e485c4ae2f8050f8878718c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.6687d9a3.js HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/invite/i=959
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:22 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 17 Jun 2024 14:08:05 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LiEUrfLwdfOA4wGTlOwpgubz0RP4VqLXbFFE%2Frq%2FQWmt5bPTgom8lzz0RJjlMqrhSKiCL0kM5arXJbDTYpy%2BAuU1CH6O2cbTYpnFVRp%2F6m3XoLv6%2FKrKcwKGyRH4Qu0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8957605b0963b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/js/chunk-vendors.ea790e22.js

172.67.207.62

200 OK

272 kB

URL GET HTTP/1.1
vaer63kmp.cc/js/chunk-vendors.ea790e22.js
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (51759)
Size
272 kB (272420 bytes)
Hash
4fee178f809d1b2a829099a8bb91c56c
178b6322fdc40c08fcbda0c096c668855ad49b51
c3580c9951b9554639c1404a246b3f27f818a99240c728f04cb964cd9e50b73d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.ea790e22.js HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/invite/i=959
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:22 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 17 Jun 2024 14:22:45 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ARLuTl%2FnzXo78%2FL9Con1E19zpUXUJJ6ibUQ4XW77Agjb8wOaVScs4%2B3Pb9KnpVS%2BbN0NpY6Rv%2FEwX4%2FyCAVxB4vh%2Fb8itsR7Kx1Va4Jk8ApUeOQ%2FHCjXrpgxzVqB2XE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8957605b08030b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/invite

172.67.207.62

200 OK

0 B

URL POST HTTP/1.1
vaer63kmp.cc/invite
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /invite HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 18
Origin: http://vaer63kmp.cc
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/invite/i=959
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:23 GMT
Content-Length: 0
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WX1aVUYG5SHK8IWMXmTIMiq9gxaycgosg6Lmf9PTJkkSzRhlXz1k0GhpijldKh2CioDjSlK0hTYZ6gUWSmSGuDAxiEiIVFlJ61toE2AgBbTRb2lAcuHExMkY1aqKX2o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8957605d88b60b31-OSL
alt-svc: h2=":443"; ma=60

cdn.discordapp.com/attachments/1252246561845542944/1252246605730680882/ver.mp4?ex=66718508&is=66703388&hm=41e2c2fdccadcdfc2093ed0ae99aebf2bcaca8a8fe3ad1b6996adcaaab4f834d&

162.159.129.233

229 B

URL
cdn.discordapp.com/attachments/1252246561845542944/1252246605730680882/ver.mp4?ex=66718508&is=66703388&hm=41e2c2fdccadcdfc2093ed0ae99aebf2bcaca8a8fe3ad1b6996adcaaab4f834d&
IP
162.159.129.233:0
ASN
#13335 CLOUDFLARENET

File type
XML 1.0 document, ASCII text, with no line terminators
Size
229 B (229 bytes)
Hash
3e9eafc889bcb89ef6de2cd9ee6a2d39
e9b8939144e5b6dbce9664051c6579642867d687
8bdf451e4212cabfb3d52ddf7e119f78bf74072b1b1e7c27672e9249f12e1b70

HTTP Headers

GET /attachments/1252246561845542944/1252246605730680882/ver.mp4?ex=66718508&is=66703388&hm=41e2c2fdccadcdfc2093ed0ae99aebf2bcaca8a8fe3ad1b6996adcaaab4f834d& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 18 Jun 2024 01:06:23 GMT
content-type: application/xml; charset=UTF-8
content-length: 229
cf-ray: 8957605ef8c9b4ee-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=31536000
content-disposition: attachment
expires: Wed, 18 Jun 2025 01:06:23 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-guploader-uploadid: ABPtcPpcAro80CPzBPoRWhCqEu-Q-KfrX_3v4quANA3_tFUsB0RNqjIWuK401CbC-uR1kQMcz0U
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fId91P2qCSankEqcQOEmViGo9x2TH0hBeH5OggYgtMz2B35ZMTKgljvm5mjCHhAxtKUdz7sjRhFg0f0gDOzynpT9JiVWgWhghwj0c1Yo8HfTNc6l%2FdHtasvsbt6e1aSzpXf5NA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=Sl5Oonw7J0_8dMA1Or9Pl6RjTPZ_lEL22oF6KdyOlxs-1718672783-1.0.1.1-N0AdwhzlUOfkdXL..IudsJbomh9aXRjkPDaQQpbm_NngJsXXJtA6v15C.rkq_B.IWjob.uN7L6k3u9X_BW8.cg; path=/; expires=Tue, 18-Jun-24 01:36:23 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=A8pDoRkMEdxxXpsWxY0C6UNFs9C.q9IfL7mnJxfc0yo-1718672783243-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

vaer63kmp.cc/getlog

172.67.207.62

200 OK

1.3 kB

URL GET HTTP/1.1
vaer63kmp.cc/getlog
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959

File type
JSON text data
Size
1.3 kB (1280 bytes)
Hash
00ebd8c7e485f6702bd516037522f2fe
ec0d04c334b7d6e1b9af1a254bb871d8d6a9c9a9
ecf0a6e372b3853401ee4180663ae4ee8863400912aab5c57dc418aa68eae34e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /getlog HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/enter/register
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zHeSmdMi%2FV6udCdq4XrFsi9oRK5QFwwcTT20XXELoUVkAMI%2FceLDZ15XIaZfCDcYzobxU0a5axHhgKbn86KQJvwRVQommbxW0b%2Bd4pSxj1k0pJYdncd%2B6BnoLlmqqAo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8957605e99060b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/turnstile/v0/g/6aac8896f227/api.js?onload=OZxW4&render=explicit

104.17.2.184

14 kB

URL
challenges.cloudflare.com/turnstile/v0/g/6aac8896f227/api.js?onload=OZxW4&render=explicit
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42645)
Size
14 kB (14359 bytes)
Hash
0462e24566754058d5a2517254459c3f
2212aeb2c867d59e5f15984a51448aa1c05052cb
22401f58443400f39ce653a1736059092e1e5f85ffbbbaeda4b11c16b5bade6e

HTTP Headers

GET /turnstile/v0/g/6aac8896f227/api.js?onload=OZxW4&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://vaer63kmp.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Jun 2024 01:06:14 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 06 Jun 2024 21:04:54 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 89576027ee1ab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vaer63kmp.cc/img/icons/favicon.svg

172.67.207.62

200 OK

990 B

URL GET HTTP/1.1
vaer63kmp.cc/img/icons/favicon.svg
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959

File type
HTML document, ASCII text, with very long lines (2705), with no line terminators
Size
990 B (990 bytes)
Hash
8b0160fab2baa77b32e956f38b5fb35a
b92fba0afa9922755a802b3f648d353dfb5abe81
67cc26fe6ca3ee3d13453edee5bcd2e905eb14f43c4ceb193601e7ba7d3396c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon.svg HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/invite/i=959
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4844
Last-Modified: Mon, 17 Jun 2024 23:45:39 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qq2d31nteNtq%2FYsBetK%2FFrXIBaXtSPWry4sKn1Ogqah%2F%2FFQzun63EJO0vEPmZg6KBZNzSEpTZT26StUb7S5hWFZ9bMf%2FTCHDOXkRtcGJcRBPZufX1oKlJU4jGrzV4Bw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 895760607cce56a2-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vaer63kmp.cc/img/icons/apple-touch-icon-152x152.png

172.67.207.62

200 OK

4.0 kB

URL GET HTTP/1.1
vaer63kmp.cc/img/icons/apple-touch-icon-152x152.png
IP
172.67.207.62:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959

File type
PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced
Size
4.0 kB (4046 bytes)
Hash
1a034e64d80905128113e5272a5ab95e
92328e60f63d690f33cd4961b9934a539dc29b82
4d9685d610c4411caadd8d36ce94d3303cf5b05c8e04d67fc232c16a4469a135

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/apple-touch-icon-152x152.png HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/invite/i=959
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:23 GMT
Content-Type: image/png
Content-Length: 4046
Connection: keep-alive
Last-Modified: Mon, 17 Jun 2024 13:38:54 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1HCnViNhZwshNETkyDPQaUzArpgBlbzlgjOGvTim3mqyEemHUxKMxnQApSN6zvb7vI42CSozxK8bLolYn%2F3d7kwU2Ea2pK1YL3gHJ%2B5a05hhIcI1rehT0YJfGC4y5%2Fk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8957606079980b31-OSL
alt-svc: h2=":443"; ma=60

ocsp.sectigochina.com/

172.64.149.190

472 B

URL
ocsp.sectigochina.com/
IP
172.64.149.190:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
df6be5770be48c0f8266a073b49b1307
aad6e12bf5451a11942d599f3477a52d9ca753d8
171786911631b9c5dc02c6b0785a900b13496cfab6b58e28e80340666ef8bd9c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 18 Jun 2024 01:06:24 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 16 Jun 2024 01:06:25 GMT
Expires: Sun, 23 Jun 2024 01:06:24 GMT
Etag: "aad6e12bf5451a11942d599f3477a52d9ca753d8"
Cache-Control: max-age=431964,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 89576065c8805685-OSL

b.yzcdn.cn/vant/icon-demo-1126.png

154.85.69.56

200 OK

8.9 kB

URL GET HTTP/2
b.yzcdn.cn/vant/icon-demo-1126.png
IP
154.85.69.56:443
ASN
#139057 LEGEND DYNASTY PTE. LTD.

Requested by
http://vaer63kmp.cc/invite/i=959
Certificate
IssuersslTrus
Subject*.yzcdn.cn
Fingerprint6A:A8:BA:7C:D4:B4:86:0B:74:EB:E6:19:C8:69:2E:8B:13:6C:1E:1B
ValidityThu, 09 Nov 2023 00:00:00 GMT - Mon, 09 Dec 2024 23:59:59 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
8.9 kB (8886 bytes)
Hash
f87c46f346a5548224ccbe0b6bd75df5
8e8b8bd4ba3e6b6c8557d94a726061fdd62492fd
b6304eb9b754d38d3ad74d0acce42c156536840351368ed3e4895a6b50cd9370

HTTP Headers

GET /vant/icon-demo-1126.png HTTP/1.1
Host: b.yzcdn.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Jun 2024 01:06:24 GMT
content-type: image/png
content-length: 8886
server: openresty
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=2592000
content-disposition: inline; filename="icon-demo-1126.png"; filename*=utf-8''icon-demo-1126.png
content-md5: +HxG80alVIIkzL4La9dd9Q==
content-transfer-encoding: binary
etag: "Fo6Li9S6PmtshVfZSnJgYf3WJJL9"
last-modified: Mon, 26 Nov 2018 11:08:05 GMT
x-reqid: YyIAAAASg9geDiAX
x-svr: IO
x-qiniu-zone: 0
x-log: X-Log
x-ser: BC5_dx-lt-yd-zhejiang-huzhou-3-cache-7, BC165_lt-obgp-fujian-xiamen-33-cache-1, BC132_IT-Lombardia-Milan-1-cache-1, BC46_DE-Frankfurt-Frankfurt-11-cache-4
x-cache: HIT from BC46_DE-Frankfurt-Frankfurt-11-cache-4(cloudsvr)
X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1252246561845542944/1252246605730680882/ver.mp4?ex=66718508&is=66703388&hm=41e2c2fdccadcdfc2093ed0ae99aebf2bcaca8a8fe3ad1b6996adcaaab4f834d&

162.159.129.233

404 Not Found

0 B

URL GET HTTP/2
cdn.discordapp.com/attachments/1252246561845542944/1252246605730680882/ver.mp4?ex=66718508&is=66703388&hm=41e2c2fdccadcdfc2093ed0ae99aebf2bcaca8a8fe3ad1b6996adcaaab4f834d&
IP
162.159.129.233:443
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959
Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /attachments/1252246561845542944/1252246605730680882/ver.mp4?ex=66718508&is=66703388&hm=41e2c2fdccadcdfc2093ed0ae99aebf2bcaca8a8fe3ad1b6996adcaaab4f834d& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://vaer63kmp.cc/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 18 Jun 2024 01:06:23 GMT
content-type: application/xml; charset=UTF-8
content-length: 229
cf-ray: 8957605ef8c9b4ee-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: public, max-age=31536000
content-disposition: attachment
expires: Wed, 18 Jun 2025 01:06:23 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-guploader-uploadid: ABPtcPpcAro80CPzBPoRWhCqEu-Q-KfrX_3v4quANA3_tFUsB0RNqjIWuK401CbC-uR1kQMcz0U
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fId91P2qCSankEqcQOEmViGo9x2TH0hBeH5OggYgtMz2B35ZMTKgljvm5mjCHhAxtKUdz7sjRhFg0f0gDOzynpT9JiVWgWhghwj0c1Yo8HfTNc6l%2FdHtasvsbt6e1aSzpXf5NA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=Sl5Oonw7J0_8dMA1Or9Pl6RjTPZ_lEL22oF6KdyOlxs-1718672783-1.0.1.1-N0AdwhzlUOfkdXL..IudsJbomh9aXRjkPDaQQpbm_NngJsXXJtA6v15C.rkq_B.IWjob.uN7L6k3u9X_BW8.cg; path=/; expires=Tue, 18-Jun-24 01:36:23 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=A8pDoRkMEdxxXpsWxY0C6UNFs9C.q9IfL7mnJxfc0yo-1718672783243-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

vaer63kmp.cc/socket.io/?EIO=3&transport=websocket

172.67.207.62

101 Switching Protocols

0 B

URL GET HTTP/1.1
vaer63kmp.cc/socket.io/?EIO=3&transport=websocket
IP
172.67.207.62:443
ASN
#13335 CLOUDFLARENET

Requested by
http://vaer63kmp.cc/invite/i=959
Certificate
IssuerGoogle Trust Services
Subjectvaer63kmp.cc
FingerprintFC:C9:1A:7D:48:3A:5E:CE:61:57:DC:D6:AF:92:94:ED:AD:5C:9F:AC
ValidityFri, 14 Jun 2024 13:47:49 GMT - Thu, 12 Sep 2024 13:47:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: vaer63kmp.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://vaer63kmp.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yqpIHefBUSAU0pVZT27HxA==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: cf_clearance=ulcfE5E30GJ36dBhElxQgFIlChidsLOlj8mkGCTzxL0-1718672773-1.0.1.1-MU6jX_ZosNhdC8Mp.0jIxPRfTwvDo90jpsXP7qC4ZYsg2m.BGTvcHbBEe1GU4IBggMMnITeP4Zo20Ta2M.Uhpg; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 18 Jun 2024 01:06:23 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tnw4trpCQKM1B2NPPSOd9L8cloU=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mir7FR%2B7wJMTMydwCaPa0SFaxetJKFQJgMRS9NBLqPbLn4h37dLTikF3ZNHp37JNZiQLYs1Kknr91BH5R1sQU9nJCUukSmFvCjSUi0JSm0dehWJPl2XeCfBt0qzz0hA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8957605edc241bfe-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (29)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations