Report - kpr38ui452f6.xyz/

Report Overview

Submitted URL
kpr38ui452f6.xyz/
IP
104.21.29.193
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 22:36:20
Access
public
Website Title
kpr38ui452f6.xyz/
Final URL
kpr38ui452f6.xyz/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
may.xz9wasyqwyac.xyz	unknown	unknown	No data	No data	505 B	2.1 kB	198.16.61.234
ios.xl3r2w4x83re.xyz	unknown	unknown	No data	No data	6.5 kB	1.1 MB	104.21.7.144
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-25	512 B	1.2 kB	35.244.181.201
kpr38ui452f6.xyz	unknown	unknown	No data	No data	1.8 kB	30 kB	104.21.29.193
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09	2024-04-25	672 B	1.6 kB	104.18.38.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	kpr38ui452f6.xyz	Sinkholed
2024-04-26	medium	kpr38ui452f6.xyz	Sinkholed
2024-04-26	medium	kpr38ui452f6.xyz	Sinkholed
2024-04-26	medium	xz9wasyqwyac.xyz	Sinkholed
2024-04-26	medium	kpr38ui452f6.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	unknown	47 B	2023-04-11	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:25:25 Last Seen2024-05-07 10:30:20 Times Seen4849 Hash 2512414f817df8312569d55032748f81 13467df6e962aa77bb36867ff1412e1ba9f8feb1 e193735f8d500f10e2cdc6a94f5a43fb0257c1e2f8afc10fa04f0e3761d258de Loading...

	ios.xl3r2w4x83re.xyz/assets/js/taozi.js?t=202404151906	11 kB	2024-04-27	2024-04-27
Pretty URL ios.xl3r2w4x83re.xyz/assets/js/taozi.js?t=202404151906 IP 104.21.7.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 00:36:26 Last Seen2024-04-27 00:36:26 Times Seen1 Hash 80dc088695560340cc2fb9d0169dc2d8 73303236bde0c5e3eb64a99ae3870548a30e7b9c 8747cd4c1202ee90d14bb8e5a2bd2a1a9b73605431c85738121ea311b6b99c15 Loading...

	kpr38ui452f6.xyz/assets/js/iframe.js?t=202404151807	9.6 kB	2024-04-27	2024-04-27
Pretty URL kpr38ui452f6.xyz/assets/js/iframe.js?t=202404151807 IP 104.21.29.193 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 00:36:26 Last Seen2024-04-27 00:36:27 Times Seen2 Hash 921d2c5e4a04aa55dbbe27af7c1d304d 640e5a4b2fa6cef245e33f7f413c5da28dc7d982 c8ad10a675004d0375d959bceaab87a82738f352f2feb60d344054f643f10cf7 Loading...

	ios.xl3r2w4x83re.xyz/assets/js/public.js	26 kB	2024-04-27	2024-04-27
Pretty URL ios.xl3r2w4x83re.xyz/assets/js/public.js IP 104.21.7.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 00:36:26 Last Seen2024-04-27 00:36:27 Times Seen2 Hash a1d01edc5b68a0e0da6ecb0b3d482388 cf48c76b1408e9f0c653636560c988eb33605f07 be7e76e60cf9a0a86566fb500d7569ef4ad65f9432bb4127d91d72c6485a6e94 Loading...

	ios.xl3r2w4x83re.xyz/assets/js/jquery.min.js	96 kB	2023-03-07	2024-05-07
Pretty URL ios.xl3r2w4x83re.xyz/assets/js/jquery.min.js IP 104.21.7.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-07 09:48:20 Times Seen47128 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	ios.xl3r2w4x83re.xyz/assets/js/setRem.js	816 B	2024-04-27	2024-04-27
Pretty URL ios.xl3r2w4x83re.xyz/assets/js/setRem.js IP 104.21.7.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 00:36:26 Last Seen2024-04-27 00:36:27 Times Seen2 Hash c8d03e701578255528b9fb579064124b 6eddc92de9a0fcfa5a5e90e3001b184217efe6c2 a37c3bae88c2475b0f07791accf10692eaed06cb371998ab1761f7e6040a0b21 Loading...

	unknown	37 B	2023-04-11	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31:25 Last Seen2024-05-07 12:03:24 Times Seen234592 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	unknown	79 B	2023-04-11	2024-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38:58 Last Seen2024-05-07 11:59:55 Times Seen125576 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	ios.xl3r2w4x83re.xyz/web1679/	0 B	2023-03-07	2024-05-07
Pretty URL ios.xl3r2w4x83re.xyz/web1679/ IP 104.21.7.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 12:06:06 Times Seen37401162 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	kpr38ui452f6.xyz/assets/js/crypto-js.min.js	48 kB	2023-03-10	2024-04-27
Pretty URL kpr38ui452f6.xyz/assets/js/crypto-js.min.js IP 104.21.29.193 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 18:36:37 Last Seen2024-04-27 00:36:27 Times Seen96 Hash c8b215ef1c396901ab19c41a7ac42cd7 00e971d00ca3e26ef1bc0f7586e16c5e30296ebe 817c88066f7a344d4471bb20d30652e641f498eedd9c28e5a6ed661c67795010 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 2dce3f82fd1c640e8d8521e1a29ac009	125 B	2024-04-27	2024-04-27
Pretty Observations First Seen2024-04-27 00:36:26 Last Seen2024-04-27 00:36:27 Times Seen1 Hash 2dce3f82fd1c640e8d8521e1a29ac009 5b7e02901c090c8b46ff02d95d350789527aaab9 f70034c15e1cb2aebd4021383404136217db97fb740e220743f3dfe35ed0b2b1 Loading...

	#2 Eval - 486d0b08d4a1c53687b8675c32ecfd3e	74 B	2024-04-27	2024-04-27
Pretty Observations First Seen2024-04-27 00:36:27 Last Seen2024-04-27 00:36:27 Times Seen1 Hash 486d0b08d4a1c53687b8675c32ecfd3e ed54d748c7cd1b1fc6f58d910c92c82115449ce5 2927bfa57cd439bd2c220a8abfbba4afcc61cfa0d1c4acd04b8d40841ffedeef Loading...

HTTP Transactions (22)

URL IP Response Size

kpr38ui452f6.xyz/

104.21.29.193

200 OK

1.1 kB

URL User Request GET HTTP/2
kpr38ui452f6.xyz/
IP
104.21.29.193:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectkpr38ui452f6.xyz
FingerprintE0:16:EF:98:A2:45:9C:A6:14:97:02:68:F0:49:04:AA:83:A8:CE:08
ValidityTue, 19 Mar 2024 07:44:32 GMT - Mon, 17 Jun 2024 07:44:31 GMT

File type
HTML document, ASCII text
Size
1.1 kB (1064 bytes)
Hash
778f65f6a16b62625e48d50ae8f20d3d
8ccf29dbd9967f8cd1c79aca8fb33d8a8cf6156a
6b84d80f5664a3af294452123fd074e72c1c652c2b0dfe5d83b55140144aa1f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: kpr38ui452f6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:35:54 GMT
content-type: text/html
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=li7j8v7IK%2FhOQvOK6pwQ9PSi2Ebkde4RfIXOMUlE%2F%2FL%2F%2ByiHZrcUuH05mOVzStYoZzCvn4v9molZ3p4kSUL2M6oK1FAKVHxL854l3zRV9sLh4%2F%2BHMgrbnqkbQx1lUZcRnES1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa0c6d5e7cb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

kpr38ui452f6.xyz/assets/js/iframe.js?t=202404151807

104.21.29.193

200 OK

9.4 kB

URL GET HTTP/3
kpr38ui452f6.xyz/assets/js/iframe.js?t=202404151807
IP
104.21.29.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kpr38ui452f6.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectkpr38ui452f6.xyz
FingerprintE0:16:EF:98:A2:45:9C:A6:14:97:02:68:F0:49:04:AA:83:A8:CE:08
ValidityTue, 19 Mar 2024 07:44:32 GMT - Mon, 17 Jun 2024 07:44:31 GMT

File type
JavaScript source, ASCII text, with very long lines (9626), with no line terminators
Size
9.4 kB (9441 bytes)
Hash
921d2c5e4a04aa55dbbe27af7c1d304d
640e5a4b2fa6cef245e33f7f413c5da28dc7d982
c8ad10a675004d0375d959bceaab87a82738f352f2feb60d344054f643f10cf7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/iframe.js?t=202404151807 HTTP/1.1
Host: kpr38ui452f6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kpr38ui452f6.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:55 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: W/"66266208-259a"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o1yan3QqX4X54XY6jhE0JnGYQ4gCBogfab5pvDm0R6c0xYIoimBDfapCbeWNWF5XflGNiNSXNocnrOZmaATKnwqcbVpNwmKvGPfJPawszKARb460%2FqTe%2FmCK34WTqG1xxaE8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c7239e0b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

zerossl.ocsp.sectigo.com/

104.18.38.233

315 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.38.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
315 B (315 bytes)
Hash
f1fb3d5e73849a166e624b2363ba83be
46b38daf1cbc87db075e01064c6b76f104131ec8
a01d67cd665dc341885508d26de95ca0d733bcff8117bcb61a4ec172d2031752

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 22:35:56 GMT
Content-Type: application/ocsp-response
Content-Length: 315
Connection: keep-alive
Last-Modified: Wed, 24 Apr 2024 20:05:25 GMT
Expires: Wed, 01 May 2024 20:05:24 GMT
Etag: "46b38daf1cbc87db075e01064c6b76f104131ec8"
Cache-Control: max-age=422367,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 87aa0c7e9b57b4fd-OSL

zerossl.ocsp.sectigo.com/

104.18.38.233

315 B

URL
zerossl.ocsp.sectigo.com/
IP
104.18.38.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
315 B (315 bytes)
Hash
f1fb3d5e73849a166e624b2363ba83be
46b38daf1cbc87db075e01064c6b76f104131ec8
a01d67cd665dc341885508d26de95ca0d733bcff8117bcb61a4ec172d2031752

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 22:35:56 GMT
Content-Type: application/ocsp-response
Content-Length: 315
Connection: keep-alive
Last-Modified: Wed, 24 Apr 2024 20:05:25 GMT
Expires: Wed, 01 May 2024 20:05:24 GMT
Etag: "46b38daf1cbc87db075e01064c6b76f104131ec8"
Cache-Control: max-age=422367,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 87aa0c7e9f9cb50b-OSL

kpr38ui452f6.xyz/assets/js/crypto-js.min.js

104.21.29.193

200 OK

17 kB

URL GET HTTP/3
kpr38ui452f6.xyz/assets/js/crypto-js.min.js
IP
104.21.29.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kpr38ui452f6.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectkpr38ui452f6.xyz
FingerprintE0:16:EF:98:A2:45:9C:A6:14:97:02:68:F0:49:04:AA:83:A8:CE:08
ValidityTue, 19 Mar 2024 07:44:32 GMT - Mon, 17 Jun 2024 07:44:31 GMT

File type
JavaScript source, ASCII text, with very long lines (47576), with no line terminators
Size
17 kB (16595 bytes)
Hash
c8b215ef1c396901ab19c41a7ac42cd7
00e971d00ca3e26ef1bc0f7586e16c5e30296ebe
817c88066f7a344d4471bb20d30652e641f498eedd9c28e5a6ed661c67795010

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/crypto-js.min.js HTTP/1.1
Host: kpr38ui452f6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kpr38ui452f6.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:55 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: W/"66266208-b9d8"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n5c1DWpcFqDTd0nrQpuw5lSPkY2AkMqYmXf7XN0jpsXSebGh5XouTEXGOgKToolcMPwGv%2F57CRL2CKEQmvwApN3N5EVNOh84SUn31U33DrnbrHZSEj7wWaVdlsShte7BmF5N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c7239dfb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

may.xz9wasyqwyac.xyz/fast-endecode/main/request

198.16.61.234

200

1.9 kB

URL OPTIONS HTTP/1.1
may.xz9wasyqwyac.xyz/fast-endecode/main/request
IP
198.16.61.234:443
ASN
#40065 CNSERVERS

Requested by
https://kpr38ui452f6.xyz/
Certificate
IssuerZeroSSL
Subject*.xz9wasyqwyac.xyz
Fingerprint1C:F4:30:9C:C3:27:F8:04:DD:AD:B1:9D:11:A8:1E:77:A6:F8:4F:B5
ValidityMon, 15 Apr 2024 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JSON text data
Size
1.9 kB (1912 bytes)
Hash
bc2f4ea7a6ceb2a13a34f16a6e56e7aa
1305f9cdadca19ec556c1293dd7ebf163e8640c8
7d23d5ad8650534dffe589e4e0d262115ea58e335309d47efe79024df65a20a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fast-endecode/main/request HTTP/1.1
Host: may.xz9wasyqwyac.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kpr38ui452f6.xyz/
Content-Type: application/json
Content-Length: 96
Origin: https://kpr38ui452f6.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.17.6
Date: Fri, 26 Apr 2024 22:35:57 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin

ios.xl3r2w4x83re.xyz/assets/images/msg.png

104.21.7.144

200 OK

14 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/images/msg.png
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
PNG image data, 132 x 132, 8-bit/color RGBA, non-interlaced
Size
14 kB (13900 bytes)
Hash
a66654f787c6b7fb5d8451e64531cc27
242ddada957574e0869908cdab4d76aeabcb3ba1
b0f2cd02de4d2a5eccd30f40abacb5224478e521e357994d685cfc8af7301372

HTTP Headers

GET /assets/images/msg.png HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:58 GMT
content-type: image/png
content-length: 13900
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: "66266208-364c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z4638RXCg94eQlQ3PjAWOCvp0arDAkUU1Hu2wsP%2FCnViDScVD4yxNcFowpfMZ2n%2BiOdW85HQd53CckrHOrXhgnesCbquumkpYuW0R3SXhuLzsCPKW9FKN99ZRZH1VA2nsyUEcDeEEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c894d0f56cb-OSL
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/images/ios.png

104.21.7.144

200 OK

1.1 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/images/ios.png
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1101 bytes)
Hash
913e924b4bd4f0fa761db9b888327f8c
7bde9ec1ab3d0ad940fd4ad86618fa88a67a93b3
dc426d9c18309ea720c62cd49d2d986f5cd9fd33ac87f4f5de3567bde95bf142

HTTP Headers

GET /assets/images/ios.png HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/assets/css/index.css?t=202401272331
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:59 GMT
content-type: image/png
content-length: 1101
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: "66266208-44d"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ErCC34LU%2Bgh0SHhng48yWIXQdOTSIu6bzeqlZBBBsta%2FXcW7cwe0s2RK6S%2FUROGIfHi10tfB0PLJmzi0ts%2BauqrxxKBT9qRuPjtv%2BW3Hv6Ns4rRIift%2FoEryg7ILXfFPkapXOk85Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c8caf8856cb-OSL
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/images/logo.png

104.21.7.144

200 OK

29 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/images/logo.png
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Size
29 kB (28657 bytes)
Hash
d46ef61ddc789e67cdbea1b2a05b2fe6
ca281184dbc027ba70082736bc43279da27db22e
44d1d363baf54146723410ea2d0b74ec4e17d4abfd4054d9d3f6f0f9d71dd0b1

HTTP Headers

GET /assets/images/logo.png HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/assets/css/index.css?t=202401272331
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:59 GMT
content-type: image/png
content-length: 28657
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: "66266208-6ff1"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vmOg%2BgbcwjbcOTBQ%2BpQWCf1ncg6SUK2hJbJcWNbBZl09SbuDK7yiy%2FFWmTNYUkoPzK%2FlcGQdbxZNEo0j8ShqCF2QcfsNQcCKwRj02o%2FLP5mjnYrgKAGUuw9vBpb7wXgSGhtkmuT0SA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c8c9f7b56cb-OSL
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/css/index.css?t=202401272331

104.21.7.144

200 OK

56 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/css/index.css?t=202401272331
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
ASCII text
Size
56 kB (56056 bytes)
Hash
221f469401628d850b1bdac3c1ceca55
f438df35824691db7cab0e5e6623a26939b3b0d8
caa1099631fb10b0c47b2edb10a8f9de068288762a4d77135744cecd90428aa4

HTTP Headers

GET /assets/css/index.css?t=202401272331 HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:58 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
vary: Accept-Encoding
etag: W/"66266208-d1d"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vebaaoLBtNjZAuPma8pHLHG28vD33QmH0iUBAb2D7mQhzlF4ADNFUShmhX4hSUfhuOCHK0CuMiH2xv6iqZTcaEDEG288QD9lG%2FNZL1H9tF4GHhkMMqtWYXzWtt7anhDcjVyE3NqnHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa0c894d0956cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/images/jiaocheng.png

104.21.7.144

200 OK

458 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/images/jiaocheng.png
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
PNG image data, 750 x 6342, 8-bit colormap, non-interlaced
Size
458 kB (457510 bytes)
Hash
f83a8e18a889c4213f4a87beaae81a5e
def97eae901d5fefe156af9f57970570c2b10ff3
d5e9ba4da9773ea701d69a76766a061ca75ce51f712e0f487bf101a4605325b6

HTTP Headers

GET /assets/images/jiaocheng.png HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:59 GMT
content-type: image/png
content-length: 457510
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: "66266208-6fb26"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P9ZDj6ECMIM8sAaNMm9I8tAW3nKcSxJom7rWnk7r4c6YfpnhSynsOT%2BGSWyVzLUry7zsncYNrvKhqLxEmkbWt6j6kM4oaGAfVcE6tCMkSyzFo7hiQsohW5CPMPRIuPGafu4y4Eopxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c894d0d56cb-OSL
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/js/setRem.js

104.21.7.144

200 OK

141 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/js/setRem.js
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
141 kB (140840 bytes)
Hash
c8d03e701578255528b9fb579064124b
6eddc92de9a0fcfa5a5e90e3001b184217efe6c2
a37c3bae88c2475b0f07791accf10692eaed06cb371998ab1761f7e6040a0b21

HTTP Headers

GET /assets/js/setRem.js HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:58 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: W/"66266208-330"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=311geFXjr4y77zDipLCOk%2BBOdbOusYW%2B307TfrwzeGxaaaKxH7POuy32dRWP7roMbZ4zujy4aLnovAc2zkhVeckrlwQEbfWPBM1quMmkFmy2c%2Bw3XgmJcEDsgh7QOGnTcrqa0GVQ2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c895d2256cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=3Q19uJ3G8VwXTu1j3mGgCaKn6gblCmg9dXtQpAldeYxHBXJLUq5OUnaz1VUyUeXnxS76yNjFjGtq_KaPXETJ3S8FBMumYaeqm7Mxbl_xML3bpdUqXzvg86OC0MDZ2XNH
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Fri, 26 Apr 2024 22:34:56 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 76
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

ios.xl3r2w4x83re.xyz/assets/js/public.js

104.21.7.144

200 OK

26 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/js/public.js
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
JavaScript source, ASCII text
Size
26 kB (25762 bytes)
Hash
a1d01edc5b68a0e0da6ecb0b3d482388
cf48c76b1408e9f0c653636560c988eb33605f07
be7e76e60cf9a0a86566fb500d7569ef4ad65f9432bb4127d91d72c6485a6e94

HTTP Headers

GET /assets/js/public.js HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:59 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: W/"66266208-64a2"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fB2tXWTvk63iWK3TmfjpcfB3jHdJghmfwwWHXnKhiUCxwQYbM583t8dvCBmRKURvQOs0yGAh%2FpXhoLwzSsyB1FWw8hR%2B9jRO7iVCbwTJQN7zP1II8OC%2BCt02zCZyZhf2gKRwJ%2FTOIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c895d1f56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/js/jquery.min.js

104.21.7.144

200 OK

96 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/js/jquery.min.js
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
96 kB (95786 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:59 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: W/"66266208-1762a"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwKKx3ZG2tVdYD04%2F4Kw4I0lfX6LF7Vtoj3ve3J0o%2FlMqHG2RCxYqzu15Nqw4WJtD4tL0zajVMJcZamJc0SnyJPvK2XZXMFzTZYnAEEWm99qoO3mzl6xbNFXQ%2BIn1TyUpzs7ffevEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c895d2156cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kpr38ui452f6.xyz/favicon.ico

104.21.29.193

404 Not Found

153 B

URL GET HTTP/3
kpr38ui452f6.xyz/favicon.ico
IP
104.21.29.193:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kpr38ui452f6.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectkpr38ui452f6.xyz
FingerprintE0:16:EF:98:A2:45:9C:A6:14:97:02:68:F0:49:04:AA:83:A8:CE:08
ValidityTue, 19 Mar 2024 07:44:32 GMT - Mon, 17 Jun 2024 07:44:31 GMT

File type
HTML document, ASCII text, with no line terminators
Size
153 B (153 bytes)
Hash
305bdc98ec6e2316ac27458771c3308a
75a5ed9ebf065c0a9dbbb40cfa3186f3dea4b6da
621fa8ceba6401ee4c366651058204529c4f92565b0196fe9dfa8f972463993e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: kpr38ui452f6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kpr38ui452f6.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 22:35:56 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E0fkgruex7VuuGRXB4h1lSFjM6BBT5IeoN9ToAZPFX6Sd603dccuzZ8Kf%2Bukmc5G8WsjaR5Kfahb05qSdl43VtrOJfo4iCMj7HMA%2FeUH1osP5KgbtAMFXWhiQ3ZLVgKGRwFW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa0c7adfa4b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/images/title.png

104.21.7.144

200 OK

55 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/images/title.png
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
PNG image data, 625 x 136, 8-bit/color RGBA, non-interlaced
Size
55 kB (55062 bytes)
Hash
f3f4c276b1db1f99f43458a1fe64b5b5
9de7f662c97574359a9544991ec25645e57ae466
98eb95fab1c69b84297a59003b65c6adf8a0b08b661f55174b59a63d3654d67b

HTTP Headers

GET /assets/images/title.png HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/assets/css/index.css?t=202401272331
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:59 GMT
content-type: image/png
content-length: 55062
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: "66266208-d716"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w2b9q6C3Ul80pi7vxaR7121GFGCTxYn1K9js52WnAqW1nzysLoKY6abF7S4pEPIS9Hsy77e%2F4fbaDLh4tVk584yxa2Nnlwfm33f5FPX1WIMafEzWrv9LKhJ1%2BpTR7xKv2RAZR%2Bittg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c8c9f7e56cb-OSL
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/css/common.css?t=202401272331

104.21.7.144

200 OK

516 B

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/css/common.css?t=202401272331
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
ASCII text, with very long lines (586), with no line terminators
Size
516 B (516 bytes)
Hash
70c81a7532f4854a88962543f07fed30
7faec1428e88dbccbda8c79edf9c780cb8363b2f
d3c801d2d9ba593b0a4722b3f8f56d64159c2e096adf9b5ee4d72361ecb6f180

HTTP Headers

GET /assets/css/common.css?t=202401272331 HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:58 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
vary: Accept-Encoding
etag: W/"66266208-204"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OJgNd3RRW5subIVVQR7tU2%2F9bW%2F3YwZ0y22dxbo6%2FDtgOhHuWs%2BM3EuAeV1qkCydHoflsXWj9bD%2B07f9GnmQffNwJ9ggHo82mnZgIJaNEd5syWMXyofCfTzl%2FMl250isIdmV3jKefg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa0c894d0456cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/js/taozi.js?t=202404151906

104.21.7.144

200 OK

11 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/js/taozi.js?t=202404151906
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type

Size
11 kB (11275 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /assets/js/taozi.js?t=202404151906 HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:58 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: W/"66266208-2c0b"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A2XutasttWNnK86zSZTMmFx3UV%2FvoczUGeEdH5lqMNAOG0OwHAxGR2N%2BghY8PPTHvfWMxAi5ouPmwHLNlhL16uX%2BZXaGqeF1ftS7EVJqZhpMXvIZPNbvBjBLECYRaYRAR696ZdDLCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c895d2e56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/assets/images/bg1.jpg

104.21.7.144

200 OK

140 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/images/bg1.jpg
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 749x1165, components 3
Size
140 kB (140443 bytes)
Hash
857c2c477d43d2a9c9e03258548bbff9
1b53ceda642886459a872c4c8abe2072459cb47a
c58c16b12c220fd433846d424dddd9a82d230fd39cd715b30a3b1df98b6a7501

HTTP Headers

GET /assets/images/bg1.jpg HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/assets/css/index.css?t=202401272331
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:59 GMT
content-type: image/jpeg
content-length: 140443
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: "66266208-2249b"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RQe0Cw%2F6Z5UcvbV9uQe1iBezXHodJ31TNe8AKFof2IvgH%2BxKJLIpir8UNI5O2d3wEX31puauuDZTD24ObhzpsePGRXhdR7Nke0E1uxMqV23faG9ezXhbQ0doiMFedJqansEJUoVi3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c8c9f7856cb-OSL
alt-svc: h3=":443"; ma=86400

ios.xl3r2w4x83re.xyz/web1679/

104.21.7.144

200 OK

2.8 kB

URL GET HTTP/2
ios.xl3r2w4x83re.xyz/web1679/
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kpr38ui452f6.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
HTML document, ASCII text, with very long lines (2908), with no line terminators
Size
2.8 kB (2754 bytes)
Hash
9905a9250a5f8ceed3e584c6cf8e9908
8c828cf99ad3554a702a8622ce1b49ddbd6b54d7
51dd1c4510a7b40cd32eda09629ec5bdd6bbf9ffdf3732d0446930f6d1bfa08b

HTTP Headers

GET /web1679/ HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kpr38ui452f6.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 22:35:58 GMT
content-type: text/html
last-modified: Mon, 22 Apr 2024 13:11:39 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LVcGQsmCdIt756HFA249P6LWafkN214CC66N46%2Fja%2BdRdiPr7J3z%2B%2BB3fDlOixJFPJL17KCIb6RG%2FnU1a3wqKIboVW9mqV%2FdUwu49e9Y%2BjBPUOKDOLT61AfzQpjLrinQcPHNGGo%2Bxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa0c85685856ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ios.xl3r2w4x83re.xyz/assets/js/crypto-js.min.js

104.21.7.144

200 OK

48 kB

URL GET HTTP/3
ios.xl3r2w4x83re.xyz/assets/js/crypto-js.min.js
IP
104.21.7.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ios.xl3r2w4x83re.xyz/web1679/
Certificate
IssuerGoogle Trust Services LLC
Subjectxl3r2w4x83re.xyz
Fingerprint6E:14:11:5A:6B:C6:22:6E:B2:7D:E4:EE:F4:33:D7:09:67:8E:21:73
ValidityWed, 17 Apr 2024 11:11:10 GMT - Tue, 16 Jul 2024 11:11:09 GMT

File type
JavaScript source, ASCII text, with very long lines (47576), with no line terminators
Size
48 kB (47576 bytes)
Hash
c8b215ef1c396901ab19c41a7ac42cd7
00e971d00ca3e26ef1bc0f7586e16c5e30296ebe
817c88066f7a344d4471bb20d30652e641f498eedd9c28e5a6ed661c67795010

HTTP Headers

GET /assets/js/crypto-js.min.js HTTP/1.1
Host: ios.xl3r2w4x83re.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ios.xl3r2w4x83re.xyz/web1679/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 22:35:59 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 13:11:36 GMT
etag: W/"66266208-b9d8"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dQHg%2BCa%2Fr3laYNreV2ido3sgp%2FwEVOZz49RjZUoQkM7NLCk5SY%2FLej%2BTjpUMRQzm1pa5U9wqEqoI956QxOyI6P3XzMdwMMvsQtbtV%2FVHvgnEo20bO%2FdW1BRYLcSLGWod9PSs4XFrGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa0c895d2b56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash