Report - 9irrkt8b54.xyz/

Report Overview

Submitted URL
9irrkt8b54.xyz/
IP
172.67.134.207
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 17:46:06
Access
public
Website Title
home
Final URL
9irrkt8b54.xyz/pc/index.html#/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
278

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10	2024-05-09	668 B	2.9 kB	150.139.142.18
txtimg.msud6g.com	unknown	unknown	No data	No data	26 kB	0 B	0.0.0.0
www.shareinstall.com.cn	unknown	2018-09-17	2019-04-04	2023-10-22	406 B	0 B	0.0.0.0
api.3hfdkg.xyz	unknown	2023-06-05	2023-08-02	2023-12-03	6.8 kB	828 kB	172.67.174.98
xkm.covers.zhgxb6.xyz	unknown	unknown	No data	No data	21 kB	3.4 MB	54.230.111.97
ad.xmmnsl.com	341119	2019-10-01	2022-03-20	2023-04-28	8.3 kB	3.9 MB	194.53.53.6
amjs.xylhwdu.com	unknown	unknown	No data	No data	808 B	515 kB	163.171.134.108
888bbb777www.com	unknown	unknown	No data	No data	413 B	140 kB	143.92.34.170
9irrkt8b54.xyz	unknown	2023-11-15	2023-12-27	2024-03-02	48 kB	4.5 MB	172.67.134.207
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	814 B	25 kB	104.17.24.14
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	807 B	165 kB	142.250.74.168
xkm.vip.covers.vxd3k0.xyz	unknown	unknown	No data	No data	1.6 kB	646 kB	54.230.111.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	xylhwdu.com	Sinkholed
2024-05-10	medium	xylhwdu.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	9irrkt8b54.xyz	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed
2024-05-10	medium	msud6g.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/js/swiper.min.js	96 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/js/swiper.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:19 Last Seen2024-05-20 16:35:58 Times Seen1636 Hash fb13ef3e875ca3497ede35d3774be9d3 ab0743a89d522438c17ae7eaf5943fd4590ee3d0 4a10219bee747aadeeda78f166d787adf32583f361f88d44b472f6f3da798083 Loading...

	9irrkt8b54.xyz/pc/sandbox%20eval%20code	147 B	2023-04-11	2024-05-20
Pretty URL 9irrkt8b54.xyz/pc/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 23:03:02 Times Seen351503 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-20
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 23:03:02 Times Seen350988 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=UA-171129963-2	209 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=UA-171129963-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 19:46:16 Last Seen2024-05-10 19:46:16 Times Seen2 Hash 38c04c143487973285657db1b12645ac 1cc89b3528ad1d7f6643c1cc4aade7e837a5ff47 2243107757e8a082846acb82ece1ba4aa3193f51109ee1657a4e9124ec6fd3b0 Loading...

	9irrkt8b54.xyz/pc/static/js/chunk-0f63a0ff.1f24c025.js	30 kB	2023-12-03	2024-05-10
Pretty URL 9irrkt8b54.xyz/pc/static/js/chunk-0f63a0ff.1f24c025.js IP 172.67.134.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 17:54:50 Last Seen2024-05-10 19:46:16 Times Seen7 Hash 20a63a1dbd10c8b2969faab9aebef2bf 47a58055b25e6314ba0c0fcafa2cf943a71a0c95 9ce6f211cfdc206d67702f154af3d786718b65e2de6721cf2b17d99136a0911d Loading...

	9irrkt8b54.xyz/pc/static/js/index.02972eef.js	1.5 MB	2023-12-03	2024-05-10
Pretty URL 9irrkt8b54.xyz/pc/static/js/index.02972eef.js IP 172.67.134.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 17:54:50 Last Seen2024-05-10 19:46:16 Times Seen5 Hash 7265913a1e39e7f774952f451c57cb96 7f90d4335fc852034643fa66daeb16d68e273c65 0572abaac5613b6671a955d893e0e29b2fc3bc8cbb6a3fd0e2c89df094e44b9c Loading...

	9irrkt8b54.xyz/pc/index.html	167 B	2023-08-02	2024-05-10
Pretty URL 9irrkt8b54.xyz/pc/index.html IP 172.67.134.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-02 15:59:29 Last Seen2024-05-10 19:46:16 Times Seen4 Hash 63338fcdf2fda8f677aec6cd81ef3623 1e100645522077975ec4ee010c47d932e2f51019 8bbcb8fef095e7b4342eb523a15fb04a9d50bcd5f806b6ad85b9e5e06e698f1a Loading...

	www.googletagmanager.com/gtag/js?id=G-JLHM041W4B&l=dataLayer&cx=c	250 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-JLHM041W4B&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 19:46:16 Last Seen2024-05-10 19:46:16 Times Seen2 Hash 953f6671d0792fa9848cbd43998b7e1d a2d7373a2a2d10d442440bdbe1f54a29b3577e09 1bc2236575fa04bdb48eb28381e475425d635bc7fad65fc77c22b3b3ea341278 Loading...

		Size	First Seen	Last Seen
	#1 Write - e0cf91412acb824bd2a8395c9d78913d	4.0 kB	2023-12-03	2024-05-10
Pretty Observations First Seen2023-12-03 17:54:50 Last Seen2024-05-10 19:46:16 Times Seen3 Hash e0cf91412acb824bd2a8395c9d78913d a77b67ceb4f391df2872045a16fe1849b57e3720 0e148430ce645220ed1c8faeec2c19acc27c841af110f0d72adf60c9cf60737b Loading...

HTTP Transactions (229)

URL IP Response Size

9irrkt8b54.xyz/img/bg.png

172.67.134.207

725 kB

URL
9irrkt8b54.xyz/img/bg.png
IP
172.67.134.207:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Size
725 kB (724617 bytes)
Hash
62a164126bd91b47744d7fb86268b0a1
07d979c09484f36fc4218c157d24c6bfeb5851f1
2a19316a255c35ed84b7543cc1ba62764ae4aa948ec2d0ae614139a8e5f60c0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bg.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9irrkt8b54.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:34 GMT
content-type: image/png
content-length: 724617
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-b0e89"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NdUHan4bmudd%2FFUTod7nO88qAQsshr6XPpj3kAnJJ2u%2BG049aHC%2FJK4KUyJidx78MHldKYoLhCrk4DKSM0PtRulEoYuHG6eEu8whxprRcuq%2FECUzAZBXn0jyscmkq7Qufw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe60ba8c5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/

172.67.134.207

10 kB

URL
9irrkt8b54.xyz/
IP
172.67.134.207:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (8137), with no line terminators
Size
10 kB (10120 bytes)
Hash
f576133f9fbb8d8ba84c9416ede93f29
62f931e8b79bf0f602d671a151ef9f2e33f34f17
fd89e1337239fac5d9b916444d6487c355fa57f9771704c57fbceda2b9169193

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:33 GMT
content-type: text/html
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X5yw4n%2B%2FpSdXXusv3NGsufEyH6MTYRfSyR2oGCh0Ph7IigaK9nLBXqL1SURkWVeF2VR8B4oEC0ssriHWX64A%2FI8CS8tVa0a5TEysJ02tHHXBVnshvL9vhijo77qURM0xdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe5d6a1756c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/css/swiper.min.css

104.17.24.14

200 OK

2.4 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/css/swiper.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17459)
Size
2.4 kB (2437 bytes)
Hash
6af34d0737ad0ca608111771cf74cc79
15d0417baa08a741c6aee19fdfbf4813635f98f8
47b0e7129add982c0e394f0dfa8d9621e6c9e4126859b26e1ad25c18def0d812

HTTP Headers

GET /ajax/libs/Swiper/3.4.2/css/swiper.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:37 GMT
content-type: text/css; charset=utf-8
content-length: 2437
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf2-455f"
last-modified: Mon, 04 May 2020 16:04:02 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 782148
expires: Wed, 30 Apr 2025 17:45:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gxKRABanmu70TKSEDaRcOuGznfkAgtY9qCwhQSQ%2FTOT%2BHRx4Z3adoPVbz4a8zEqatiASUd04jqDYdb4iKB1VB3aAoDCbDR%2F7ksXOcRyncFVKvAfPU%2Fu8Jiz5jTZR%2BXYkuUYV9THs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881bbe770fb2b527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/js/swiper.min.js

104.17.24.14

200 OK

20 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/Swiper/3.4.2/js/swiper.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (31999)
Size
20 kB (20395 bytes)
Hash
fb13ef3e875ca3497ede35d3774be9d3
ab0743a89d522438c17ae7eaf5943fd4590ee3d0
4a10219bee747aadeeda78f166d787adf32583f361f88d44b472f6f3da798083

HTTP Headers

GET /ajax/libs/Swiper/3.4.2/js/swiper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 20395
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cf2-178a3"
last-modified: Mon, 04 May 2020 16:04:02 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 869267
expires: Wed, 30 Apr 2025 17:45:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pj8oHpAFalm1GLjrnWiMEEZ%2B7Dv4AFtnW6exD%2BKX04cB4AlMAspHvWyVpF%2FgNlGc0dwc8fJ3Nw1%2F92oZ8EkEBD5PGG83QBYDB7EJzXJRPuX5n22lz3fynvcMySnlh3jvs8kLHMV4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881bbe770fb6b527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-171129963-2

142.250.74.168

200 OK

75 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-171129963-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
75 kB (75051 bytes)
Hash
38c04c143487973285657db1b12645ac
1cc89b3528ad1d7f6643c1cc4aade7e837a5ff47
2243107757e8a082846acb82ece1ba4aa3193f51109ee1657a4e9124ec6fd3b0

HTTP Headers

GET /gtag/js?id=UA-171129963-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 17:45:37 GMT
expires: Fri, 10 May 2024 17:45:37 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75051
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-JLHM041W4B&l=dataLayer&cx=c

142.250.74.168

200 OK

89 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-JLHM041W4B&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4242)
Size
89 kB (88676 bytes)
Hash
953f6671d0792fa9848cbd43998b7e1d
a2d7373a2a2d10d442440bdbe1f54a29b3577e09
1bc2236575fa04bdb48eb28381e475425d635bc7fad65fc77c22b3b3ea341278

HTTP Headers

GET /gtag/js?id=G-JLHM041W4B&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 17:45:37 GMT
expires: Fri, 10 May 2024 17:45:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88676
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

9irrkt8b54.xyz/pc/static/img/postvideo.1a8caff9.png

172.67.134.207

200 OK

4.4 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/img/postvideo.1a8caff9.png
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced
Size
4.4 kB (4408 bytes)
Hash
1a8caff98ee6fcb386195776de0b08c9
3684a6de81e15b6216ab8bed2df0d2c43374f410
ee7f9fe20067bca8889f156fdb826c3c8453db40e85eebae4e11454e98c8e371

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/img/postvideo.1a8caff9.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 4408
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-1138"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qC8AbNFkp5DuoQqoriNJU5ZEqTO0nN0qwdhp%2Feu3bD70j6ECuTgci%2B4dq38T1sWJz%2F9LNT0vFbZOQQkCTYJNSSbZ6x83UqHBBcCYeTPbsc8kVFtheqpdmNPkFBeqf4%2BjcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe871bf25687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/img/freeack.b65fd74a.png

172.67.134.207

200 OK

5.8 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/img/freeack.b65fd74a.png
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced
Size
5.8 kB (5834 bytes)
Hash
b65fd74a1b9972ac9b2a0a369ca88f5c
c312c595b37de4d567037ffb479c815aa663f668
87db6420582c46390a71b97cdf4fb33536e6d28a78b6c5983051ecf32af08cd0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/img/freeack.b65fd74a.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 5834
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-16ca"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CRzfRtppJSbcc7MAv113rSNbiFlpCFhj0n3vL36IDKrUhBcOYjEShfQ5ZKlaAMA%2FdWh1q%2FMHkSQZeoYG%2BOckqg3Df3QLhgUNr44WDtcxr4MqRwrLxNkqX2gdMhZBZuidMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe871bf65687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/img/invite.718337f8.png

172.67.134.207

200 OK

5.8 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/img/invite.718337f8.png
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced
Size
5.8 kB (5792 bytes)
Hash
718337f8be332b1143b527f7daa2cc57
beddb6ffe8235bd25057e519dc1c89af0b93bf80
e2e996621164366a4a1161ef4f28207f0e00f3d99ce990c8d67b4c7071a876b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/img/invite.718337f8.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 5792
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-16a0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QsxlVB1EjN7qQvc7mEvyS0Iz1NOWqqqOaZ%2Ff%2BW3otbZClioxJFr1ftsDIKg20IdO1aCSxtXM5%2FPUU802EQ5qRNpilrHs9%2FZDi3yMlJRUW0UnjCYU2UoNpcGLzckjd5tBGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe871bfa5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/img/new_logo.a047c756.png

172.67.134.207

200 OK

15 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/img/new_logo.a047c756.png
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
PNG image data, 248 x 68, 8-bit/color RGBA, non-interlaced
Size
15 kB (14810 bytes)
Hash
a047c7567aad40b7fdb8dcd16ae109df
b36cc233247695cf3e44e8bcc1de1ff907789553
ca51c4629881f30912eee614fa23e8b41d65be77346c4a650718a027723e9824

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/img/new_logo.a047c756.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 14810
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-39da"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=24mkZR0Eu9LeAQ9P0AIqHKbciGcH%2FNsZllb3MvEUZ%2FjBcRf8Qm2ol56NGVFOlvQ%2BVnCPYkEHVlHB5ckzWg4l1nuVGmZYcvMvvA60KRPQ7WyziS7m25L1ZSjhqZ5YED%2BcnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe871bef5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/img/logo_bot.8ff6554d.png

172.67.134.207

200 OK

32 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/img/logo_bot.8ff6554d.png
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
PNG image data, 500 x 98, 8-bit/color RGBA, non-interlaced
Size
32 kB (32126 bytes)
Hash
8ff6554d22860daa5223d7ff335b932c
e82760f8f29f6ef98652a2c2bdf1b36af37db552
f71fb9163ceb8e2ec9354d0748d6f8fb4c485bd619bc1c37d9eae84424b116d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/img/logo_bot.8ff6554d.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 32126
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-7d7e"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XgV1EEkgRRvtrg%2FZKqV9ble3lmLQCxhtXDq3qRsm1ldQ0gb8J2POHXfnzI9ffrSvDlzgubnH5JqaeddIO4qbvjGjbmi%2BdGGgSzs%2B%2FTcK2H1gWj65URndIexKan0TVn8Qzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe871bfc5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/img/tele.ea382a65.png

172.67.134.207

200 OK

18 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/img/tele.ea382a65.png
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
Size
18 kB (17966 bytes)
Hash
ea382a658b68fa38352e1b24413e37ad
1c3fe43b8f20937f5b3e2a46d219df1a4d2ad7c7
a078df6671a6b6f669d679c374b71e14ccb4734e7d8965371785d36fd4a53678

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/img/tele.ea382a65.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 17966
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-462e"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2BDSxCd7YsAlj96TK79NzNMa9%2FxLqpF6sw9jkRyTYE83g4ikZgbeDKY8aoj9x3f6CZZudSJlyyO3E7NzXGr6lfOtYMD0IPlNQIOpiNEIhRBfwLArE7%2FyW5drjfN4ks%2BaNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe871c005687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/img/pop.dfd01be0.png

172.67.134.207

200 OK

15 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/img/pop.dfd01be0.png
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
Size
15 kB (14710 bytes)
Hash
dfd01be0dd06630367f94530bd54a771
9892ac936e09227db00cee472866d1637f3e5d2f
558ce8edac33e88d6a5b791d2f67f830cb15eda0cd2686f376413a635e0e4635

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/img/pop.dfd01be0.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 14710
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-3976"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L2RbcnX5z9aJy6gWhuCXRMO3eUP%2FjtPBvC4TINJ4Zu8XVvk5iE%2B2K9xgmuzmsETLVQ%2F7Y3u4ekjCyXh2DdIQz3d6MRbY51XXHYaGMJPyNhkU09HbCLU6xh4%2BWOr3Pdhk4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe872c065687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/img/getvip.d124afc8.png

172.67.134.207

200 OK

420 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/img/getvip.d124afc8.png
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
PNG image data, 1720 x 320, 8-bit/color RGBA, non-interlaced
Size
420 kB (420154 bytes)
Hash
d124afc839ff886e3d3a07545d6ce76a
d8169f3d87253f1c233dd52bbfa1a03f61bbdc63
06c286eb8077abd6e8c284990b8129543222630e2743fc7c1c5d9a0740b071c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/img/getvip.d124afc8.png HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 420154
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-6693a"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fb956qbfLfJjExpz%2BptFpgZIATWtTI4d2bEGhtxbz3uEFLjdw7Rkj631GilNXFvlNJaerMu85FU6e0C2vrqVKBgJxXtnrvKSnW54A9CyAxga2USHSVcEad3h2geoHA97vA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8458b65687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-0f63a0ff.1f24c025.js

172.67.134.207

200 OK

94 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-0f63a0ff.1f24c025.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
gzip compressed data, max compression, from Unix
Size
94 kB (93796 bytes)
Hash
47cc417b13a969180b6cb74f505e0409
2ffabb20786bf844133c002d6839b251b9e1fd6d
4ccc57237bbe51b2e676997a7d31bb5de1f3a254ac89b9b6ff0c3797d7770a7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-0f63a0ff.1f24c025.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:39 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-7725"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7IyHjn2Ao5kbBEoKCZ%2BNrin6VCOYFiNPIxKyTTA6k%2FRjW2WCZmx7StTeN14ehdbjyz2SKA8iPR8SOlog69UTXJoYIYovZjoQ8KZILvQvScCWE0fkC2BR0FWlNz7tulbBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe810c6d5687-OSL
alt-svc: h3=":443"; ma=86400

api.3hfdkg.xyz/api/announcement/index

172.67.174.98

200 OK

226 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/announcement/index
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (7136), with no line terminators
Size
226 kB (226386 bytes)
Hash
aaf0d0fd7ae0acc876703d0d1b55102c
d787846212d30d2b8d86a15156877145fb669b46
546986da7a2960dabbbccba48bad39c8ec5b5c3e31f4aad882c04d687b0298ea

HTTP Headers

POST /api/announcement/index HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 229
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cPirNIR%2BqRvxFhi1ZHz7GqgN4mvrPY%2BKdQhXqk3sSo6pdPuenDWA76xW19WCcUOCPQTuUWWmAU9nqlh9Sp67UtnrXNWofhoRlfsAtzrk%2BAeJykv37Bsf79vgtSybKO2a7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe81ce675690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/b68435161605361e0aa0a460311ab02c.jpg

54.230.111.97

200 OK

40 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/b68435161605361e0aa0a460311ab02c.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 960x544, components 3
Size
40 kB (40197 bytes)
Hash
974592805b354c6111abff0c70d9809e
8820e387c0b70e6aaa2c4a7209917a449bf77361
8bfbec38562b1e6e60839c6d7b97e4b5ba34914953c982ac1de34e8c0f05e6b5

HTTP Headers

GET /uploads/cover/20240126/4846192/b68435161605361e0aa0a460311ab02c.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 40197
server: nginx/1.23.0
date: Fri, 10 May 2024 09:32:00 GMT
last-modified: Thu, 25 Jan 2024 16:53:19 GMT
etag: "65b291ff-9d05"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: u_FhOvlNalv1FEzh_8Ned5r7f9jrKijxbF4TMWxK1pljGDHMb0428Q==
age: 29620
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/f897decce73a3cfbb0a786928e6c791b.jpg

54.230.111.97

200 OK

30 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/f897decce73a3cfbb0a786928e6c791b.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1280x720, components 3
Size
30 kB (29632 bytes)
Hash
062264e22e67ef2fe3856153e95ee3f2
5813096a1ca668e22e1d0b29a61b024f803c7458
278f35800ef4e8e9fce7f368a8cf2f514db71b2a373b935db24dad22410fbe50

HTTP Headers

GET /uploads/cover/20240126/4846192/f897decce73a3cfbb0a786928e6c791b.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 29632
server: nginx/1.23.0
last-modified: Thu, 25 Jan 2024 16:51:25 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 09:09:37 GMT
etag: "65b2918d-73c0"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: f3Dc3kh_BV8TPpvWxVKZcLsP9Z1V7dib-gp4iMhvm0MEw-cQsVgXwg==
age: 30963
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/avatar/20231023/3237024/114fce43555b50d9f3de184ffb03cf9c.jpg

54.230.111.97

200 OK

93 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/avatar/20231023/3237024/114fce43555b50d9f3de184ffb03cf9c.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, model=KOZ-AL00, height=0, orientation=upper-left, datetime=2023:10:23 08:53:19, manufacturer=MM, width=0], baseline, precision 8, 720x719, components 3
Size
93 kB (92591 bytes)
Hash
45356f393d15bc77d905824ad459f85b
5ce941dcac1f00fabe05a2721b689eef2bc53cb7
ca5b8060db6caa06c2eb22de482b946c3ace1e9a1f67ad372117a30ed53babd4

HTTP Headers

GET /uploads/avatar/20231023/3237024/114fce43555b50d9f3de184ffb03cf9c.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 92591
server: nginx/1.23.0
date: Fri, 10 May 2024 12:44:18 GMT
last-modified: Mon, 23 Oct 2023 00:53:48 GMT
etag: "6535c41c-169af"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: g9ExX35g2Oy-HYgmQMlWDQeKCdG5Cl6FJpqXc3n4pQtAnk4jefbRbw==
age: 18081
X-Firefox-Spdy: h2

api.3hfdkg.xyz/api/device/statistics

172.67.174.98

200 OK

76 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/device/statistics
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with no line terminators
Size
76 kB (75512 bytes)
Hash
e6ba80451b83e6ce42f442346f21167f
5bfd903c4e2fe8dfba54e8fcff947b1330399d94
935951d4c312f500d932a1b5bf88cc96174c28333c582f4f00d7e9e7d7280358

HTTP Headers

POST /api/device/statistics HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 261
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqP%2FBPes7mBIXZ6Qv0DGSk01TKWETci6Lr32XaHWdLoE%2BkaobTZ1kI2yQ3rN22kg2X%2Fho8j5kcYbaYxRybAZ2DvzsXpwDh3tRIBKiAdZyeLo3YdIYuJUwuZWm0iU87a%2BYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe84a9df5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/avatar/20211217/1411816/16cb09e3484770082d58f5b86c399a3e.jpg

54.230.111.97

200 OK

85 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/avatar/20211217/1411816/16cb09e3484770082d58f5b86c399a3e.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 683x1024, components 3
Size
85 kB (84965 bytes)
Hash
9d7fd1c602b626e67d8e7303ca06bdac
0422e5d3e2be36db8d14b99d8a4950faa4d7c585
b85748192aebe9261d32f36450b61b2c0eb450e015ccfed9a08b6fa612b1a633

HTTP Headers

GET /uploads/avatar/20211217/1411816/16cb09e3484770082d58f5b86c399a3e.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 84965
server: nginx/1.23.0
date: Fri, 10 May 2024 09:32:00 GMT
last-modified: Fri, 17 Dec 2021 06:56:10 GMT
etag: "61bc348a-14be5"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gUxy-IjvvCNGHmxxj_2rvIrQhNSzd_aM8OyrwQwn_jOhz_LWu5NHZg==
age: 29620
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/ba41fd15c51d179974e277d565615216.jpg

54.230.111.97

200 OK

22 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/ba41fd15c51d179974e277d565615216.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x544, components 3
Size
22 kB (21484 bytes)
Hash
711cf7618448ebc6faab091a180e601c
cd8225eb3c415ec5c744f77d29e2e65d22d4b3db
aed4fb8ce2e5452926e3b85f214d719e8f1be69c1f978c7b991e902cf599a95b

HTTP Headers

GET /uploads/cover/20240126/4846192/ba41fd15c51d179974e277d565615216.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 21484
server: nginx/1.23.0
last-modified: Thu, 25 Jan 2024 16:52:07 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 09:09:37 GMT
etag: "65b291b7-53ec"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l5KnyAWnyJXoRHFF2IMgMBIu9gb0WUEAtjRTdNuQNqms6Ps0TeYdig==
age: 30963
X-Firefox-Spdy: h2

9irrkt8b54.xyz/pc/static/css/index.f53fbfea.css

172.67.134.207

200 OK

244 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/index.f53fbfea.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
gzip compressed data, max compression, from Unix
Size
244 kB (243777 bytes)
Hash
8a948e56f761ef65feb8d748fe1ed61a
711c1f66461a26af270d5ad1cc40a02b09730578
1aefc7833ca437c73d49f65c9144dd68c66aec235eb20449c9517eda4ac1de08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/index.f53fbfea.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:37 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-58eb4"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Dgey6gjv3rB0RHs5BbGcqkZJALKLrOWYdSvJut%2F0VYHUgZOP9VhozHFytnT5fU2iJ%2FLon%2Bb6ISFYvtNoeKbePToAlMjcEe4VZuVIVo%2BrYYORmAIjoIi91h636ii5TRBEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe76ef0a5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/fonts/element-icons.535877f5.woff

172.67.134.207

200 OK

28 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/fonts/element-icons.535877f5.woff
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
Web Open Font Format, TrueType, length 28200, version 1.0
Size
28 kB (28200 bytes)
Hash
535877f50039c0cb49a6196a5b7517cd
0000c4e27d38f9f8bbe4e58b5ce2477e589507a7
ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/fonts/element-icons.535877f5.woff HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://9irrkt8b54.xyz/pc/static/css/index.f53fbfea.css
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: font/woff
content-length: 28200
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: "66261323-6e28"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l6obq%2F7cfYLPo3e64JoenBVfm9kQ20yrIoyuRV4k6sizV0vPWgslfmDkAXWxTnDhF1TlSWRnDkgBAvM%2BiBLBieXzjfuBq8NLYpsMRgN%2Fw8AEPhEY7cHJa1KBJB09syicEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8a08195687-OSL
alt-svc: h3=":443"; ma=86400

api.3hfdkg.xyz/api/video/index

172.67.174.98

200 OK

30 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/video/index
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (7680), with no line terminators
Size
30 kB (29456 bytes)
Hash
6964becddcb92716769ca6f8becfceca
1474adb24797147a714272cb95efc2096901b965
a787bc42d94365b9f4f5f0919a06ed9e5f03c39dc15a90a546ddead1b5058571

HTTP Headers

POST /api/video/index HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 261
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NtBhRTjJcsHzYp%2FqANYmc6rENhBXHndBa8QDZVhxMvAhtwjBdEUQRpSYtdQLqJneCkiy9d0%2Ft9UTqLd65jqDwug3%2B2Mg4iIZbXGi%2BtnG%2BKCqRHjkJGhulXO8icICe9G4JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe84da265690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

api.3hfdkg.xyz/api/video/index

172.67.174.98

200 OK

257 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/video/index
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (7264), with no line terminators
Size
257 kB (256691 bytes)
Hash
df600cf9fef0b6652316ecf0797b1353
8553b6ca682f3036de752603ad237720a0a3b054
6e97f2797cbea2d9e5389c9b6e73fd5fd07d1484aae60446d2bad8641ee0170c

HTTP Headers

POST /api/video/index HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 261
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B2sXrn08jkkSIH9wzm6p4a0CVUfUMIwd285cOOxYLvAYcAP4oO%2F5VE91xgY%2Bw76Zp48w1y5HFm3ZhDWGLPuX5hK1hhZflF7oUSXmlp7Y00lBy6IGdFyUbxRStuJNky9nkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe84a9ef5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1715236156.gif

194.53.53.6

200 OK

167 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1715236156.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
167 kB (166750 bytes)
Hash
1f5b0b9a89006cb9e64800f8849fc436
ff7c0a7eada92f940d603cd780474f75ee726767
88404b601a88b8ce2f7a9a0e1c4625cbf538e0f241cf8a35ae9c6b64591bafb1

HTTP Headers

GET /uploads/images/1715236156.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/gif
content-length: 166750
last-modified: Thu, 09 May 2024 06:29:16 GMT
etag: "663c6d3c-28b5e"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FRU%2Flfd62yDVmq%2BMzy7O7JSQtLBFkeeEYBPJ8WvIuhJ8ETqPmXFF7zaV8uboeCbSDDr2QKy2U7R8EmdmBeUqrGcEtkpcUtKGj21T7UsrGqRS128nu7H3RDuuNHKFo4Te"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b1e4d7131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1710400396.gif

194.53.53.6

200 OK

195 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1710400396.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
195 kB (195120 bytes)
Hash
9bd0cbe8bae5b59f0169274a8861253d
90211c95566c0389d39926eacabbc0afc81b66e3
ddc7089ac6b1b121bdbff4fbc61140f45f42224c760443b03e9083d0af7ea2f4

HTTP Headers

GET /uploads/images/1710400396.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/gif
content-length: 195120
last-modified: Thu, 14 Mar 2024 07:13:16 GMT
etag: "65f2a38c-2fa30"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RjtahhrgZ%2BnSukur%2FId1X9SC4e0iJMr2PF2FR39urtIJPyZ2S9MtJjC%2B3upZDedeIloCFLp5TLnPM1NDCArjT58PCfEYFNkFcw1Ra%2FmVRZFvBWhY2np2jDO3DkgI%2F4yf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b1e527131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1707980513.png

194.53.53.6

200 OK

95 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1707980513.png
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
PNG image data, 738 x 369, 8-bit colormap, non-interlaced
Size
95 kB (94910 bytes)
Hash
d66b621aac22e19e1ac3873dd922be40
568bd009eb777c571c61da0b3cefac1b3494b1f3
c15b77268420d27786894cfba78a49f10cc8993b12d88b4f8bc903270b11d894

HTTP Headers

GET /uploads/images/1707980513.png HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/png
content-length: 94910
last-modified: Thu, 15 Feb 2024 07:01:53 GMT
etag: "65cdb6e1-172be"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kpbX1RDRU31%2FA3Er%2F%2BNsvbRhph%2FQLi3mT6LTFhyRhV6bXYpTtph2rkqc5weSep%2BPMxV0tK0hPywxmkjZONXpLq%2BA%2F2VY7hyO%2Bhe1lZo8w5BXQXLClRC7uaYXEw2kDLke"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b2e7e7131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

9irrkt8b54.xyz/pc/index.html

172.67.134.207

200 OK

36 kB

URL User Request GET HTTP/3
9irrkt8b54.xyz/pc/index.html
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4669)
Size
36 kB (36273 bytes)
Hash
fccd3e700bc5850207fbd6b860ecf344
016fe457d36b07a2d58b9ccba02b1f1a5b8ba97b
09caf37e83eb19869a03c535734893b62a5a410b67d8b5c4fdef1eb7883dc0b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/index.html HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://9irrkt8b54.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:37 GMT
content-type: text/html
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ccrjqi41GFWsQ6488U7E2WvQiFOb%2BE3VwWwCBIIUZoYx8yZpoEVJ6i2Bcovamdmwrl1SaM77Z2ahfiYe7sE378a02XA6UbE%2BOPR7vUBDhd909fjN6zWZFwZwXCjnwLJnAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe740b305687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xkm.covers.zhgxb6.xyz/uploads/cover/20240128/4846192/ecfeea44d924cb941ff87acdec986d91.jpg

54.230.111.97

200 OK

26 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240128/4846192/ecfeea44d924cb941ff87acdec986d91.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1264x720, components 3
Size
26 kB (26443 bytes)
Hash
eaf2981493a5301a91d93f63f0a8d952
8ac5eadc3f5200130441c24d84826edbcf0a5317
0a67f4668fc9eb4d44731e693e99343e2c8a0fb7337a40fa34f961f11778e522

HTTP Headers

GET /uploads/cover/20240128/4846192/ecfeea44d924cb941ff87acdec986d91.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 26443
server: nginx/1.23.0
last-modified: Sat, 27 Jan 2024 19:36:25 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 09:09:36 GMT
etag: "65b55b39-674b"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hDZDBQamerIwhcqZvbaUu9_F34RImgKjNQvSKe46XT9trvlDhTURxQ==
age: 30965
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.jpg

54.230.111.97

200 OK

112 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1280, components 3
Size
112 kB (112034 bytes)
Hash
e798dc97c0be498d81f4d568dd30c46b
71e1b2b5e804b6a036464cb35a1a846aaa2b5e34
74d0095e5991a039a7846fa5fe890e4813ed8714384b1edfd98110db44b04bb7

HTTP Headers

GET /uploads/cover/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 112034
server: nginx/1.23.0
date: Fri, 10 May 2024 15:57:26 GMT
last-modified: Fri, 10 May 2024 15:42:52 GMT
etag: "663e407c-1b5a2"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UJ5Oh8fo5cA6vD1WkauQqv0GtY01Vq6iTgz8AAdhXemNIy8SbuhaVg==
age: 6495
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/d4bd305104896fec8b2b2cd811e5e101.jpg

54.230.111.97

200 OK

24 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/d4bd305104896fec8b2b2cd811e5e101.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 480x852, components 3
Size
24 kB (23571 bytes)
Hash
105a86c831efba2d3e87eed944d42299
5e7f0cf46416d671cba8472bbadd8404fcdc7476
4c3c38ac93f4d2148a0e6fb1c0f213353e578a2a504a28b886a70958ebe1499b

HTTP Headers

GET /uploads/cover/20240510/3310463/d4bd305104896fec8b2b2cd811e5e101.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 23571
server: nginx/1.23.0
date: Fri, 10 May 2024 14:57:54 GMT
last-modified: Fri, 10 May 2024 14:19:11 GMT
etag: "663e2cdf-5c13"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rnq69lc4qdb2sd7FhJTj_FgQ9eiP6yfZ69oumsVreiiPCTaJTH96WA==
age: 10067
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/9d0e92e2d792c2c884f3347256a9c6cb.jpg

54.230.111.97

200 OK

35 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/9d0e92e2d792c2c884f3347256a9c6cb.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 480x852, components 3
Size
35 kB (35378 bytes)
Hash
61a0d1fc391277d922d6be4ebf0b709b
954dbb11ab180f5461fcdb6689c15c7ecd2c1349
117647dae75580f5abb740c90c056765357b42ba0df93b1af9a9ede0131fc6fe

HTTP Headers

GET /uploads/cover/20240510/3310463/9d0e92e2d792c2c884f3347256a9c6cb.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 35378
server: nginx/1.23.0
date: Fri, 10 May 2024 14:57:54 GMT
last-modified: Fri, 10 May 2024 14:18:18 GMT
etag: "663e2caa-8a32"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S6gN2MQLOZyJJqryu2FqZBPBqmLMv1V6y7fmua-MIWjYGt9AnIRWYg==
age: 10067
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/d37ed89a9132db1e8f16cd0c312da65e.jpg

54.230.111.97

200 OK

18 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/d37ed89a9132db1e8f16cd0c312da65e.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 480x852, components 3
Size
18 kB (17914 bytes)
Hash
573a1415025797ef7abe2f51a01558e3
8101cc64150994de8844a74513807e9f49b82491
0c9e915d6811d1de838422f1b694f5eb9d723c189e1304e8bfc6e31c78132790

HTTP Headers

GET /uploads/cover/20240510/3310463/d37ed89a9132db1e8f16cd0c312da65e.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 17914
server: nginx/1.23.0
date: Fri, 10 May 2024 14:57:55 GMT
last-modified: Fri, 10 May 2024 14:17:16 GMT
etag: "663e2c6c-45fa"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8IZYL0GQFfXcYsLUyaHg-ksXWseBNSxi38OY0vEAjhc8aPk-3QuX8A==
age: 10066
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/c716db69417957f49ba2a8e5d89728a2.jpg

54.230.111.97

200 OK

27 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/c716db69417957f49ba2a8e5d89728a2.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 480x852, components 3
Size
27 kB (27060 bytes)
Hash
8b8daaec6bc75e80027ce886fd0766f8
2679903d68fd6d7b9adec8bb977644bf884fc48c
ac05931a2a2b275d08454e38cc06c174aa2d97e7f5dcb52158c3bc2e480d325b

HTTP Headers

GET /uploads/cover/20240510/3310463/c716db69417957f49ba2a8e5d89728a2.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 27060
server: nginx/1.23.0
date: Fri, 10 May 2024 14:58:14 GMT
last-modified: Fri, 10 May 2024 14:16:34 GMT
etag: "663e2c42-69b4"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: u0uvEW7ehlfi3HO6J6TjFgmD599Mp8aasR442AfRvEQ_JQAouNSX0g==
age: 10047
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/49998f76f8a9b2d42721bb808809b0c5.jpg

54.230.111.97

200 OK

19 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/3310463/49998f76f8a9b2d42721bb808809b0c5.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x852, components 3
Size
19 kB (18724 bytes)
Hash
059bf772f6d0c60630fd5c9c4cfa0750
f62489bcd3d358840eec0bd0e7cc8ab6836ff20d
9ec6d9bb3015caac11aa89fc18227369528fda15fe5982980cbc79ad18eb6229

HTTP Headers

GET /uploads/cover/20240510/3310463/49998f76f8a9b2d42721bb808809b0c5.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 18724
server: nginx/1.23.0
date: Fri, 10 May 2024 14:58:16 GMT
last-modified: Fri, 10 May 2024 14:15:44 GMT
etag: "663e2c10-4924"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EEixPqlwOzCgPxpBFhNgJgvg9JPM5nNWjiEST88QS3gWa7UYduGhDA==
age: 10045
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.jpg

54.230.111.97

200 OK

82 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1252, components 3
Size
82 kB (81960 bytes)
Hash
e9c421c60014493f20158f0c70df40c1
d838096167a161a91e6edbf389dfe86a18b7b2b9
4ff8ad5ead12f4e9691f3e4c9bf05fa3deb2c10a956becebf5dd1c415b5a21f0

HTTP Headers

GET /uploads/cover/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 81960
server: nginx/1.23.0
date: Fri, 10 May 2024 16:08:25 GMT
last-modified: Fri, 10 May 2024 15:49:42 GMT
etag: "663e4216-14028"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0AJkiTF9tsgo49ccmhQ-l6iIVks8aUudJPOj9HtNXCt_4egsvA9O7w==
age: 5836
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1715235906.gif

194.53.53.6

200 OK

64 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1715235906.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 300 x 300
Size
64 kB (63645 bytes)
Hash
8593b38f5980f09d4746c23c65132c38
fd07259c9d49320ae50e4ef9732799c556daa6e2
d03a7df682f82265e74ea74bdc7e62a8f4adc28ad2cbd82d873f0ec0c8a30157

HTTP Headers

GET /uploads/images/1715235906.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 63645
last-modified: Thu, 09 May 2024 06:25:06 GMT
etag: "663c6c42-f89d"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LtMDaDnwPZ%2BKMswbCQ0ma1XHxO7%2BRPnPvA5MqqR1efU3kr16tKMFfPTiobEGe8201iDQX11bF2skmGF5h4FomNhJM91XM%2BjbcN9t426SaQz%2FbkRtuqi59%2BIpohKAOpuV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8a2d067131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/ca258dc6e7d876b454e659bf82c6a65c.jpg

54.230.111.97

200 OK

17 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/ca258dc6e7d876b454e659bf82c6a65c.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x544, components 3
Size
17 kB (17396 bytes)
Hash
0f8ad41a63991a0096fe145c46f9d623
a4fb687ac0ea59cc98f3e366f5d9b0b3397a0f8b
329432309ad8944e47471b0301a8cf1ea30a847e065a1e6abe441f06864e575c

HTTP Headers

GET /uploads/cover/20240126/4846192/ca258dc6e7d876b454e659bf82c6a65c.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 17396
server: nginx/1.23.0
last-modified: Thu, 25 Jan 2024 16:53:36 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 03:44:04 GMT
etag: "65b29210-43f4"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nhXIxQekgf5gAYGgc8RGZjOotT23rJpooJYuW6V2b4W0ISRQwHbpxQ==
age: 50497
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20210608/3289158/88d778a91cff455bf52a6ee460a13ade.jpg

54.230.111.97

200 OK

68 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20210608/3289158/88d778a91cff455bf52a6ee460a13ade.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3
Size
68 kB (67819 bytes)
Hash
bf6f5a1a601ea63b7efa06c2c49c12da
dabb72db80af0eca6fd4566ef19df9fe735d9958
70dcab32c204c77bb2eba3a50a183514f356d9a275bd0c5bbcea2a64e9e915c8

HTTP Headers

GET /uploads/cover/20210608/3289158/88d778a91cff455bf52a6ee460a13ade.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 67819
server: nginx/1.23.0
date: Fri, 10 May 2024 08:07:54 GMT
last-modified: Tue, 08 Jun 2021 03:40:16 GMT
etag: "60bee6a0-108eb"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: crG9vKnC_FeHz3L4qxdV0_ub4we_mQNtBS2RcKqlG-eNMCcAyVorpA==
age: 34667
X-Firefox-Spdy: h2

xkm.vip.covers.vxd3k0.xyz/20220601/ZlhzjfFc.jpg

54.230.111.74

200 OK

145 kB

URL GET HTTP/2
xkm.vip.covers.vxd3k0.xyz/20220601/ZlhzjfFc.jpg
IP
54.230.111.74:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.vip.covers.vxd3k0.xyz
Fingerprint44:37:AE:25:58:82:1F:57:D4:8B:B6:E9:AB:BB:64:AD:C4:9E:B1:E7
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:06:27 13:19:07], baseline, precision 8, 730x410, components 3
Size
145 kB (144632 bytes)
Hash
824b2e84a3571b83d462f342df2d7310
d719e5555d79cb645928253be34f850f3403bdb0
57271f98d190256484da5d06500fff87064e4af71f3ee2360508c32511d37de3

HTTP Headers

GET /20220601/ZlhzjfFc.jpg HTTP/1.1
Host: xkm.vip.covers.vxd3k0.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 144632
server: nginx/1.17.10
last-modified: Tue, 28 Jun 2022 06:54:01 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 11:00:53 GMT
etag: "62baa589-234f8"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: P2-aPKI1PftF_tnxdZHEGnqcytWtTFxtA6eMLwcHjBT8c_FRZSAXtA==
age: 24288
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20210608/3182997/381d4e1d1233d28660d7bab5d08e5857.jpg

54.230.111.97

200 OK

141 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20210608/3182997/381d4e1d1233d28660d7bab5d08e5857.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x1280, components 3
Size
141 kB (140725 bytes)
Hash
e38abcd0d7cceb26f6c1a295dcbc5cb4
a5dc67d86611ec92464f42cd5963e7052282f7ad
979bfae040a6833439dba3e078c63da51baf4640cb2c7bc9465be6dc56ae1ee8

HTTP Headers

GET /uploads/cover/20210608/3182997/381d4e1d1233d28660d7bab5d08e5857.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 140725
server: nginx/1.23.0
last-modified: Tue, 08 Jun 2021 03:42:46 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 15:38:29 GMT
etag: "60bee736-225b5"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4jTxv6x6SPV6ceXtyTmYQ4WyQdAjPtcVMRi60TrwQI1V3ezHQ2yHCQ==
age: 7632
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6166079/b501d4b009ae571a296ed9b8fba6ca54.jpg

54.230.111.97

200 OK

86 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6166079/b501d4b009ae571a296ed9b8fba6ca54.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1280, components 3
Size
86 kB (86433 bytes)
Hash
a1317f96dfec03e7288be30cf4610ab4
eeda44cb730f397c62ea7d1cfcb0c02195d215b3
9648bc1e70703d236028d6e28dc56f43d0e016b31685f21e103b6b7a2cbd830d

HTTP Headers

GET /uploads/cover/20240510/6166079/b501d4b009ae571a296ed9b8fba6ca54.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 86433
server: nginx/1.23.0
last-modified: Thu, 09 May 2024 16:01:54 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "663cf372-151a1"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MFRd1RHgM63HG66UUKIm6ll2bZLQFKsg2BYtQYI2tMIsRM9kGkly9g==
age: 2929
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240509/6181427/a9ae6781a851f577702709889d49af18.jpg

54.230.111.97

200 OK

80 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240509/6181427/a9ae6781a851f577702709889d49af18.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 718x1280, components 3
Size
80 kB (79492 bytes)
Hash
923d70465b6d126b8a71d48afed26b39
84ea5246d91e10e167a6d88e8c53f917fbde23fd
945353e61962db5606cba554dfcb740393f4f57a7d0faa643569720be42026db

HTTP Headers

GET /uploads/cover/20240509/6181427/a9ae6781a851f577702709889d49af18.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 79492
server: nginx/1.23.0
last-modified: Thu, 09 May 2024 15:59:16 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "663cf2d4-13684"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: p7Ed5lLoSESH_yuvcq3qfvm5rHuekwna_LxvRkMWb6-Iy7HeIaYyRg==
age: 5207
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240509/6203875/066d143796f6084890965b87332063d3.jpg

54.230.111.97

200 OK

45 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240509/6203875/066d143796f6084890965b87332063d3.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 850x480, components 3
Size
45 kB (44593 bytes)
Hash
493b44de04061330770c5f3db0af2c7c
df10f801000173611751e7571f0a0934ff57127d
4dcf41acbd7efa879ca94b792a7a0646d592e46e052566bca3487cd27341a796

HTTP Headers

GET /uploads/cover/20240509/6203875/066d143796f6084890965b87332063d3.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 44593
server: nginx/1.23.0
last-modified: Thu, 09 May 2024 07:15:44 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "663c7820-ae31"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oECpdvWaF5Yxi_6ziMoa7j0FuBoJskkHJpSr-JBJWXz5X5B14QDrxg==
age: 37163
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240509/6203875/dd3f9c21b747787c70e1a7a2992277b8.jpg

54.230.111.97

200 OK

48 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240509/6203875/dd3f9c21b747787c70e1a7a2992277b8.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 480x854, components 3
Size
48 kB (48496 bytes)
Hash
4aa6af5f487351254e520ab4b2cf0a65
cbcab8d9ff598086542e2a6543eb3a41865c97f5
441218d24b244a852e6f36c5568223865c42e2f584e8271388718bb148f55d51

HTTP Headers

GET /uploads/cover/20240509/6203875/dd3f9c21b747787c70e1a7a2992277b8.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 48496
server: nginx/1.23.0
last-modified: Thu, 09 May 2024 07:10:05 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "663c76cd-bd70"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BFxAHlG2AZPqzUqcuPlxGdsUsDqn4fJ1pVmodenEI7-cDbNrc1o5Ng==
age: 36728
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6181427/99386b0a03a18f08ca2f588d474da663.jpg

54.230.111.97

200 OK

112 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6181427/99386b0a03a18f08ca2f588d474da663.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1280, components 3
Size
112 kB (111797 bytes)
Hash
171bdaf654ef47396ac8d22c6ea17e3f
c7700c61c1fd7855ad77a32ae6e1d811df4dce21
0a8a852c037521634a8ee171f4c890ace618445a8dee865296e3238208825b65

HTTP Headers

GET /uploads/cover/20240510/6181427/99386b0a03a18f08ca2f588d474da663.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 111797
server: nginx/1.23.0
date: Fri, 10 May 2024 15:50:52 GMT
last-modified: Fri, 10 May 2024 15:42:20 GMT
etag: "663e405c-1b4b5"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8sZlKW6wmE6P8q9KC4gbeHYxoEzSz2H0seRsz97a_nwHXvzEOwD8lw==
age: 6888
X-Firefox-Spdy: h2

api.3hfdkg.xyz/api/brothel/index

172.67.174.98

200 OK

101 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/brothel/index
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (10240), with no line terminators
Size
101 kB (100618 bytes)
Hash
a3c04767569800ed7da25d67abb864e3
a68c8624c3f906047ea39608f2fa2ef00fe974f4
7110717e5ca3403c0b9d3a1de302c5ef992bfd176dc8d37dc6b38abbe301fdd0

HTTP Headers

POST /api/brothel/index HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 293
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F1O0guZY%2Fuhd5gj5DcaO3jZj2hRiuaN4KLKxb3JT2WPYcCiJnsXnCp2sYY5ZUf2NtVJlNm8CypO%2BHDg3Aqi1iIh40GqOL2hocQ1k3o69JljOb%2F%2B4EJBRhfoOzhkac9NJAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe88ef305690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240509/6126447/d2738001cb6111212e97ceb0295857a0.jpg

54.230.111.97

200 OK

259 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240509/6126447/d2738001cb6111212e97ceb0295857a0.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x1300, components 3
Size
259 kB (259443 bytes)
Hash
0cb0f4cb1e0de5091c9976312b2fc64d
b0c05356060912d037b805a26f6b23d6fda0bcb9
a1dbcfd303122cbe48d82f18b5401a81bc747bb792df86e40dc255311ba6ed52

HTTP Headers

GET /uploads/cover/20240509/6126447/d2738001cb6111212e97ceb0295857a0.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 259443
server: nginx/1.23.0
last-modified: Thu, 09 May 2024 10:39:52 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "663ca7f8-3f573"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ArdL-zsqIdpPn_42qjOrJXJBCvxqHdT9YlPnc9qtPBpIY-D03YHT6Q==
age: 24559
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20210608/2213975/4a70ee39a07fc9e76fea473aac2b1e18.jpg

54.230.111.97

200 OK

22 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20210608/2213975/4a70ee39a07fc9e76fea473aac2b1e18.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 368x624, components 3
Size
22 kB (22394 bytes)
Hash
6e5423961b982a78d7e48b94cb21a3d5
18658b6e2d54a82fa2cec22cc2084f95253c3e84
34e685457d1163e60cc913cfcb02b11b8c6a9f43ce3e1dc658104f09fe9f51e3

HTTP Headers

GET /uploads/cover/20210608/2213975/4a70ee39a07fc9e76fea473aac2b1e18.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 22394
server: nginx/1.23.0
date: Fri, 10 May 2024 17:45:41 GMT
last-modified: Tue, 08 Jun 2021 03:48:38 GMT
etag: "60bee896-577a"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fSfXxvEFuqTkDiwvjDZHr2czm6rsSMd-KGaxDSVhdcB1NL1VWgxuSg==
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6198399/b6e18dfe481571787c4ae6d0806187fd.jpg

54.230.111.97

200 OK

82 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6198399/b6e18dfe481571787c4ae6d0806187fd.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1252, components 3
Size
82 kB (81951 bytes)
Hash
2f4f7e1374f0eacaaa02a4b83b3248ab
2a7317d71fa1876d30b6a1809134657fc9e2c5e4
b74c8315c1e5e50ba4ba2d36d1d77820f45012229305d076cabb39da0152a006

HTTP Headers

GET /uploads/cover/20240510/6198399/b6e18dfe481571787c4ae6d0806187fd.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 81951
server: nginx/1.23.0
date: Fri, 10 May 2024 15:50:50 GMT
last-modified: Fri, 10 May 2024 15:47:47 GMT
etag: "663e41a3-1401f"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vgyC0Un55zgG1qperYkis38mAc1pW4VDZ7EzlcXk3KANs8dlbo1Dlw==
age: 6891
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1714807887.gif

194.53.53.6

200 OK

172 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1714807887.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
172 kB (172367 bytes)
Hash
61c0d6c325ef6c37687894d0717d4263
4ca71d0e973e48d230c7bebb2e6164ac44804f25
8b70bc9e4c9cd1a401e773365ab8922d8bf6e2c646889ab6eac765018eecf6aa

HTTP Headers

GET /uploads/images/1714807887.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 172367
last-modified: Sat, 04 May 2024 07:31:27 GMT
etag: "6635e44f-2a14f"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=myqXTkhDvbomUvY4StBwE8AdSobiBEAMP4eXAguGv8hXzmpSb48oq%2Fl8PrfNO409w2vJkBhCx%2FFkVOcLxq8%2BdKil%2FS7aIhwVcuXoI0s2MBpdLbFsSd566lxtQIa2IpCR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b0e2f7131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

api.3hfdkg.xyz/api/area/index

172.67.174.98

200 OK

82 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/area/index
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (58528), with no line terminators
Size
82 kB (82045 bytes)
Hash
89956d3d0c2535707aa415a1c0621e27
85dcde09d2de2aa3291607c50af2aec3aab571ab
9f0c7a6a9e81409efa099037c088fc1bf3174dc8f55961e3f237b47624323508

HTTP Headers

POST /api/area/index HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 261
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EfMdv%2BEpsiss5ru%2BW7k834hFZey9Ognc3pW2B9sb7aEYHm0omjTkVa4BgRLFQ4WzY8fiE7%2FdUblVFvSm3Ho8%2Bb%2F4330CmXI5p90Wk5ob7SubVI4bcHFboLXhxLv29DeAzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe81de715690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1710498866.gif

194.53.53.6

200 OK

181 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1710498866.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
181 kB (180962 bytes)
Hash
bcf5c77c01271d80d5e2a81297dcef14
392f5a71e08677b0dfa16ade6f2bfff31527c1c5
19268b48899c06977916fc75523730bdc5a302e81df02aace7ee11188f9f48aa

HTTP Headers

GET /uploads/images/1710498866.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 180962
last-modified: Fri, 15 Mar 2024 10:34:26 GMT
etag: "65f42432-2c2e2"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvH6DNkwrVJ3LW7ZXoA7wlBEM%2B%2BQuD%2B7m9kHpjeHTg5zTXwrhECY33gXuUyE1W2dBRCWHDrUsW6h6EeWCd9rgkzU0x9ODMGiJC8Qk8RwpoHkthpJzOtDJTtsipi528Qj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b0e457131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6171485/c35a4744c34a98a607056f3128dbc233.jpg

54.230.111.97

200 OK

23 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6171485/c35a4744c34a98a607056f3128dbc233.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 738x360, components 3
Size
23 kB (23355 bytes)
Hash
201d38f11ef4d632297f10c9a7ad9f6e
da722d024fb5c6be07cf77ff57a7b35704e29e56
4680937e6cf305dbd557ddc628264cd841e80cfc62178bb0f17d5a94867b0ed9

HTTP Headers

GET /uploads/cover/20240510/6171485/c35a4744c34a98a607056f3128dbc233.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 23355
server: nginx/1.23.0
date: Fri, 10 May 2024 15:51:47 GMT
last-modified: Fri, 10 May 2024 15:41:09 GMT
etag: "663e4015-5b3b"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sSpwTFM-U-8KNe8KXP6y1c_R5TivwvCHfxDpfLDfF_VyllUEOkaIdA==
age: 6834
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1715236533.gif

194.53.53.6

200 OK

131 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1715236533.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
131 kB (131172 bytes)
Hash
8a9117b399543a7ea0b84829c818eb4a
415d75891c8f4cb8c04472ccad91a45eb9e28de9
1cae3f6ef4eceadce915487dee22a5932bc82a24e99cf7dc5781fd7e32544cf8

HTTP Headers

GET /uploads/images/1715236533.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 131172
last-modified: Thu, 09 May 2024 06:35:33 GMT
etag: "663c6eb5-20064"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LeWs0dBzLotZ0OUzw%2Fvkd5OQxsesWD9IThU1r%2BumUXzSzEolGYxzBqlXLl2EXDuUUKJvPgs79BVS5tOUyKzqzD12qfCA%2B2%2FyorSCzls%2B6N5cIVIQ6q5RqzmBZf9qdcvx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b2e7b7131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6181427/2c8eba23064fe60721ae6acfe93ca487.jpg

54.230.111.97

200 OK

82 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6181427/2c8eba23064fe60721ae6acfe93ca487.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1252, components 3
Size
82 kB (81951 bytes)
Hash
2f4f7e1374f0eacaaa02a4b83b3248ab
2a7317d71fa1876d30b6a1809134657fc9e2c5e4
b74c8315c1e5e50ba4ba2d36d1d77820f45012229305d076cabb39da0152a006

HTTP Headers

GET /uploads/cover/20240510/6181427/2c8eba23064fe60721ae6acfe93ca487.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 81951
server: nginx/1.23.0
date: Fri, 10 May 2024 15:52:27 GMT
last-modified: Fri, 10 May 2024 15:44:40 GMT
etag: "663e40e8-1401f"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: quft9ppduJpUL7Q6GbIq4OaRZ0kXZCamnXrffN8JCc45aSKetZ0VZQ==
age: 6794
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20210608/3334246/3aa3c98890c7bf72df3e696425a67328.jpg

54.230.111.97

200 OK

49 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20210608/3334246/3aa3c98890c7bf72df3e696425a67328.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1440, components 3
Size
49 kB (49009 bytes)
Hash
375f91f78120606f9416ad99f9fb5672
14e9f1f52c67c90f4116d3c47ec028cba9ba505d
a91dadeee92b589e00235fee85ad8abdcd0f49eb9cd0bc3edf006b5b96e1a0fd

HTTP Headers

GET /uploads/cover/20210608/3334246/3aa3c98890c7bf72df3e696425a67328.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 49009
server: nginx/1.23.0
date: Fri, 10 May 2024 17:45:41 GMT
last-modified: Tue, 08 Jun 2021 03:40:07 GMT
etag: "60bee697-bf71"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EdZtucI6pSe3R0K5q_S5iU8mYgNSld9oXJgHiCz8Obln00jJzB4Jfw==
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20210608/2213975/0f0f81e7f96e292bf2042d45c4134aac.jpg

54.230.111.97

200 OK

22 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20210608/2213975/0f0f81e7f96e292bf2042d45c4134aac.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 368x624, components 3
Size
22 kB (21880 bytes)
Hash
234d3d9fa127116406b45c81e8780f80
b2e6adc63bab2dd18063e41a072b61a9970ae41f
d225e6da753476af7ea54b5cb7301696c7f11de5c0d26ea7a7238518ae9c66ad

HTTP Headers

GET /uploads/cover/20210608/2213975/0f0f81e7f96e292bf2042d45c4134aac.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 21880
server: nginx/1.23.0
last-modified: Tue, 08 Jun 2021 03:47:36 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "60bee858-5578"
x-cache: RefreshHit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HFqkYDK3FpgVLhvIOIR4WFyuYA03OVhGSsLRsIOcMpQZwwGdrBgBaA==
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/brothel/20210610/1310847/099edad16efac5cdd1e5ecbdf86fa23b.jpg

54.230.111.97

200 OK

187 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/brothel/20210610/1310847/099edad16efac5cdd1e5ecbdf86fa23b.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 960x1280, components 3
Size
187 kB (187227 bytes)
Hash
3d09a68d418e5e17239b452b49fb825f
e1183718d72f8bb8d93375e308b6ffcfd82ada87
5b4a26e3dfd71ba94df3a34c0eafd3ade1796b126c35f16a5cc0341b1481dff8

HTTP Headers

GET /uploads/brothel/20210610/1310847/099edad16efac5cdd1e5ecbdf86fa23b.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 187227
server: nginx/1.23.0
last-modified: Thu, 10 Jun 2021 08:18:04 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "60c1cabc-2db5b"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RMrfdlprNuCg37bbJ74T2Vl6AVrCT4_auVY1zGLA2bFaHaVwCwmT8w==
age: 29621
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/brothel/20210610/41012/1549f933f8956306b93f606b94ab2a58.jpg

54.230.111.97

200 OK

75 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/brothel/20210610/41012/1549f933f8956306b93f606b94ab2a58.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 940x1196, components 3
Size
75 kB (74839 bytes)
Hash
b515d906cbba73f0a68303bb04b5cef6
09bec122ce0d3d704fb4af6eace03913de8a3c21
d8de700d2836f1a0bb5dd482b4e025ed99f791a78cf4122cf3bed24e78edf569

HTTP Headers

GET /uploads/brothel/20210610/41012/1549f933f8956306b93f606b94ab2a58.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 74839
server: nginx/1.23.0
last-modified: Thu, 10 Jun 2021 07:57:10 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Thu, 09 May 2024 21:08:04 GMT
etag: "60c1c5d6-12457"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eOcue_Fz4PVUdWVnIOyxHQOnnYje1ov0c5I26d8j89tVKH2flrwfPQ==
age: 74257
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1710498976.gif

194.53.53.6

200 OK

218 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1710498976.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
218 kB (217818 bytes)
Hash
27d0ce92a0f688f4c13a54f7be591547
254c33b3519d2e84f317b6c7169dbf5c7fa4d443
996a7c8299c98943af8348bd5d5df4ec8c64d372deb645aa713b5b09beb4f0df

HTTP Headers

GET /uploads/images/1710498976.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 217818
last-modified: Fri, 15 Mar 2024 10:36:16 GMT
etag: "65f424a0-352da"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C70B%2BkMTCbR31b8C93qOOG2BkRsc4Z9GvgVLt08xKrc92CkMwFg1Eez%2FE7kD1cZPmmntFqkneCDl433nXOlHV4bM8yoUxk6d%2Fjhv26JVM7YiBYSsbSa8xe94bQrpPVqI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b2e6d7131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/brothel/20210917/330089/aac21c3aeeed244f9447eb532d023b50.jpg

54.230.111.97

200 OK

121 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/brothel/20210917/330089/aac21c3aeeed244f9447eb532d023b50.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 1080x1440, components 3
Size
121 kB (121386 bytes)
Hash
7a24e12e7fe985d27946f1f54965bae5
9ea4e0cfcb0148c912e259444d11bc0d26f5e672
29bd4e3c015333ac0e20ca46dd4c5b5ff1929ee4d49e91d00612901ff1cf80c7

HTTP Headers

GET /uploads/brothel/20210917/330089/aac21c3aeeed244f9447eb532d023b50.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 121386
server: nginx/1.23.0
date: Fri, 10 May 2024 08:22:29 GMT
last-modified: Fri, 17 Sep 2021 07:42:04 GMT
etag: "614446cc-1da2a"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JCA-Ud1DhdoPBHs-yI4lEIwhbsSzdizlmk0T3o11wUVpSQwJCtEpag==
age: 33792
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1598949730.png

194.53.53.6

200 OK

272 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1598949730.png
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
PNG image data, 738 x 369, 8-bit/color RGBA, non-interlaced
Size
272 kB (272343 bytes)
Hash
7b52ee18f6f0ad32b6991fddeace72a6
46cc2a023ec0ecbc3244162f740de3c7462d2baf
4b82a79f6148f0b24c65f8aa831e42349c384ec2b4b07d16a2f366e45c942e4c

HTTP Headers

GET /uploads/images/1598949730.png HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/png
content-length: 272343
last-modified: Tue, 01 Sep 2020 08:42:10 GMT
etag: "5f4e0962-427d7"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b6H3lMWBF8F%2BnZ5gvRzdkmhwrOYJzeV147j2WpNlgD11S69FhY1CYwHvSr0s4nb0g5F3gRzV9ZTL2O8qI4ceIgAIQ1KMrb88F1wXqG3llWsZESrmCcYmPg2u27V0n7vg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b2e637131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/brothel/20210610/38105/79c10382fd8143d4e3b908526983f292.jpg

54.230.111.97

200 OK

119 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/brothel/20210610/38105/79c10382fd8143d4e3b908526983f292.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 960x1280, components 3
Size
119 kB (118748 bytes)
Hash
5abde3c93a86d2316751fa2baf46a1f6
7ebe79058039d65acace3879b44d97bea895bf40
6cb85567bd79022ec30e4798e1ae8637882556a97f79d66a32a685d1dfc4fb82

HTTP Headers

GET /uploads/brothel/20210610/38105/79c10382fd8143d4e3b908526983f292.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 118748
server: nginx/1.23.0
date: Fri, 10 May 2024 08:22:29 GMT
last-modified: Thu, 10 Jun 2021 07:18:11 GMT
etag: "60c1bcb3-1cfdc"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: utmnbL-psU49cxGRJqNn6IpUbTLHgV0-KY9O2osStEef_UIT_jWB4Q==
age: 33792
X-Firefox-Spdy: h2

xkm.vip.covers.vxd3k0.xyz/20220901/UXkRqKhK.jpg

54.230.111.74

200 OK

175 kB

URL GET HTTP/2
xkm.vip.covers.vxd3k0.xyz/20220901/UXkRqKhK.jpg
IP
54.230.111.74:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.vip.covers.vxd3k0.xyz
Fingerprint44:37:AE:25:58:82:1F:57:D4:8B:B6:E9:AB:BB:64:AD:C4:9E:B1:E7
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:09:29 13:46:40], baseline, precision 8, 730x410, components 3
Size
175 kB (175417 bytes)
Hash
886f310cb8c1a93d61d457200f5f7604
226b1658c3fcb8e78e824261643fb92bb2f5d87f
72dc2269ccbf3fd6b08baf23058c7e1638a62bfe08036af68545e4735b5e3a6c

HTTP Headers

GET /20220901/UXkRqKhK.jpg HTTP/1.1
Host: xkm.vip.covers.vxd3k0.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 175417
server: nginx/1.17.10
last-modified: Thu, 29 Sep 2022 06:48:01 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "63353fa1-2ad39"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iOsBUOM73hroDlS3SCZn4UxnpcckDlh2NUbmkd7SnXhauegjLwvgUg==
age: 38597
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1710398008.gif

194.53.53.6

200 OK

222 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1710398008.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
222 kB (221923 bytes)
Hash
30c8db9d83f97e3cc0592af1419fa065
55f6982a36681a5f7586257e2bee1edb8d12ba80
5c6208a58b8e347fbc1d1a637196c6736137b157bde7cc509c292b57acf0d288

HTTP Headers

GET /uploads/images/1710398008.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 221923
last-modified: Thu, 14 Mar 2024 06:33:28 GMT
etag: "65f29a38-362e3"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jsLpLyTg5LBuEddEU%2FYlqrJ6WVQ3g8setIRV1xvcYrJtxtv1R4ab3Rsiv2Ptosy8GUtS2d6wreAMWAGULoOEy82m0z3FxErXLudpIwDM7CePWRD1dzqm3TeUvqvqmv87"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b1e587131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/brothel/20211119/4078574/8c0242cc3ef6de2ae8690746a28f15f2.jpg

54.230.111.97

200 OK

72 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/brothel/20211119/4078574/8c0242cc3ef6de2ae8690746a28f15f2.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 1071x1287, components 3
Size
72 kB (72164 bytes)
Hash
187bb6ccaa5d75506e8a8da6b566197e
2674a43a0565762f89495f21f29d7d7d2c284781
79f6428f84cef6bea232e745583f2b595e0005fb68dda9aa542872ae031b306f

HTTP Headers

GET /uploads/brothel/20211119/4078574/8c0242cc3ef6de2ae8690746a28f15f2.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 72164
server: nginx/1.23.0
date: Fri, 10 May 2024 09:32:00 GMT
last-modified: Fri, 19 Nov 2021 11:54:04 GMT
etag: "6197905c-119e4"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MkhrtaMgs9uVL2KdPj5Pogyj1fWdZzdBvO6zRtnFMUqisnZ-48L3vA==
age: 29621
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1705136881.jpg

194.53.53.6

200 OK

52 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1705136881.jpg
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 200x200, components 3
Size
52 kB (52189 bytes)
Hash
20af07da1e7b1bb81804878f026fb53e
28ead7dd17ad688243b1938850a2f97a407a1dc0
45f5b10b8f10702eda9f9041faa5b9b8bd1f9c4613a983837683c4b82ee299be

HTTP Headers

GET /uploads/images/1705136881.jpg HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/jpeg
content-length: 52189
last-modified: Sat, 13 Jan 2024 09:08:01 GMT
etag: "65a252f1-cbdd"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQb4HRR9TQYOgU1o4gA0ARwA40EsJkKJ4VohdOYZ6noQM7V3DTVT8V5gfZNWeFWgYWtdTXDFdsK%2B8ZjCJVxMg6E0oopMSXmzpFMdODTAJsxAeB9vRY3xD0iD5CM77dYb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8e6b047131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/brothel/20210609/41012/6eb8f48735ae4fa77e2601da1b690c2a.jpg

54.230.111.97

200 OK

122 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/brothel/20210609/41012/6eb8f48735ae4fa77e2601da1b690c2a.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 960x1280, components 3
Size
122 kB (121788 bytes)
Hash
291cedf305abdec10e3a067339dcd506
3ff309ab636c741fa6c872bdc8275220185b1ceb
a91fb19e8c6a353f94d43f96b8d8028b0d20612abc586253be0e6df4a4d05a43

HTTP Headers

GET /uploads/brothel/20210609/41012/6eb8f48735ae4fa77e2601da1b690c2a.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 121788
server: nginx/1.23.0
last-modified: Wed, 09 Jun 2021 09:27:04 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "60c08968-1dbbc"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: s0NaFWhQ_A8hJRjks0bV82NXMHIOb9fK8cn_v85gIuzDXTel-OPkvA==
age: 12958
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/brothel/20220519/4078574/0e2442a00e599b61eec8c5a53e74a56b.jpg

54.230.111.97

200 OK

82 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/brothel/20220519/4078574/0e2442a00e599b61eec8c5a53e74a56b.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.18.100", baseline, precision 8, 983x1280, components 3
Size
82 kB (81646 bytes)
Hash
794315916c0897131b40f99efde753d6
3fa2be67b797f892a83a618db8f854dff1c61f4d
562923b1e4945540b775838444745053d7269956dba1a6ad75da7769413dd727

HTTP Headers

GET /uploads/brothel/20220519/4078574/0e2442a00e599b61eec8c5a53e74a56b.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 81646
server: nginx/1.23.0
last-modified: Thu, 19 May 2022 05:54:03 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 14:09:43 GMT
etag: "6285db7b-13eee"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Kkod3JZaz6u-WyUZJ_mvIGKFDF3FJ5RafT7VjVOCDyIARaDSQQ0EdA==
age: 12958
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20210608/2632223/75784c1b502e794c04d762b64feab983.jpg

54.230.111.97

200 OK

34 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20210608/2632223/75784c1b502e794c04d762b64feab983.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 856x480, components 3
Size
34 kB (34319 bytes)
Hash
b8a7937a0c2bfd77a26e972f949753f9
ba282a2f2a6dca436f9f32f289fe52814e2a1b37
639b251019bb3c021da55da9ca9d6028fad3e1aea8493242c26d9a8e3a7537d4

HTTP Headers

GET /uploads/cover/20210608/2632223/75784c1b502e794c04d762b64feab983.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 34319
server: nginx/1.23.0
date: Fri, 10 May 2024 17:45:41 GMT
last-modified: Tue, 08 Jun 2021 03:54:33 GMT
etag: "60bee9f9-860f"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: O7H7K3mx588hso2fBFuLpeA9WsEUDzbRWq9KNgJcLsdmjKRGMp9_CQ==
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/cover/20210608/3334246/d0571bf926d3670044ee6d5353e7f8a5.jpg

54.230.111.97

200 OK

75 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20210608/3334246/d0571bf926d3670044ee6d5353e7f8a5.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3
Size
75 kB (74622 bytes)
Hash
5d8342c8058b76502dca3d0edebe7aae
e14f978dff5ab9faebef34256ccd2bd7458ae90b
aefae61c325e497661cc55e8e1bbb67ca86aee5b76d7550164ddc0973c2a9eed

HTTP Headers

GET /uploads/cover/20210608/3334246/d0571bf926d3670044ee6d5353e7f8a5.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 74622
server: nginx/1.23.0
date: Fri, 10 May 2024 17:45:41 GMT
last-modified: Tue, 08 Jun 2021 03:39:23 GMT
etag: "60bee66b-1237e"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: M_e1vC95dnAPEEZUm66TTp8VUadzGPgTuXAIOhYXklbWvENc5y3GNQ==
X-Firefox-Spdy: h2

xkm.vip.covers.vxd3k0.xyz/20220601/xulYFYmk.jpg

54.230.111.74

200 OK

138 kB

URL GET HTTP/2
xkm.vip.covers.vxd3k0.xyz/20220601/xulYFYmk.jpg
IP
54.230.111.74:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.vip.covers.vxd3k0.xyz
Fingerprint44:37:AE:25:58:82:1F:57:D4:8B:B6:E9:AB:BB:64:AD:C4:9E:B1:E7
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:06:27 00:21:12], baseline, precision 8, 730x410, components 3
Size
138 kB (138394 bytes)
Hash
5a513fd6aeefdff242d5df129669a30e
f280e578821eb4461963c56d418e8a90d9d9e664
310b5f1a573bd0992ecaafc5d82257557bede0a275688e0a1ad145aa0e1936f8

HTTP Headers

GET /20220601/xulYFYmk.jpg HTTP/1.1
Host: xkm.vip.covers.vxd3k0.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 138394
server: nginx/1.17.10
last-modified: Mon, 27 Jun 2022 06:36:01 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:42 GMT
etag: "62b94fd1-21c9a"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZB6mgaV2mQUQ9W7vK6oscdTJaTY9RHCSF9F6SrM0_880-wR9F0MVGg==
age: 24289
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1710583945.gif

194.53.53.6

200 OK

94 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1710583945.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 200 x 200
Size
94 kB (94508 bytes)
Hash
bb49891db7e7420ae1add2768487cd9b
bb2dac59f9a728420f8b0a8ee5fcbc0533efd8b6
4f778a570a634c2a4d9f0525ae8f61c9e392285035e99531ec3b21fcf6870ccd

HTTP Headers

GET /uploads/images/1710583945.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 94508
last-modified: Sat, 16 Mar 2024 10:12:25 GMT
etag: "65f57089-1712c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1m9NgOFVVrN%2F%2BU6V6rwgctBYOaqLHl6AeJKa%2F5476r32nbf6U38KTaV4eE5IgavK8sjW08CvYUjvNMwJ%2BxpDImiCXvhe%2BHDxuugQ5IWdwj4zGU2KaR4aWQG%2FXx84NNUr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8e6b037131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1712404378.gif

194.53.53.6

200 OK

102 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1712404378.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 200 x 200
Size
102 kB (102284 bytes)
Hash
e5274fa3652f9ddb03b6a7f03d7238e4
d5d126e75e01d144845286ebb5849c3856e9a566
2971a5800460c71ae3e2131641cc2b33f118e75da24a1485926b174a6a79cf05

HTTP Headers

GET /uploads/images/1712404378.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 102284
last-modified: Sat, 06 Apr 2024 11:52:58 GMT
etag: "6611379a-18f8c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOl6Hv0b1YLfvgI1xJFCZXAkYarF%2BhskXZbks%2BanAG%2BnSDq4R%2BcRNnmtuhDCyDOxZZVbfjBGwSqonDIHXLf%2FZLlic%2Bc%2FkrZlAgpY8uX71NPE3GrXcW97fE6vN1CRPiKn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8e9b387131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.vip.covers.vxd3k0.xyz/20220801/MQbFsimK.jpg

54.230.111.74

200 OK

185 kB

URL GET HTTP/2
xkm.vip.covers.vxd3k0.xyz/20220801/MQbFsimK.jpg
IP
54.230.111.74:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.vip.covers.vxd3k0.xyz
Fingerprint44:37:AE:25:58:82:1F:57:D4:8B:B6:E9:AB:BB:64:AD:C4:9E:B1:E7
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:08:14 19:23:55], baseline, precision 8, 730x410, components 3
Size
185 kB (185004 bytes)
Hash
32af8e7627fd55be2835c65b9d608a75
9ae5b5c7f973e9afd99a4aa30ff520df080920f3
87f22f17e704afd146662252f7786d01945ea1eea9548dc70e40fc26412ac9f8

HTTP Headers

GET /20220801/MQbFsimK.jpg HTTP/1.1
Host: xkm.vip.covers.vxd3k0.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 185004
server: nginx/1.17.10
last-modified: Sun, 14 Aug 2022 14:24:01 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 11:00:53 GMT
etag: "62f90581-2d2ac"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hD663fw7Btv-xHFHJvK5-Z5EiHhKSWvnuPqONgKMGa-dAZUVQA4Hwg==
age: 24289
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1657628564.jpg

194.53.53.6

200 OK

174 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1657628564.jpg
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x600, components 3
Size
174 kB (174122 bytes)
Hash
2af270bcb6eb09dc8d819bd66a29c892
9eca61174ee7cf6be3836450661a492f1bf348e2
d4a9f15b1031ebcfa2ce93d7d767f7d583c7c709f0fa5e9d658916feb590b661

HTTP Headers

GET /uploads/images/1657628564.jpg HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:42 GMT
content-type: image/jpeg
content-length: 174122
last-modified: Tue, 12 Jul 2022 12:22:44 GMT
etag: "62cd6794-2a82a"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FodVrs282TIQq%2FzlKW20bTXSdN7dEE7vx%2Bp25FBEy1ljINtfMrh0n%2BKKNiYOYbSRBfpY9jvHlHDphiueFK12C9pEN3hucck1Gw1jHScJixeRE30VeUMIV7QgGHzO230"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8f8c9d7131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1712290086.gif

194.53.53.6

200 OK

973 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1712290086.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
973 kB (973021 bytes)
Hash
35db8256dc93cf1aafe2388e7133cd58
abf1ae3e066130e2a8d1233ab4f9f2511de1a90c
17819021f23fad76b817cbfd45a2c1b7544e1255a8ef7a9d793b9e618e645d33

HTTP Headers

GET /uploads/images/1712290086.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:41 GMT
content-type: image/gif
content-length: 973021
last-modified: Fri, 05 Apr 2024 04:08:06 GMT
etag: "660f7926-ed8dd"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EK3pbnGdxWXEn3B%2FspBJ67ovWZYKwqlrJwGcUFxslx9efCd7jKHsL0Svdk8s00l7WpGryfHhP6Qp8N3zn%2B7Try%2BQou9JOAKyiP7B2k9zclPwzoLZaJbDDURRYOpG6azd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8b3e7f7131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.xmmnsl.com/uploads/images/1714810812.gif

194.53.53.6

200 OK

161 kB

URL GET HTTP/3
ad.xmmnsl.com/uploads/images/1714810812.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 300 x 600
Size
161 kB (160937 bytes)
Hash
72ee93578467fc114a081122f4ed29ae
e9983fc404457a5a7f728125b766aee084d40252
0ec4d83890fe2eaf33ad489d4b4d03d40121e92d65e8aad6477bdd58da959757

HTTP Headers

GET /uploads/images/1714810812.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:42 GMT
content-type: image/gif
content-length: 160937
last-modified: Sat, 04 May 2024 08:20:12 GMT
etag: "6635efbc-274a9"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HEz2uk9%2FRWr%2Fgjci1uL958w%2BvlK80v8YeLnPQnN%2BE48G146hte2uiGiAk9n8AkBwDdeUgU5275SSeI%2FPvDHxqPl9RqAvD8U86edk9iChh%2FnXPPfzto1oIhVXWRUFgD22"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe90bf635684-OSL
alt-svc: h3=":443"; ma=86400

ad.xmmnsl.com/uploads/images/1712124397.gif

194.53.53.6

200 OK

78 kB

URL GET HTTP/3
ad.xmmnsl.com/uploads/images/1712124397.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 300 x 300
Size
78 kB (77760 bytes)
Hash
4f77f0d98b472cb8c608637a9c13a0d1
730604f78a25fce0a6601cecc647ae8b6e1438c1
fc769d997c4b28fb16794f1149b60fa6603156ca12b7b3f4b4d565d99847f5e0

HTTP Headers

GET /uploads/images/1712124397.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:42 GMT
content-type: image/gif
content-length: 77760
last-modified: Wed, 03 Apr 2024 06:06:37 GMT
etag: "660cf1ed-12fc0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qR7LZ2d%2FTjNWDLKqpzwDiX2HdyjL3ECujh5Nktj8oXI%2BUi%2FnysL9a4jHu3a%2B1aYvrxrpGcYbuJcTQC8y%2BSuJY3v0N4ONiyOKXLmZ9UfKRipUjzdPCKQx%2FLVOteRVYi%2Bl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9249525684-OSL
alt-svc: h3=":443"; ma=86400

amjs.xylhwdu.com/i/2024/04/08/bh-200-200.gif

163.171.134.108

200 OK

70 kB

URL GET HTTP/1.1
amjs.xylhwdu.com/i/2024/04/08/bh-200-200.gif
IP
163.171.134.108:443
ASN
#54994 ML-1432-54994

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectamjs.xylhwdu.com
Fingerprint08:E2:E5:7D:0D:31:AA:29:02:83:95:06:4C:4B:D5:65:1D:26:38:AC
ValidityMon, 08 Apr 2024 00:00:00 GMT - Tue, 08 Apr 2025 23:59:59 GMT

File type
GIF image data, version 89a, 200 x 200
Size
70 kB (70364 bytes)
Hash
2d5517e5e05c46456d86c8334d834e64
8f49b9343ac308b81859f97b77bbc68771c00468
db880296afc6831e58c013b2a9b295bf97fea545bb888b6bd8a9f227e29a5859

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /i/2024/04/08/bh-200-200.gif HTTP/1.1
Host: amjs.xylhwdu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:45:42 GMT
Content-Type: image/gif
Content-Length: 70364
Connection: keep-alive
Expires: Sun, 09 Jun 2024 08:33:41 GMT
Server: nginx
Last-Modified: Mon, 08 Apr 2024 08:53:09 GMT
ETag: "6613b075-112dc"
Cache-Control: max-age=2592000
Accept-Ranges: bytes
x-via: 1.1 PS-SIN-01sem119:12 (Cdn Cache Server V2.0), 1.1 td173:1 (Cdn Cache Server V2.0), 1.1 PSrdsdgemSTO1ab82:7 (Cdn Cache Server V2.0)
Age: 33121
X-Ws-Request-Id: 663e5d46_PSrdsdgemSTO1ab82_29360-21956
Access-Control-Allow-Origin: *

ad.xmmnsl.com/uploads/images/1630225445.jpg

194.53.53.6

200 OK

167 kB

URL GET HTTP/3
ad.xmmnsl.com/uploads/images/1630225445.jpg
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x600, components 3
Size
167 kB (166617 bytes)
Hash
ce021d8893fd426d2e69ef047e40a07d
34722dfbf3147a8fce3318787d31185e7f6d84c5
8d86ddaf54bbcff0dd40bd530f4a1f44dc9fcdcc0ae5a6d207fad21967bfd243

HTTP Headers

GET /uploads/images/1630225445.jpg HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:42 GMT
content-type: image/jpeg
content-length: 166617
last-modified: Sun, 29 Aug 2021 08:24:05 GMT
etag: "612b4425-28ad9"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y6yHdXqySzEeEcD03GMU2IRf%2BgyEgCdieJddqRvSWu2OPdugkagNoJr%2FoFRuz%2BhOX5a%2BmX3aEQPtBwvN8u2Y1ankDr0bfC2wXT8jv%2BHMT%2BUdckPjl5zzP3dA4OEVe9VM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe91a8695684-OSL
alt-svc: h3=":443"; ma=86400

amjs.xylhwdu.com/i/2024/04/08/bh-738-369.gif

163.171.134.108

200 OK

444 kB

URL GET HTTP/1.1
amjs.xylhwdu.com/i/2024/04/08/bh-738-369.gif
IP
163.171.134.108:443
ASN
#54994 ML-1432-54994

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectamjs.xylhwdu.com
Fingerprint08:E2:E5:7D:0D:31:AA:29:02:83:95:06:4C:4B:D5:65:1D:26:38:AC
ValidityMon, 08 Apr 2024 00:00:00 GMT - Tue, 08 Apr 2025 23:59:59 GMT

File type
GIF image data, version 89a, 738 x 369
Size
444 kB (443806 bytes)
Hash
5afcac50c933f6283b2f7e13af831486
2ba1332c0da1693ee3d05a6de46cb163878bf21e
a9a41128fa94de77d558bfb233c5abc6529503c4d55c0900bcd59127925c245b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /i/2024/04/08/bh-738-369.gif HTTP/1.1
Host: amjs.xylhwdu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:45:42 GMT
Content-Type: image/gif
Content-Length: 443806
Connection: keep-alive
Expires: Sun, 09 Jun 2024 01:30:03 GMT
Server: nginx
Last-Modified: Mon, 08 Apr 2024 08:53:08 GMT
ETag: "6613b074-6c59e"
Cache-Control: max-age=2592000
Accept-Ranges: bytes
x-via: 1.1 PSxjpSin5hx154:2 (Cdn Cache Server V2.0), 1.1 ld84:12 (Cdn Cache Server V2.0), 1.1 PSrdsdgemSTO1ab82:2 (Cdn Cache Server V2.0)
Age: 58539
X-Ws-Request-Id: 663e5d46_PSrdsdgemSTO1ab82_28548-47090
Access-Control-Allow-Origin: *

ad.xmmnsl.com/uploads/images/1715235971.gif

194.53.53.6

200 OK

132 kB

URL GET HTTP/3
ad.xmmnsl.com/uploads/images/1715235971.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 690 x 300
Size
132 kB (132170 bytes)
Hash
c6d226f301f028cb3209f98609a93f06
95a73e58f86d82e4307cac1138a806499e0ad724
c9e313f0f744756e2de6e23de7653cb21abfe6922ec33607a1b522ef6380b904

HTTP Headers

GET /uploads/images/1715235971.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:42 GMT
content-type: image/gif
content-length: 132170
last-modified: Thu, 09 May 2024 06:26:11 GMT
etag: "663c6c83-2044a"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHUpEJEHqTb6aLgJBYYIv1nZMuIAv%2BghmHb%2BvscgSWQB4i61l52%2BBdJXGuf1t3xMjFS5Jd%2FEpNBKaNQK9tS6apbb2HuCnQHZ3QDnYJon5Q7aYnOJVeMoRlw4vPFgKF3o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe93cc405684-OSL
alt-svc: h3=":443"; ma=86400

888bbb777www.com/8a7a5d16cc0a4a098073d6a76f4c198d.gif

143.92.34.170

200 OK

140 kB

URL GET HTTP/1.1
888bbb777www.com/8a7a5d16cc0a4a098073d6a76f4c198d.gif
IP
143.92.34.170:443
ASN
#64050 BGPNET Global ASN

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject333bbb666www.com
FingerprintC2:0D:FC:64:B3:A3:78:DB:EA:4F:0C:0A:3A:21:DB:4F:FC:09:21:DA
ValidityThu, 04 Apr 2024 12:17:04 GMT - Wed, 03 Jul 2024 12:17:03 GMT

File type
GIF image data, version 89a, 738 x 369
Size
140 kB (139570 bytes)
Hash
06ed2573f504194eb3d43b46bbdb140e
c772d6b1c01b9d6588b499a0e0c720851d09e4d1
83c71fc003e8531ecc7faa75df07153b76e1bfa7863487a39b4b33c7e64b1fce

HTTP Headers

GET /8a7a5d16cc0a4a098073d6a76f4c198d.gif HTTP/1.1
Host: 888bbb777www.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:45:42 GMT
Content-Type: image/gif
Content-Length: 139570
Connection: keep-alive
Last-Modified: Tue, 16 Apr 2024 14:34:23 GMT
ETag: "661e8c6f-22132"
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes

ocsp.trust-provider.cn/

150.139.142.18

599 B

URL
ocsp.trust-provider.cn/
IP
150.139.142.18:0
ASN
#136195 Qingdao, Shandong Province, P.R.China.

File type
data
Size
599 B (599 bytes)
Hash
3089fae9a74fab23d0e8e5950d3baef9
56bf9b2afa25a946b9dc4cec2f8056a3fb7bae71
886b36275c5fb8de9c6c6a7773986ebe53a0fdeac21a128237149fed2ed9b8c6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
cf-cache-status: EXPIRED
accept-ranges: bytes
cf-ray: 88024bd679f785e6-HKG
ctl-cache-status: HIT from hk-xianggang4-ca01, HIT from fj-quanzhou7-ca48, HIT from he-handan1-ca14
request-id: 663e5d47f69e8cc3b06dca3435281dd6
expires: Tue, 14 May 2024 14:49:06 GMT
last-modified: Tue, 07 May 2024 14:49:07 GMT
date: Fri, 10 May 2024 17:45:43 GMT
x-ccacdn-proxy-id: scdpinlb4
cache-control: max-age=3600
age: 99
x-frame-options: SAMEORIGIN
etag: "56bf9b2afa25a946b9dc4cec2f8056a3fb7bae71"
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1715363143cbebc6914823a6f5f3cd51cd934d53a9
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=29, edge;dur=0

ocsp.trust-provider.cn/

150.139.142.18

599 B

URL
ocsp.trust-provider.cn/
IP
150.139.142.18:0
ASN
#136195 Qingdao, Shandong Province, P.R.China.

File type
data
Size
599 B (599 bytes)
Hash
3089fae9a74fab23d0e8e5950d3baef9
56bf9b2afa25a946b9dc4cec2f8056a3fb7bae71
886b36275c5fb8de9c6c6a7773986ebe53a0fdeac21a128237149fed2ed9b8c6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 599
Connection: keep-alive
ctl-cache-status: HIT from hk-xianggang4-ca01, HIT from fj-quanzhou7-ca48, HIT from he-baoding2-ca05
request-id: 663e5d47920715f69d76e0cfef73a1cb
x-ccacdn-proxy-id: scdpinlb4
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
etag: "56bf9b2afa25a946b9dc4cec2f8056a3fb7bae71"
date: Fri, 10 May 2024 17:45:43 GMT
accept-ranges: bytes
age: 0
expires: Tue, 14 May 2024 14:49:06 GMT
cache-control: max-age=3600
last-modified: Tue, 07 May 2024 14:49:07 GMT
cf-ray: 88024bd679f785e6-HKG
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 171536314362e97dd8cfea7404e6ef05bc69563d25
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=72, edge;dur=0

9irrkt8b54.xyz/pc/static/css/chunk-120e0e42.2664cc0e.css

172.67.134.207

200 OK

6.1 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-120e0e42.2664cc0e.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
gzip compressed data, max compression, from Unix
Size
6.1 kB (6099 bytes)
Hash
02d31623f271426067cb2e624355f273
5c531b8aa3c389ddd07b44fd5edeb2ba180fa2c5
4b96ee09d315465eb3a2d34831d28a13f6b64029d7152689f77083503796c4b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-120e0e42.2664cc0e.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-2b49"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sii86fvRiejJBqcKi8gMk0o47NLdOYnKCdu2OOqLdDgbDEl0TYL1NcqwiuRueClzMi%2BSdh8YkevCGVgu1tLM9GF0mC%2FUYYRxhjG9tcEB2ZtPDGjnf9aRmFtU8AiNH7%2B5KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9e3b935687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-27ab3d21.f53bf4ad.css

172.67.134.207

200 OK

16 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-27ab3d21.f53bf4ad.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
gzip compressed data, max compression, from Unix
Size
16 kB (16055 bytes)
Hash
40785cfaaa646db1e04ff71a0a448355
a52b2b9d34fe2e1644b07041ec7b62e4b0b14f76
0a18afe2c3a19d0d9b5038c155e0a102bc40a36afddc541eb18b67ebe43f233a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-27ab3d21.f53bf4ad.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-bb9"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXRJxIfu3ah%2BVqe6khFfkhR3VtW0w6cRhKxQLzkzAO%2FE3LO7louInb%2Bn5y1OVZVu7B3WgznKQBXgcLBHQzelph2N0t5f4cPzCeL0Y3nqcS1tGHTaVO%2F92pf5QP1Gn9RlvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea0af105687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-13ee06ec.390e8cee.css

172.67.134.207

200 OK

40 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-13ee06ec.390e8cee.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
gzip compressed data, max compression, from Unix
Size
40 kB (40252 bytes)
Hash
262ba10f0ed94aa23643e664a6c4c0fa
5385a7b6a8245431a044306ad9ac59b0024e25e2
adae6b23425042a072f980054fb037f4685e41b18bc42a8b8778c62b1336834f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-13ee06ec.390e8cee.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-694"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BnJy1ZxhjViHh4J2uBrFkm71sNfjwN3w04yxMtJIsPJ92sJZs3FBHn8Mgnv1SGm%2FVi1IAMHzY62IT4oohk01ppVmjmysHyDtR1yTXa9oHKurboXwqMJLmorbUl2ngeaJoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9e4ba05687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-0afebd40.0024b57c.css

172.67.134.207

200 OK

481 B

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-0afebd40.0024b57c.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
gzip compressed data, max compression, from Unix
Size
481 B (481 bytes)
Hash
df12e3363249845065490ee35cabe0db
359bf4810ad44155225e9f7456ddd88a9a99b4db
0af533e4a86577dc3b693c6f847fbf66953db75477fac5253b516502fa8a1912

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-0afebd40.0024b57c.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-453"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ggCE5PhwZeyxN6vRShS5sD6uSY3eGLLoNYps9%2BpHn0Bxw8FKK3P9PFrja5Mp5yFApY1aUn85Us6u3EwGGBMx14tZ7jKVmefbO5JRfJDCGfC9gqByBZLFRqEMeRHo24ezcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9e3b865687-OSL
alt-svc: h3=":443"; ma=86400

api.3hfdkg.xyz/api/config/index

172.67.174.98

200 OK

11 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/config/index
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (11200), with no line terminators
Size
11 kB (11200 bytes)
Hash
ef355f51e81f3714f6e3e14255c5fb32
da1285a88f0203299ae2f3bb08a60cad42e49cb4
81aa18f9c2e7bba5f003739dc59098c17b743653a727d22aa92d6a44f0130b08

HTTP Headers

POST /api/config/index HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 229
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OUJhG2mVOHx1jtHHZlwwNz3N22NNgbEhvFCocL%2F7uQ9mpwlLHoSyINKPNw%2BfOgoxT2RyE2pwl3lgdxC9WaOH2quIfNb0HXinEZv%2FMdLXahFDIbV%2BLiyWVFvRlHGyDwd%2FmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe81de6b5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20240510/6181427/2c8eba23064fe60721ae6acfe93ca487.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6181427/2c8eba23064fe60721ae6acfe93ca487.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6181427/2c8eba23064fe60721ae6acfe93ca487.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-27ab3d21.d309a868.js

172.67.134.207

200 OK

7.1 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-27ab3d21.d309a868.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7785), with no line terminators
Size
7.1 kB (7051 bytes)
Hash
f34b845e0d637ed926715c044307be68
1923c0d123739a568d4b7bd60cbac0158610ccb5
2f3d69a72cb56e672c3daf0b29b6eb645c0076cbd77d366f42c9e0216dc9980e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-27ab3d21.d309a868.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1b8b"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UX2DLq%2B9YZ5AbLEXJfrW7u66i3KlEz0fu9gOu1ttNUxGXDHoTNCBhO%2FFBmoaxV25XzFEjSf6GogC7wrw6KMXomRqK4N2j8prVo3emGrBCEDkd%2BSWztshI2U1WkOXdjZMyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeabdebd5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240126/4846192/ca258dc6e7d876b454e659bf82c6a65c.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240126/4846192/ca258dc6e7d876b454e659bf82c6a65c.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240126/4846192/ca258dc6e7d876b454e659bf82c6a65c.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20220519/4078574/0e2442a00e599b61eec8c5a53e74a56b.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20220519/4078574/0e2442a00e599b61eec8c5a53e74a56b.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20220519/4078574/0e2442a00e599b61eec8c5a53e74a56b.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-554133ca.63b673be.css

172.67.134.207

200 OK

14 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-554133ca.63b673be.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (14081), with no line terminators
Size
14 kB (14081 bytes)
Hash
ac2fb259a3e40997da58fbd63338c135
defae0c6848399d831b0315e26bffe44afae80cd
b0da6b02de94113fbb3a07c13c1df409e5e45c323495c500fc1a6f3c7eaf67c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-554133ca.63b673be.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-3701"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3mRSzTPTLYd0M8nOXxRj3bywVlOpSy9aJuOg6t9zWBrPviwYEzaqngNcKvkqlL851%2Fpu6WvUZ0WZvsaAPR9KuLUi1PL7agzuDJKIhegGcDYbyxbkWsS4a5fAFPIXZqB2jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea2ea0f5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240510/6198399/fa171014d56dd90d81a313b6f7cc1eb2.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6198399/fa171014d56dd90d81a313b6f7cc1eb2.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6198399/fa171014d56dd90d81a313b6f7cc1eb2.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-d5a2dd36.56866224.css

172.67.134.207

200 OK

1.9 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-d5a2dd36.56866224.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (1874), with no line terminators
Size
1.9 kB (1874 bytes)
Hash
e04fdcc5d7ef127c4a4fbf043ec681dd
984b789aeec9de6d2f4f9a8430dcda28900846f8
ececb83fc1766d104411ec0073a4d47cd2686f4ab06267633d69526cdd1701d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-d5a2dd36.56866224.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-752"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MRUuDYtgfKLr6xN99FJ3bnp4At77J7YI17nHL6S5tOdBkJEJXq0mM%2Fr3QWMWGqthSrQoP9zMmIxO0p1GPtWICvsPguGloc3mSrxwesqNyAmlfEBwD3OJkwcx%2B6yLXwyTwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea6dfac5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-19ba64a7.063704a2.js

172.67.134.207

200 OK

17 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-19ba64a7.063704a2.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (17009), with no line terminators
Size
17 kB (17009 bytes)
Hash
a589f04cb5dbcdc730c000efe2ad61a6
4cf374f7a87d6e8c391d5e8fa6e22b5d14a08c81
a913b35ec32795909291aace8fdfeb2a779805f15da21c0b554431ac96da043e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-19ba64a7.063704a2.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-4271"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6TZSpKV%2B%2FWG67cbyVSt%2BUSOfyyjsEmRDf9WNfUYzPxJyIaF2zItfJQU0xVIUmgBnMBqL8S%2FZblPR8LnOdg5SpHPfIhE5VAIwB38hB65y0FN5Y05aB0%2FqCtQ9zvmAH8ANlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeaa2bf75687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-ad415e6a.5d2a5e7b.js

172.67.134.207

200 OK

11 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-ad415e6a.5d2a5e7b.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (10612), with no line terminators
Size
11 kB (10612 bytes)
Hash
6d07ef4be2713157b0c01fd6a00fd826
74b19df4bab47de3c6494839799e7e3b17b334bc
7cd96bfd41aec18105ec74bd04bed86cb53b1f8d094bbceb173e07725e7e9dac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-ad415e6a.5d2a5e7b.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-2974"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GrgcuFlnRcr5%2FaJQpXvUmu9Ab6QRERDtpUVhoqlbxTsXoxXebsmqqA0vyqTHX3tKme4hlfYGlzRtU4HsWHRGi6IPkM5kxQWWkw6XM%2BQkvbBCSEpBcIh1mOeC8LwjpIxpdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb24f065687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20210610/41012/1549f933f8956306b93f606b94ab2a58.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210610/41012/1549f933f8956306b93f606b94ab2a58.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210610/41012/1549f933f8956306b93f606b94ab2a58.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6206514/36fceda6df51446eaca95ffd4f4b5d1d.jpg

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6206514/36fceda6df51446eaca95ffd4f4b5d1d.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6206514/36fceda6df51446eaca95ffd4f4b5d1d.jpg HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-aa84ddf2.7d62531e.css

172.67.134.207

200 OK

1.1 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-aa84ddf2.7d62531e.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (1082), with no line terminators
Size
1.1 kB (1082 bytes)
Hash
c497291496c4223ee7d503511c055770
1544b45e1b35fc0c714be39a1e80027085e9102d
39f8c83316fc3a258e9ce1dafaeee6375350c8183f18d9fc8fd58690e541b21d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-aa84ddf2.7d62531e.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-43a"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5cSguI5bywSRBZ4MWsR%2BkVVz%2Fhza6l04H98zP5DnEEa9NWCfriRwSGjbZIbQs0G3l0WXxT7IjWd5EgtfoMEQjJ4vdwIeR6XaQfnDVhuOSSNNUXTWzE%2FrfgUrZSQdr0xnHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea52d565687-OSL
alt-svc: h3=":443"; ma=86400

api.3hfdkg.xyz/api/app/recommend

172.67.174.98

200 OK

3.7 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/app/recommend
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (3744), with no line terminators
Size
3.7 kB (3744 bytes)
Hash
d56e697a52cf589429b9cfe7fa002deb
36a61896b7c8a01d769154b089efc0b3e3a52fee
408af68d5001b2895e852b0348df117f3689110e27eadf30057141e0893b656f

HTTP Headers

POST /api/app/recommend HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 229
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EF%2BtMYDHMslcIAvNbzio1CMf1mHLKqGgetm26eDHKmZiPbzfXMk5Dk1LNnN1u4pF4ARVA5wzy4CPIW6CkyRG0XLwBCZ98myJQuF3iRVHODjABSC1oBj866R7RN%2BexpDspg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe84a9e55690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

9irrkt8b54.xyz/pc/static/css/chunk-c4830756.14fcebf4.css

172.67.134.207

200 OK

7.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-c4830756.14fcebf4.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (7181), with no line terminators
Size
7.2 kB (7181 bytes)
Hash
d02443a99b2449b2c1f286abc9e625ef
151365e24cf618e23503e65899d451c12c9550ca
70e1a205e815e8966bc2dfcc4af9c042acd03bf65c1b25fd1e2d57dece9451fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-c4830756.14fcebf4.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1c0d"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wszJtS%2B6z6PjTKmKzZc9r4OivMqeZNwJ%2BI9%2Fh6rYKytVMhkY4LTM6fjBCInfl57om%2FoZU7mTGzAOvlMab7iyo0%2B8snKj73UICDVgsoQJ%2BGduNvPVhhFNLELIp27YGTbxSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea68f3f5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240509/6181427/a9ae6781a851f577702709889d49af18.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240509/6181427/a9ae6781a851f577702709889d49af18.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240509/6181427/a9ae6781a851f577702709889d49af18.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-507e226f.9b8cc5ed.js

172.67.134.207

200 OK

24 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-507e226f.9b8cc5ed.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type

Size
24 kB (23565 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-507e226f.9b8cc5ed.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-5c0d"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3myVwqyhMzhqZAFksRTbCtn84txeKj2WAiJ9BLS3vgT3WDeq3U3yreJSINwa1%2Fs%2BLWl61uGdPbeXMKwzvH%2F3VIbWjlhKwhrAgauN5ZTSvu8HZRbQWRtNVzHC5LKjTrn9JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeae39b25687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-60cffffc.93359da9.css

172.67.134.207

200 OK

26 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-60cffffc.93359da9.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (26544), with no line terminators
Size
26 kB (26544 bytes)
Hash
d28b45fae99d83a4788e9ad433b50221
9154f371e185a3e6d91847ab9f2ca8b3c05033f6
256144c3b504517745622849e0ff268457b9acd41836271e3be8f7dd7ad58d2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-60cffffc.93359da9.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-67b0"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pSEbF64R2f2%2FITfpGhlKoumhZO6J%2BfMcy4qrlQrw%2BlnL8H7FMcZoT9Sqgmr%2FjssPxwG3dCAGqoowbQhkPGzN0UxcveQKTmMiKMLvBVCRxb7o4xWwXiZNDVJXR2%2BIpM5grw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea40b8b5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-0d3a462d.f92a018c.js

172.67.134.207

200 OK

15 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-0d3a462d.f92a018c.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (15224), with no line terminators
Size
15 kB (15224 bytes)
Hash
41d597a48ea5c2a573ffb1e43364bffc
21c9683bf62df3036149cd57e88aad7ea8b0e26b
971daa7cf76db11f37c8ebd533ece7d5f151f6f5effd9e23ac201cb312097387

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-0d3a462d.f92a018c.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-3b78"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CSeL7ebtiJK5H7nwwQVTWP%2F4y3B341PHqt9CgvYJauOOh%2FePP0kpwiRbyhhlUhZCaiBIyMfIE9zT8sGu5euuOGPArW5pjSLep%2BiPmmpZrvswQrqF6SCQhTUNxC6X%2FuJ4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea92ab75687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20210608/3334246/d0571bf926d3670044ee6d5353e7f8a5.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210608/3334246/d0571bf926d3670044ee6d5353e7f8a5.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210608/3334246/d0571bf926d3670044ee6d5353e7f8a5.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240126/4846192/e26f668adc05d6c71fd92daa585f39c6.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240126/4846192/e26f668adc05d6c71fd92daa585f39c6.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240126/4846192/e26f668adc05d6c71fd92daa585f39c6.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-ab93df2e.99d901db.css

172.67.134.207

200 OK

7.3 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-ab93df2e.99d901db.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (7319), with no line terminators
Size
7.3 kB (7319 bytes)
Hash
6657b951a744c6bfb0b5f4dc98d29292
8e282269ffe324ef0aba9fd2d7652c2b693e8f9a
4016899c270f4cad3a3e27bca421ee8116fbaa52993745b8034093c9e96d31fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-ab93df2e.99d901db.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1c97"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uNBoiLzNu6pi8RbM%2FJnRzoZ%2FycpDKskg3OCZkxqgBqlBm3BWSq6V8ycyhkKRI0cOwVf1RqF0qKt3pqSZ1YfpvKetBKKlwzxiGNlLDhp2sCtJva5DN%2FIuKfKsJR%2BznXYLmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea5be085687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240509/6203875/066d143796f6084890965b87332063d3.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240509/6203875/066d143796f6084890965b87332063d3.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240509/6203875/066d143796f6084890965b87332063d3.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-302f99a7.38f83ba0.css

172.67.134.207

200 OK

612 B

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-302f99a7.38f83ba0.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (612), with no line terminators
Size
612 B (612 bytes)
Hash
09bb70f6f2f2be4e72d039b8f71ffc5b
7977d152e6b9539e8062a64a3b7d2cff2c7ea656
5f0bd676ffe342397358cfe5949ef0c7f2c9f3f3390673f0ed20bc2930073fc1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-302f99a7.38f83ba0.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-264"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSOZVDcfuVmgzSlhIgSHC7epE6%2FUzEmGSx8VC%2FnDjDBH1xAF1L1UWxaJrttauYU6kYZutKbGpk44h5B%2BVe%2BTR7EssrE%2B9ZDpeh%2F7K6PMDLTdhKma5ywJ8azgccWS6fUV7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea0cf3b5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-e6fc0238.28f42ed8.css

172.67.134.207

200 OK

667 B

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-e6fc0238.28f42ed8.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (667), with no line terminators
Size
667 B (667 bytes)
Hash
b5207aca312dec3b31fbc88c36fead6f
bb01f12068537255142aa78309795e906e5e40e8
4ab809827b7802a7596da0933ca181c7e55a82fd0be4fdf93d59cf018216d4e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-e6fc0238.28f42ed8.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-29b"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DQW1%2FJlsjO8RZC2%2FfvWv3ajBSeCdYIW9t2o62rPLgyRiPvrrgH%2Bl4bJrgC%2FA1jsae4ovMT%2B62JAQix25TxbW4T7BCgfgcqE5vhnEwIcZWozvGeWnH%2BwlE%2BsJyzC7Ykwubw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea708055687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-78d4770e.0fcbbe03.js

172.67.134.207

200 OK

15 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-78d4770e.0fcbbe03.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (15241), with no line terminators
Size
15 kB (15241 bytes)
Hash
ec004905266e20ddd6ae77fadfe51481
253a3b9165d7e900196d565c776fc476f60ca02b
149206719c9dfde3a83ddeb408f350f76478091b7010f01be2aac9a4af9d1ca6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-78d4770e.0fcbbe03.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-3b89"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bcsQ2msBvpwHpdDCleKdHE0YSUK1L5VCo8qWgxAv0C7HRZDDzWvXfyrrAsATDADNKojfvXs%2F5sPQOqBnhcYHThYIrb9Rv%2FFhlE2ZX6%2F05a2IzL%2BqeebeaO5Pwbgh7e7b3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb0ed435687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240510/6206514/df5abffac5d3ceb402c48d7739fc35a2.jpg

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6206514/df5abffac5d3ceb402c48d7739fc35a2.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6206514/df5abffac5d3ceb402c48d7739fc35a2.jpg HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-a6bce218.b141228f.css

172.67.134.207

200 OK

3.4 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-a6bce218.b141228f.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (3381), with no line terminators
Size
3.4 kB (3381 bytes)
Hash
fafd2b514373b4421d2de7ed71397931
09279db6d17980cc00813937157bf6920de91d89
4b7def0117c3c92f7cc15d195d702d7fd905450002bb2568186e324bf9b8b320

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-a6bce218.b141228f.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-d35"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oE14TUz7g0jL9A55Ny8sTDL8LQKrtiF0ryrwNtPDnpll4Ghdgq91qll9hG21lrp17trBioeeIlMCWS3pRGL4mULjq%2BHRvpzSEFF6W3wZ1QAnHHcVJOQnPhoGzXIGLH1uIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea48c815687-OSL
alt-svc: h3=":443"; ma=86400

api.3hfdkg.xyz/api/community/index

172.67.174.98

200 OK

11 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/community/index
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (10560), with no line terminators
Size
11 kB (10560 bytes)
Hash
270b2f874e0cf7c48b0ad2837995565b
c34a9becfd13f86990e8d1b36f2310b02ab2bbca
4c65133f4d9e82221adf68a11bb5aa74c70fcaf78bb42f78032fbcdfa9a6d703

HTTP Headers

POST /api/community/index HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 261
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aObAZkfxefbCCjyTVGEog%2FZmMDzC0fl0dLiP%2BsoYXkyLAQ9s%2BYjlSqQMMudOGtjtPNGv2Qg8mvmOzWcTcJ0sLrAOc0%2BsT7FJTSOuINXY9VeMjrV6D%2FU8sWgFe74jPH%2FVgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe84fa535690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20240510/3310463/d37ed89a9132db1e8f16cd0c312da65e.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/3310463/d37ed89a9132db1e8f16cd0c312da65e.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/3310463/d37ed89a9132db1e8f16cd0c312da65e.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-74926972.26f230c4.js

172.67.134.207

200 OK

65 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-74926972.26f230c4.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (64884), with no line terminators
Size
65 kB (64884 bytes)
Hash
60c7a8004abd1c9bf703974cad15e523
e57e1e9a3b94e18ec8b63e0e7700d95ccca0e0b8
29c2a0825e3f305800b3f7c6d4dbb570180518c5b390a46ac7e33aea7f1d51b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-74926972.26f230c4.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-fd74"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=leQA6KsuRonzdkO%2B%2Fvvhjb4VD7O%2FKy17i8MT46xyqqugiO0C%2FjxTsLB%2BRyP0esy8VEytgOMFylBi2TrQXKCmunQwRaYMcMY3AM%2B%2FDGWdTjcBBEcT5S8a8%2Bk9VTpykE0WHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb0bd0d5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-120e0e42.8abf20b7.js

172.67.134.207

200 OK

27 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-120e0e42.8abf20b7.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (27391), with no line terminators
Size
27 kB (27391 bytes)
Hash
dc475a82e1b9e5f0caf2012623af6fe6
39ca5887136a7edb6dd56bba3570f0ac1e64a29b
3f36ae83303b015110faf60654c1995293f622214f84d4d3363412889f41def3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-120e0e42.8abf20b7.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-6aff"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6R8sLCjF1LK9ysFHM1KozNQEgdStOQ%2FmFn9UnmvH2vtehYaosuv0ZaeAhhyMrrFg6RfolLU3HlY9oyI%2BI5CBu8i91kVRXiM3NrupLBZGgUMD%2FmstnS%2BK7801BZtKkrAQvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea95ae35687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-0d3a462d.9a835d77.css

172.67.134.207

200 OK

5.1 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-0d3a462d.9a835d77.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (5121), with no line terminators
Size
5.1 kB (5121 bytes)
Hash
a7e67cde7f0774892aeddced9338b6fa
0f64d1e5d7c2ad5fb67e4231a67df7cc608839b3
16481d36d376cca4a98dd391cd21a53e4d00a73b9dfcc13e991100fdd822ff66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-0d3a462d.9a835d77.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1401"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=221oPZRkKUjPyBvyAsrr2EuwWW20X2aQ2vHdhh0U1kaPsD3%2FT914HeracuruyYMnu2jUmR7pqQ9K%2BN8DOMI0i6TfGDZ26%2FL8pwW5Big0huT27ryMxZaiJ3o5IhKPaEeG5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9e3b8c5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240509/6203875/dd3f9c21b747787c70e1a7a2992277b8.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240509/6203875/dd3f9c21b747787c70e1a7a2992277b8.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240509/6203875/dd3f9c21b747787c70e1a7a2992277b8.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/3310463/9d0e92e2d792c2c884f3347256a9c6cb.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/3310463/9d0e92e2d792c2c884f3347256a9c6cb.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/3310463/9d0e92e2d792c2c884f3347256a9c6cb.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-1ffb7c92.f9b9bd76.js

172.67.134.207

200 OK

19 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-1ffb7c92.f9b9bd76.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (18904), with no line terminators
Size
19 kB (18904 bytes)
Hash
94c4032a974f085fa21e983daf9b6d1c
1024fe9046735c89860f0d4ed91f93c5c1af8435
2df05ae0c050d5c559822a901d2989518937cc04695fd5555286efa17ec10d21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-1ffb7c92.f9b9bd76.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-49d8"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sLNdplD%2FAyb1i%2FRnjrNBddDNHifSbeD5pcsHA1ZUAE7OmXcLacyEHXkGJ%2BtyQa8EO34ky8dAeRuD3odwbtpCF7ULAJFY52ZBBjcHig6RySf917yyZFyz1kgoXmFWQbh%2Bhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeab2d715687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-67cf1e82.bda30ed5.css

172.67.134.207

200 OK

20 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-67cf1e82.bda30ed5.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (20167), with no line terminators
Size
20 kB (20167 bytes)
Hash
de0fba14bf1a0d5ced8d3882cf661f44
0ae19bcc388afe4c4beab13c52862bd30698af51
323650dda42ecfe9e931aba1acb76882c8e43c1de115485aba22f5fcee1b4a91

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-67cf1e82.bda30ed5.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-4ec7"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cozkyFgIoZbXmGOBidieGmC7cJi1tDMrnKAqrbo%2FhjP5z2LLW8UsTx46XlchlkwbU2oeHxWkOMwourprEhNTB3Qyur%2FXSCwS8EEBR6u2KJxumP50Vnyxs0%2FhzQSBA2ZAlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea41ba45687-OSL
alt-svc: h3=":443"; ma=86400

api.3hfdkg.xyz/api/attention/hotAuthor

172.67.174.98

200 OK

2.4 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/attention/hotAuthor
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (2432), with no line terminators
Size
2.4 kB (2432 bytes)
Hash
123c18a6efa51409d115404427688d83
1fb233e2c3e2037e5b3db3f13105675903871d80
9021cf5eeb81ca637b595a712a553d6fe860f1a9a4f4a66be5810a1232f883b5

HTTP Headers

POST /api/attention/hotAuthor HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 229
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lT3uFMHmjBh6ym8uD4cG5ya31YcyH%2FMn2X8gC2bhrLf%2FUyLT5iSzCreyGNLUJhSp89L7M9CP0b5S45HSAPRHtrxMMw4NXjSyP8P3OI05Sx9UL%2B4rWbHnC1U2i6bUkQNz2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe84ca0c5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20240510/6171485/c35a4744c34a98a607056f3128dbc233.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6171485/c35a4744c34a98a607056f3128dbc233.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6171485/c35a4744c34a98a607056f3128dbc233.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-6bae4258.1673fdf8.css

172.67.134.207

200 OK

1.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-6bae4258.1673fdf8.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (1214), with no line terminators
Size
1.2 kB (1214 bytes)
Hash
d49693a52c8922b4ae56af7e25f1c2af
55e546882e97e48b584a8a741f3cde45910f8fd2
b2b15ad73ac2868f24575490b6d72baf1c7eb58645251863652fe12927712182

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-6bae4258.1673fdf8.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-4be"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=44H5ktD9OYv6Ac39hyoP25WzxHl252ql9kHYwXitFsSTYN38yt5kwp9kKTaX8wvFRVWnaum%2BhQV6yQ3LQoKp3q88ORnHa1m2pGxTDMUllDzkZAnppgS93hBPUUAIhm2z1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea44be95687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-eaa5ddec.e16344fd.js

172.67.134.207

200 OK

3.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-eaa5ddec.e16344fd.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (3420), with no line terminators
Size
3.2 kB (3162 bytes)
Hash
10e6621799313a669d1934e56e681d45
676c8b74dec069744bd4c7275810d9a7bfeada55
6ccf609adda243956f2c7989b1f6f440e7e49196d9f17e1e540b0de17d7d0a02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-eaa5ddec.e16344fd.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:47 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-c5a"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ttt%2BwjUTphadbtC5Vyi9hGWaxNiLBCjQp%2F3raQematdonoHDlww6%2F8uj9i5y%2Fem4avU%2Fyvjh%2F5x%2BW8q0KQfOCQ%2BKF4btHpNyoftgtBrEsrh88tgiBJ2JHCVfvV0sa6%2B%2BBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb409155687-OSL
alt-svc: h3=":443"; ma=86400

xkm.covers.zhgxb6.xyz/uploads/avatar/20210409/2328509/a8a0ecac198e9506173082e4cf8a1fe7.jpg

54.230.111.97

200 OK

159 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/avatar/20210409/2328509/a8a0ecac198e9506173082e4cf8a1fe7.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1452, components 3
Size
159 kB (159385 bytes)
Hash
695ade2030cd7affe3d42fbd905094f2
5855983b63fca066e1e717d6217ffa96f988f15b
c6135e85140db7db94119932f1207ca40251fa8510283a6cad9db865d8fbf18c

HTTP Headers

GET /uploads/avatar/20210409/2328509/a8a0ecac198e9506173082e4cf8a1fe7.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 159385
server: nginx/1.23.0
last-modified: Fri, 09 Apr 2021 05:35:21 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 09:54:01 GMT
etag: "606fe799-26e99"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tVdjXjNuDINfahQ43JjP2EOrwthVLW_iAdRaf0PGUeKNh_78X3vvwA==
age: 28298
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20240510/3310463/49998f76f8a9b2d42721bb808809b0c5.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/3310463/49998f76f8a9b2d42721bb808809b0c5.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/3310463/49998f76f8a9b2d42721bb808809b0c5.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6181427/99386b0a03a18f08ca2f588d474da663.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6181427/99386b0a03a18f08ca2f588d474da663.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6181427/99386b0a03a18f08ca2f588d474da663.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6206514/49aeac77abf29968a75572e92190c1d7.jpg

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6206514/49aeac77abf29968a75572e92190c1d7.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6206514/49aeac77abf29968a75572e92190c1d7.jpg HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

api.3hfdkg.xyz/api/domain/address

172.67.174.98

200 OK

928 B

URL POST HTTP/2
api.3hfdkg.xyz/api/domain/address
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (928), with no line terminators
Size
928 B (928 bytes)
Hash
70dac1988f69e3884752577e18b44203
257f7e9cb9aee889e8c0ac48dea22db6e3e63608
c54c61be0ff8e5bfa547139f267843fb13f58a94d4b89556cdc916a0197ba0dd

HTTP Headers

POST /api/domain/address HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 229
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GtNL320Js1eGUWfrhfyQGwpn5WyvciYmNWN7V92JrWzmbOzu8aRMOy1xb1IfaFYUkao7LRUsIgxsfsiXkCnx0ygR50IJQQGxgP55NdYaGISjPGMYsVPxYSyXxWQ25LrX2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe81de6d5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xkm.covers.zhgxb6.xyz/uploads/avatar/20210523/3334246/3cbe98c871560ae1982cfc1ab79957e1.jpg

54.230.111.97

200 OK

75 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/avatar/20210523/3334246/3cbe98c871560ae1982cfc1ab79957e1.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1074x1732, components 3
Size
75 kB (75446 bytes)
Hash
9decfb06efa163f07211d8e1a77d4095
64fc8295c89a823a4b57ce85ef51770ccd7e1f7a
b6cb6fa6110f63eabd3d9171c7a3d897d9a94779e21ef175356bb5f7d92fa408

HTTP Headers

GET /uploads/avatar/20210523/3334246/3cbe98c871560ae1982cfc1ab79957e1.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 75446
server: nginx/1.23.0
last-modified: Sat, 22 May 2021 18:47:32 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:40 GMT
etag: "60a951c4-126b6"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FJEWbrOQtU00zD3Eb_M3o6_HeAnOfgqVInOXR7TQbI9McBZcHg17tA==
age: 18081
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20240510/1269233/1b310f9ba575e3dba1b2d85a83e7c2e2.jpg

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/1269233/1b310f9ba575e3dba1b2d85a83e7c2e2.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/1269233/1b310f9ba575e3dba1b2d85a83e7c2e2.jpg HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-554133ca.0e3875a9.js

172.67.134.207

200 OK

72 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-554133ca.0e3875a9.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type

Size
72 kB (71703 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-554133ca.0e3875a9.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-11817"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FKiQjHmctPOUTYxSz8Nt5bv83snSIc6SFGkR9TlFVHUCfLr7PDvxsC8KZ8NG5kFkhV0KJ1jE7vPnC3DMaRBt83NUrmQUp8CDOHWPv8RmHb0Pe37qzufBekLPlni3n8C4nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeae8a165687-OSL
alt-svc: h3=":443"; ma=86400

ad.xmmnsl.com/uploads/images/1710583983.gif

194.53.53.6

200 OK

253 kB

URL GET HTTP/2
ad.xmmnsl.com/uploads/images/1710583983.gif
IP
194.53.53.6:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subjectxmmnsl.com
Fingerprint8C:DD:DF:8A:81:DB:15:64:05:25:3F:E8:EA:4F:0C:C3:59:AA:0D:51
ValidityTue, 02 Apr 2024 10:13:42 GMT - Mon, 01 Jul 2024 10:13:41 GMT

File type
GIF image data, version 89a, 738 x 369
Size
253 kB (253027 bytes)
Hash
2bf6e158e531d13fad373ddc46e48221
c5be2a52c7d28a0e72a4ba6f292a48f1c98b2fdd
fd431d1ba5809252158b71680201f8dad4c5defc1f64008e169b20900fffcf76

HTTP Headers

GET /uploads/images/1710583983.gif HTTP/1.1
Host: ad.xmmnsl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: image/gif
content-length: 253027
last-modified: Sat, 16 Mar 2024 10:13:03 GMT
etag: "65f570af-3dc63"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0YQPZTzu01pHSJg1YSSChWlQ6ilFd3f2EmQ%2F6DE9aAbAZBtNNsFcdTXBl6aFkoFqdgWZBT44309WWHpyZ7ntJsUyILS74pENRtk3X4u%2FKNDpX8dxMJik88GPkwxg%2BVDZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe8aee0f7131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

9irrkt8b54.xyz/pc/static/js/chunk-5c94de6f.214ff52a.js

172.67.134.207

200 OK

6.3 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-5c94de6f.214ff52a.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (6712), with no line terminators
Size
6.3 kB (6258 bytes)
Hash
8db55b9a94f8e2589a82e871ae44f78e
8cc04735554c049ff49b7cf879878cb801c1510b
63ca94c511cb70b953b9ba19dfc2a6ad8904da41f508c0307d2dfb649bd01782

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-5c94de6f.214ff52a.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1872"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tmNcKoGht%2BievbC3jzFScPZAHxP0rJlhhUpXQOVjL4w%2BYAQuXbPUexOhMYOHgf%2BKUHP7UOzzk7HFwp6JAOnutQzCeA9Q1SLLJVkg3V0aZZ92BWxX5bY3z6%2BoZWMaoL4umQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeaeca945687-OSL
alt-svc: h3=":443"; ma=86400

www.shareinstall.com.cn/js/page/jshareinstall.min.js?v=029df97f0a

0.0.0.0

0 B

URL GET
www.shareinstall.com.cn/js/page/jshareinstall.min.js?v=029df97f0a
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/page/jshareinstall.min.js?v=029df97f0a HTTP/1.1
Host: www.shareinstall.com.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20210610/1310847/099edad16efac5cdd1e5ecbdf86fa23b.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210610/1310847/099edad16efac5cdd1e5ecbdf86fa23b.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210610/1310847/099edad16efac5cdd1e5ecbdf86fa23b.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-ee2cf450.6c76db4c.js

172.67.134.207

200 OK

8.9 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-ee2cf450.6c76db4c.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (9635), with no line terminators
Size
8.9 kB (8855 bytes)
Hash
45757ade6df22eb7ff42e9a833b25fc2
fb1757751141412f0380fcdd7b41f9d8abef140c
580858b1c682fb7e19fa198fea40a71b9efd228fca59482f7460293017f9b9cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-ee2cf450.6c76db4c.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:47 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-2297"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxPN%2B8BzCalgnXxTw5O9aY3363SW6jHua3Flz4qwldXy3hswCyogbx9Q4ZN9ip3jHSH1fm2PdvxGjwkwMBM54yClZMwQDiQ5CLGrRdCX0yP9uHrahjWKBKy%2FGIWOIuUXlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb479b25687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-60cffffc.9d48ed83.js

172.67.134.207

200 OK

71 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-60cffffc.9d48ed83.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type

Size
71 kB (71407 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-60cffffc.9d48ed83.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-116ef"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eJVrhpAl9PfjL0p2znuF%2BodSXL61i6eksPgUiccJtLVe45br8RJRluJExeJwfEbED9sP6bJydMeqFPOys9PCrGGr%2FUnore4uTI9aC4kOrxBoPk0yVoam5ZhaGdOdhTzzCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeaeeac85687-OSL
alt-svc: h3=":443"; ma=86400

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6198399/9e1163b08b327f2a2c2c04e158209708.jpg

54.230.111.97

200 OK

52 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6198399/9e1163b08b327f2a2c2c04e158209708.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1280, components 3
Size
52 kB (52306 bytes)
Hash
6a12d17ad11b5a3052efc4c13a9da59a
76245f17ce7f738bb7ff14fc53cf1290c9de363f
24c70afc269e2fcd572794907395a8755a3369f89c21f9b1a01f066cd34469c5

HTTP Headers

GET /uploads/cover/20240510/6198399/9e1163b08b327f2a2c2c04e158209708.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 52306
server: nginx/1.23.0
date: Fri, 10 May 2024 15:50:50 GMT
last-modified: Fri, 10 May 2024 15:47:10 GMT
etag: "663e417e-cc52"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KhYPOH2WIuVmeyoZuqOCgu9C34IVgJ2BDbYrFnq9BmFVTl-OrqB9Ag==
age: 6890
X-Firefox-Spdy: h2

9irrkt8b54.xyz/pc/static/js/chunk-11d6eece.3454dce4.js

172.67.134.207

200 OK

553 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-11d6eece.3454dce4.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type

Size
553 kB (553430 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-11d6eece.3454dce4.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-871d6"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EX1n36sna79a1MevDYU1BjApe7LWVko9CqZcZN9Ag3bVN4%2F1T%2FmWacVT%2Bv4sKCE6wfhoPulj9DSoD9ISDvz1l2WSmxD3T79u9CmzTvPmrk6WVBJ8If14NpRQWbx2JB%2FXEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea94ada5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-d5a2dd36.18566591.js

172.67.134.207

200 OK

6.1 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-d5a2dd36.18566591.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (6393), with no line terminators
Size
6.1 kB (6053 bytes)
Hash
063a53f9a11bdc0250d74d510cc9be4f
58f088d11d6e85fb702d9c7534b40fcca8894c4c
50df09c35e70b8fe38376ea2ea0bd94e73d17a2fb2e4f074f3cff98f50493cd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-d5a2dd36.18566591.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:47 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-17a5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0SX394S%2FsFBQmSSL45NXKewEOmzw%2Fr7Xgz6C%2Be93vQLiNAmw96IRMMcGpZtd75p6aB38WBK8paJh6bEDC8Cg0IwuDLcswEF3bJwwsyqkPo692EMh3wStro4%2B7E9%2BC8vPhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb358375687-OSL
alt-svc: h3=":443"; ma=86400

xkm.covers.zhgxb6.xyz/uploads/avatar/20210221/2481807/9905c6a3438dac54198ca5b5f8cab3f3.jpg

54.230.111.97

200 OK

77 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/avatar/20210221/2481807/9905c6a3438dac54198ca5b5f8cab3f3.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=0, datetime=2021:02:21 19:53:36, orientation=upper-left, width=0], baseline, precision 8, 622x678, components 3
Size
77 kB (77197 bytes)
Hash
dcc3ced53e5799c0cb247558113874a9
9a725f6055d529dcb126268c343f9baabd5b35d0
46ced39c223f0b1afe714cd31ed9cfe367e282cc8c4d0010690701147eb4d1d7

HTTP Headers

GET /uploads/avatar/20210221/2481807/9905c6a3438dac54198ca5b5f8cab3f3.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 77197
server: nginx/1.23.0
date: Thu, 09 May 2024 19:22:55 GMT
last-modified: Sun, 21 Feb 2021 11:54:02 GMT
etag: "603249da-12d8d"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: znmbTq4cT4urTnR7O6ggUeL8Ob_BBciK89LSBmo4OQyhImSor1Xvpw==
age: 80565
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20240509/6126447/d2738001cb6111212e97ceb0295857a0.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240509/6126447/d2738001cb6111212e97ceb0295857a0.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240509/6126447/d2738001cb6111212e97ceb0295857a0.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240128/4846192/ecfeea44d924cb941ff87acdec986d91.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240128/4846192/ecfeea44d924cb941ff87acdec986d91.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240128/4846192/ecfeea44d924cb941ff87acdec986d91.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20210608/3289158/88d778a91cff455bf52a6ee460a13ade.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210608/3289158/88d778a91cff455bf52a6ee460a13ade.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210608/3289158/88d778a91cff455bf52a6ee460a13ade.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6204628/06890f725b9b84dc9800437965dff485.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6204628/06890f725b9b84dc9800437965dff485.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6204628/06890f725b9b84dc9800437965dff485.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6198399/9e1163b08b327f2a2c2c04e158209708.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6198399/9e1163b08b327f2a2c2c04e158209708.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6198399/9e1163b08b327f2a2c2c04e158209708.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6181427/99386b0a03a18f08ca2f588d474da663.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6181427/99386b0a03a18f08ca2f588d474da663.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6181427/99386b0a03a18f08ca2f588d474da663.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

api.3hfdkg.xyz/api/banner/index

172.67.174.98

200 OK

8.0 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/banner/index
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (8032), with no line terminators
Size
8.0 kB (8032 bytes)
Hash
2f3252a961ae08a0215543bb202e38de
0326f9304882ba4804c659d1b694ab91d450b9df
cd396a52e78feeef041d3226ca6b98e323c91f24f8f2a2bb8c74f6a2525df8e4

HTTP Headers

POST /api/banner/index HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 229
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oPbbK0ypsbnAuiRL%2Fy%2FtFjfZtqvf7l1cScjWpFYtAaUHUjH9L%2FDyMFoKQDmFXVAycAJgCvVwasSLBu7xQwC0gRtw7hJlXH%2BkoRaTY7QvMiRR%2BLbEk18uQEJ9OCiM9%2FNurQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe84a9dd5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20240126/4846192/b68435161605361e0aa0a460311ab02c.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240126/4846192/b68435161605361e0aa0a460311ab02c.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240126/4846192/b68435161605361e0aa0a460311ab02c.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-04387844.862493df.css

172.67.134.207

200 OK

3.1 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-04387844.862493df.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (3109), with no line terminators
Size
3.1 kB (3109 bytes)
Hash
36781e0a7c7a46021631f83ad202ee79
69231fb15578b5694ae0de0403bde4efbd00f266
00d999ae2411f7648a3c44ec6f4cc641b8ffc221b4eeb720108c82f13da53fa5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-04387844.862493df.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-c25"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y34aqVzS2SpBF1%2BDcuaf0naIL7JTWpNdegxoWkYAUnJ2jkPDvITHTeTK%2FfuCp9AOFknt3tEMwrvbLr6z21LJcpLl8IbhNXzUssnKevW5YoNaWtU9VqUDfMxoyUul4YIuvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9e2b815687-OSL
alt-svc: h3=":443"; ma=86400

xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/e26f668adc05d6c71fd92daa585f39c6.jpg

54.230.111.97

200 OK

35 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/e26f668adc05d6c71fd92daa585f39c6.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1264, components 3
Size
35 kB (34970 bytes)
Hash
55a4d3fbde4e66e017ed845571bbbc3d
39fbff54e07e30c09abe72e2f13cace036ff10df
5dec564476ebde3cb01ca29d8e4812276be0b6c547ab283022e02bf8345dd4b4

HTTP Headers

GET /uploads/cover/20240126/4846192/e26f668adc05d6c71fd92daa585f39c6.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 34970
server: nginx/1.23.0
last-modified: Thu, 25 Jan 2024 16:51:42 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 15:00:03 GMT
etag: "65b2919e-889a"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mbqdHixOCEqUk8c0_lcVyaIb-i1sPQui56-IPCFCGNR5PqXaeQcyVw==
age: 9937
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20240510/3310463/c716db69417957f49ba2a8e5d89728a2.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/3310463/c716db69417957f49ba2a8e5d89728a2.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/3310463/c716db69417957f49ba2a8e5d89728a2.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-78d4770e.145b798b.css

172.67.134.207

200 OK

5.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-78d4770e.145b798b.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (5163), with no line terminators
Size
5.2 kB (5163 bytes)
Hash
d38b82ad5d230e7b221fd379390a03fb
33c4bab7184ca12c77afb71b495f6e34dda28c60
055d96e4ed5147a3239c3246ffe51bfa46d34b0c7ea60cb1c791f89e0fe138ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-78d4770e.145b798b.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-142b"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n8UKq09o7ley0DNu8s5bpGHOfkQ4QPvkZuo2TfaG%2F3y4eMQlpepGN4BaW2IK%2FRua8pBijyU31AXiIswXCeBudETQvRE98oovwh2NdebxtvpPsTgM8vCsjmuDXuvGqHxxmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea47c235687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-aa84ddf2.9c1b4d41.js

172.67.134.207

200 OK

2.7 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-aa84ddf2.9c1b4d41.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (2948), with no line terminators
Size
2.7 kB (2718 bytes)
Hash
5c1d5bec35b152cc51879b3e029a4ee8
3d5e8bfc87ba0614842314996d24dddac68c1da8
b893c3e23e5ba1be5b14610107b58ea597acbfce55550878a66a4271774b6114

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-aa84ddf2.9c1b4d41.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-a9e"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6F9MniICu57sQO4wVf1ulpY%2Buc6JR3q39sLgUH5Jldu1TfzCqAGLMoV4pSqjRqGQROvlueJKBTGaK%2BqdHm7TepO0WXe2XXBImY3eUjdTblONdskVEH06QbB%2BEVHNry6qjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb16df95687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-ab93df2e.8a295cf4.js

172.67.134.207

200 OK

34 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-ab93df2e.8a295cf4.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type

Size
34 kB (33996 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-ab93df2e.8a295cf4.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-84cc"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nNsrCxCzSqj4EYMRw6XwiP4kGBFvp%2BAULHfTI3H0IIcvREKWxYazQOxbE1yQBOsV948djr6Y2TMpNrcLEPbwHu4CmY07do59%2F5bN77jk%2FrAtMDx%2BZmJrbQ1Fx4%2BW9vLJYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb24f015687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-507e226f.f80252bd.css

172.67.134.207

200 OK

9.1 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-507e226f.f80252bd.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (9120), with no line terminators
Size
9.1 kB (9120 bytes)
Hash
a0c27c5bfa32190f654eefc15858a8e6
7e45a17ee1e644d7e762e8bc0a0600a3ec8690ef
7b13b36f59d9754ac835f3f203e55e1c0026d4f656b292e348445e7c7a38421a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-507e226f.f80252bd.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-23a0"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kFs9IlOJKXI7W1o%2F8b27NtIbq8HsdBpoe8zgTpUtauTG98TC6m7J4cubSItfSSEu0Qajvo2ogpHBjzDj2DCv35sBliDcUiDm0aWwtP%2F5HC1J2chNN%2BEjCmyKq9Ppwea%2BMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea2c9db5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-b749568a.006337f7.css

172.67.134.207

200 OK

8.6 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-b749568a.006337f7.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (8623), with no line terminators
Size
8.6 kB (8623 bytes)
Hash
96dc8f384909abbeaff8dde7f6e23a8d
cf112de76efb0a73f15cbd1f6a1acc1b3b2525f4
6c8aba2ba19eb8156e83347c5b687ad8cb71ca40aa9747060b1c97f6e4a69626

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-b749568a.006337f7.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-21af"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xw%2Fsd2ra3irxWAt6ZvCrQhkcWnZFOu%2FXmbJFD8EJMCdi6typuOUTKaj9NyWNjxHbEsOYNyXE%2FKeciEc4oLH4F%2FmF3a8yez96c%2BQeq%2FVHG5lHD3VB5CU%2BcSxrg6snEOCTUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea67f295687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-e6fc0238.72cc2efb.js

172.67.134.207

200 OK

1.3 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-e6fc0238.72cc2efb.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (1451), with no line terminators
Size
1.3 kB (1345 bytes)
Hash
e09455a0d31afbe94dd57b100d2a4f0e
61dee38636337e2f65ac4fc2def4ffd43c73479c
664f8fe99f69cf490e26cc5824f0d2b0967cbb844f1aec3a0d386c901edfe20f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-e6fc0238.72cc2efb.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:47 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-541"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3EjCoHvggl%2B6S3oTzAOFd01VWhKt7oMZNckrZR1WZeMXTDFAYN1JhOQDBra4SdE21gIR40WrVVbYLVZYaRdpp23QPi20%2FGuB3XcFAi6lRqh4zgKMe33HlHx3CxTjp8vGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb388725687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6181427/eafdde9c0bb20be20f2d84a4ad3b3af0.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-19ba64a7.57619d59.css

172.67.134.207

200 OK

7.4 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-19ba64a7.57619d59.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (7405), with no line terminators
Size
7.4 kB (7405 bytes)
Hash
050dd7dbcd974f0d5457dc23d70ee5a4
ad224af38025da6ca9fd677cee5e6d7413177377
4ee542d49b8d7ff003d9d25b14d8dc152ca4bdcaa2697c65d5a5880307c12152

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-19ba64a7.57619d59.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1ced"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iTN3k1SOYXkbCSF1f7xiXOKpqQGjE7x21Bgntsi9wH8ZJvMRg9nSNJM%2BEkCIhkQjuXbKJOjXPoB7fb9V7bfbV7TgDQdie2f7XZqgUyKUR8dmfucq2cvmXvn0ZRZmX5pShQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9e6be65687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-0afebd40.4ead6c0b.js

172.67.134.207

200 OK

1.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-0afebd40.4ead6c0b.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (1256), with no line terminators
Size
1.2 kB (1170 bytes)
Hash
19f6290e9fb4e109979a425a496c1547
ce67d86fe855d5a28b0cbfb885852d8d2213979c
0a9d1d8b8a05125e80de7237df4b0857c4f3b1721f486f3d7e4322e843a3d408

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-0afebd40.4ead6c0b.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-492"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N7Jl3NzaY6ok1MPN%2F8S6B8nHqHWEb2B%2FXlvaUiA1G3NVOpQFTxkEAVOcPch47ekehsjKeRjO5tWNFLinIaNTL4%2FdH49QsizW3xug%2FDdwpGVuQkHZDpO9E%2F1o%2F7Z52rKgTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea8ca145687-OSL
alt-svc: h3=":443"; ma=86400

xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6198399/fa171014d56dd90d81a313b6f7cc1eb2.jpg

54.230.111.97

200 OK

96 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240510/6198399/fa171014d56dd90d81a313b6f7cc1eb2.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x1278, components 3
Size
96 kB (95464 bytes)
Hash
b13c69427db2b7ee35646992d0e5c0b5
79997c2122f482e89f67b2d142d689e32ffca6b5
61b42d1be60341f562f9dfcd866ddf9543d7646096a9b5314bbbf1d58c5b9552

HTTP Headers

GET /uploads/cover/20240510/6198399/fa171014d56dd90d81a313b6f7cc1eb2.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 95464
server: nginx/1.23.0
last-modified: Thu, 09 May 2024 16:05:42 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 17:45:41 GMT
etag: "663cf456-174e8"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3al-O31hYE7ZSXC5zC2I-oB6akkx6kycZ7o4_vw1dd9FoExQIY81HA==
age: 2936
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20210609/41012/6eb8f48735ae4fa77e2601da1b690c2a.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210609/41012/6eb8f48735ae4fa77e2601da1b690c2a.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210609/41012/6eb8f48735ae4fa77e2601da1b690c2a.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-42977179.b4b643a1.css

172.67.134.207

200 OK

3.1 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-42977179.b4b643a1.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (3096), with no line terminators
Size
3.1 kB (3096 bytes)
Hash
2173e821c1445c0b62657b9fd09f000d
d461cc617fb4f0295620521bbffa67812e660aad
fec72ae7a9833e1a5bf82523398bada77755559ea48e7662485fae3c2de5645c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-42977179.b4b643a1.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-c18"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Na9WLR7Boa0fxo9IrHvqGlfTlYhzhRj0hQlIFUhgBqpO%2BBLEB1x78ie9O1PCQtmJOUXkNgT6N5JiC3OTCE%2B%2FWzn2sWongEQnsxLWwt3489TL0XMKYwAL6v%2F2n7ZmrVUeAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea0ef665687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-1ffb7c92.9d342eb2.css

172.67.134.207

200 OK

6.4 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-1ffb7c92.9d342eb2.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (6396), with no line terminators
Size
6.4 kB (6396 bytes)
Hash
4d6c3bdd8dc527259699b322d649f19d
2212af135cfd10f22ff356ea42573403e0424ae0
c0bd640ad448008f9e8285e5c2ba00228f423bc6955f00d14ab5a71afe706792

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-1ffb7c92.9d342eb2.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-18fc"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pg3%2FQHBK2jIxwzTOC7%2B7mp14gwn1khF1yK5UdUcJpPFEhdu4g9q75pjCkDBOapSNb844%2BTQTEAhQi1%2FiUFt2ACW8yO3%2BmjkijUvT7vo9sihcbZlNz9uwDQh3J6kTghEzTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea08ee35687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6198399/01f9ce5b461c11a9dff67be7b752701d.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-42977179.909ffa79.js

172.67.134.207

200 OK

4.9 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-42977179.909ffa79.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (5154), with no line terminators
Size
4.9 kB (4858 bytes)
Hash
b626add2d401c9b342fbe179fa06b5a6
fa0d2dafe9e6f21f6d2800cd471c73b23f24a1da
2b22647076f60f23b7c9c37821bf957a4507e66c7a91e9643b5aac55e8ab6af9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-42977179.909ffa79.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-12fa"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kzLvlRqbu91mH9uF5ih0wZBAp%2BtfR%2Bct3RwPXaDmNCIif5spZUGSX1iuF%2BCGdxjTOjtyqJHc75hof%2F1RG4yJBT7MNf8tiyp0bNuDqp9wycUHASBqiqdKCmmAxY3cz1%2FNzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbead083a5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-50dfe3dd.172498fe.js

172.67.134.207

200 OK

2.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-50dfe3dd.172498fe.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
Unicode text, UTF-8 text, with very long lines (2376), with no line terminators
Size
2.2 kB (2173 bytes)
Hash
0917691d0c7371015dd3085bcac816ae
8f7abdefe1dfab58e3929cabbdf8c42c607c8bdc
90b630e3289e21434113615f54015e81089a0341948ae89e63e07c10816e0650

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-50dfe3dd.172498fe.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-87d"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fp%2FArUhYZa50j9C%2BKV6uDHreAI%2F%2FSofD5629h8LmbybdfWtSaPFqIhph30CgB0kxN22UaO0%2BfuhhcVVzheMuGkOJj%2Fz4LLf6CT6jx1tljzKUoNSjlavdWEmInu5CSrGpsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeae59d05687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-c4830756.37994a71.js

172.67.134.207

200 OK

20 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-c4830756.37994a71.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (20254), with no line terminators
Size
20 kB (20254 bytes)
Hash
3cbd610a737e3ba309829efef0a47823
dec53c8015503d78b67d2878db94a19ca76ee2a8
4fcc12ccc0558e4105b9f4d39fd9ccb96920436308f40791d3825223b980dc10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-c4830756.37994a71.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:47 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-4f1e"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxFJX0nXAtCZu6xAfZB2f3BHsad6MOYGGb5If7J%2FdPAOHSta9YJsKx4hrUWMQ1ZGbJ12NKNRDuyfRiuZGHAlM99Jw4qNPoCl2upNYy5NZi16J9UHZnayHLBKrr5pQq5zag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb318035687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20210608/3182997/381d4e1d1233d28660d7bab5d08e5857.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210608/3182997/381d4e1d1233d28660d7bab5d08e5857.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210608/3182997/381d4e1d1233d28660d7bab5d08e5857.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-eaa5ddec.55eee43c.css

172.67.134.207

200 OK

2.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-eaa5ddec.55eee43c.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (2223), with no line terminators
Size
2.2 kB (2223 bytes)
Hash
48ab087659de85ae93893d37e1733b6e
cbd359399881f47817cdfb2c5d4e4fdc8e0eb3f5
03fe81fec4b2b152fdcfa97df6a5b832fd0dcf486642ddae2d673da43fa66959

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-eaa5ddec.55eee43c.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-8af"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2UaPHcGw8mWSxKSpMp99O6KKVxk4nTZ41PDytldS7cEG%2BiRyf4paOFpszgJGl4RK1Vsi5hcqNJBjWrVG45erVJVUUFYbRXAt0tRtMSDDisoDdnRFLxE356YsoQDWqxUBlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea728245687-OSL
alt-svc: h3=":443"; ma=86400

api.3hfdkg.xyz/api/video/exclusive

172.67.174.98

200 OK

9.0 kB

URL POST HTTP/2
api.3hfdkg.xyz/api/video/exclusive
IP
172.67.174.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject3hfdkg.xyz
Fingerprint89:50:4C:FB:12:BD:DA:21:6D:A8:D2:AA:52:15:10:A6:E5:98:E0:30
ValidityWed, 27 Mar 2024 12:41:31 GMT - Tue, 25 Jun 2024 12:41:30 GMT

File type
ASCII text, with very long lines (8992), with no line terminators
Size
9.0 kB (8992 bytes)
Hash
71ba609e29b96b2a07510795d506c935
551480460065f4e7d747730fcf4e13b0aaeec4f5
9e6290d9d18d7f4cb0be12af5d36ffc2a0c3098bce75827e2d77c8f809ed3f7c

HTTP Headers

POST /api/video/exclusive HTTP/1.1
Host: api.3hfdkg.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 229
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 17:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, DELETE
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uo%2BkJcNtC2gMUB5ws4tJlauICv4VM2gv2S7WXU0BIh%2FN1M8e5gq1R6gkIgoxI40flebN%2B%2BEZCOfw9DhL2%2FEGbXTprhvQLnrOIGztTDDzAe5zT9KRkDsRWSEcwD3dYCNHXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bbe84a9eb5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20210608/2213975/4a70ee39a07fc9e76fea473aac2b1e18.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210608/2213975/4a70ee39a07fc9e76fea473aac2b1e18.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210608/2213975/4a70ee39a07fc9e76fea473aac2b1e18.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6206514/8d770b42da8f70fe9b856d0c59d4df1b.jpg

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6206514/8d770b42da8f70fe9b856d0c59d4df1b.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6206514/8d770b42da8f70fe9b856d0c59d4df1b.jpg HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6206514/99610b9de2cd061b2aac4e52baa6b6ca.jpg

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6206514/99610b9de2cd061b2aac4e52baa6b6ca.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6206514/99610b9de2cd061b2aac4e52baa6b6ca.jpg HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/favicon.ico

172.67.134.207

200 OK

4.3 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/favicon.ico
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
8ad338eda091fce0019e6a8b29d944b9
096bd79c6003d635097d0c088f758b12cb1f55a6
8a10a2a3d22a1dd69f75559d586fbe358081d96c53a905995abb0ccf87cd9184

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/favicon.ico HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: image/x-icon
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-10be"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3IhwZV8DAlqer4AE3kaFWhK8RgSaoSpV3hHT8NIuxr8FA%2F17WGxG%2BZzqDyW%2BSFzq9MCmvAKjTuz29OgufmZmZuTnLF3TScw9pFH23fh%2BWlNQcbJRJ7SGq0%2BOxMBiz2MN%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9b1f155687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-ee2cf450.253a359b.css

172.67.134.207

200 OK

2.9 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-ee2cf450.253a359b.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (2915), with no line terminators
Size
2.9 kB (2915 bytes)
Hash
cc466c9dc8f4cc9af70d1a34006418c0
2b10b01f0d9cf28952b3944572815a5cf24c8939
2a9df459e7283fd4784e52dde0b64cbef55b3dd2bc29150770f4c1ce08390908

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-ee2cf450.253a359b.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-b63"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bfKonWx3m7l4BNpt3Ics3mCX2hlS2zdza1hztTqnSSkzhEp7KNMbXRutCVYGwIGLvunvtB5lAu09HEzXESA2gmgD1C6j%2BNQwgJYIyCLKSHHKxWj7lZQejAJt3wCuMHk6tg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea7a8d35687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240126/4846192/7ef48eb07aff1bb43d7de8ec2af73fa6.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240126/4846192/7ef48eb07aff1bb43d7de8ec2af73fa6.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240126/4846192/7ef48eb07aff1bb43d7de8ec2af73fa6.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6206514/bda0547ea2fd4565951e17e368e4dda4.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6206514/bda0547ea2fd4565951e17e368e4dda4.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6206514/bda0547ea2fd4565951e17e368e4dda4.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-b749568a.ce3a0656.js

172.67.134.207

200 OK

17 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-b749568a.ce3a0656.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type

Size
17 kB (16762 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-b749568a.ce3a0656.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-417a"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DVhleJRqfN8j%2BoC6N%2BwjDpUGuRTpdEVopURL6wjkdiTuCYiAw7%2Frt81b2IEj6JfppIqaFXLPdan1GW9o3bhMzrgvPNeA2FcZoD%2FnLmwrSwagVlZsCBOnwVdO3KIDhiY4Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb2bf8e5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20210608/3334246/3aa3c98890c7bf72df3e696425a67328.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210608/3334246/3aa3c98890c7bf72df3e696425a67328.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210608/3334246/3aa3c98890c7bf72df3e696425a67328.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-04387844.b5fc0ca6.js

172.67.134.207

200 OK

7.4 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-04387844.b5fc0ca6.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7740), with no line terminators
Size
7.4 kB (7377 bytes)
Hash
7a238f49b69ff3ec0e870a814c71bd61
5478e8ae4cee08668a49443c814bf8832bb03eee
73b350916d2d5d98b7a372349939f29e0639284db2ba939e04b96fb1638bbfab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-04387844.b5fc0ca6.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1cd1"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RYGcOkwoAzZxd%2BNtJpmUSWiTlfS%2BR3GMo6NwFPqQYgKybGW6Ju2AEsxVhYM3dTIMrnX1PaUKoIux3T9Wu1AjdskUpjfXioWlI6Ux54WDXUkrl9QCMPJTr9HSIizEx8aswQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea8599b5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-4cbe607e.0aa3ee7a.js

172.67.134.207

200 OK

7.4 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-4cbe607e.0aa3ee7a.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7796), with no line terminators
Size
7.4 kB (7357 bytes)
Hash
b45a2ce54dbc59f337a0a4226262f84e
4b8126e54a56d2fd8efa156a238d63bfb64d08ae
0d11eac6601d0a383465681bea32a15c87288a54703443db6d98eca8754da95c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-4cbe607e.0aa3ee7a.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1cbd"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGw6n0VfzV6Ao8Y5uAXdP7Lmq2gxjAYFjRt1pw4Tu3UjAmxkco42W2HTMDoKnXOiWrdtyqV93pgyZn0nBJEUVlEtSMC3M18bTklXwQCCykKyDkiKg84Wwd2bpAGva5Ss0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbead28635687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240510/6204628/5220700feb51523909e3eeadba4a2a09.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6204628/5220700feb51523909e3eeadba4a2a09.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6204628/5220700feb51523909e3eeadba4a2a09.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-50dfe3dd.d74b6b50.css

172.67.134.207

200 OK

432 B

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-50dfe3dd.d74b6b50.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (432), with no line terminators
Size
432 B (432 bytes)
Hash
0f441b64b4df2776797fec14632e8ea4
823aac2e0a56e680f5963ea97ddd89e9f8cd112a
a7d5d9160470985139159d06e85967a1f768e5f59107e7bb8d314d6731ef9242

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-50dfe3dd.d74b6b50.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-1b0"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=43hDhAOqCxh9M1TNnKKG%2FE1uqkpia0NBXKhgWVD7abbqoa3dbcHNtyzhhTaWm6pFe90r1OzjH2NvOo9duAXpHxRnOXsjj5Ki%2FGMHwogYVyVHV6iT16J%2FYJgQU%2BMum%2ByeZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea2d9eb5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-302f99a7.4fa016bd.js

172.67.134.207

200 OK

6.3 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-302f99a7.4fa016bd.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
Unicode text, UTF-8 text, with very long lines (6552), with no line terminators
Size
6.3 kB (6332 bytes)
Hash
df0a19888b1985876ba235335294b558
b10d5d9dbc4cf5b949c6a57527f01b13140e1eff
ae8dbcec50660a029eaf87222feaf4338a709e3a32b0bdf18793af8b0bb7a090

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-302f99a7.4fa016bd.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-18bc"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4eqAh%2F3FexCUChpMT1mBKFyZRv%2Bi4vGU%2BbNG7hvEeK6ZuYYkR5xckXjBXaP%2F9edRHZNNpTeUxc%2Bgv9hkDw%2F3aVMUj1vP05cce5EbgnzzZy2TTuj3oO6W5nHTpUku6BR7Mw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeac7f8a5687-OSL
alt-svc: h3=":443"; ma=86400

xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/7ef48eb07aff1bb43d7de8ec2af73fa6.jpg

54.230.111.97

200 OK

26 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/cover/20240126/4846192/7ef48eb07aff1bb43d7de8ec2af73fa6.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1264x720, components 3
Size
26 kB (25598 bytes)
Hash
1efd61393a290d7cfe9060cd73409a6b
43c7302d44e07066743feb11bb96a780dba6c335
91ed466f10e747dd80b792f1c867db684d1aee205db6e4539ee2bea053338a9a

HTTP Headers

GET /uploads/cover/20240126/4846192/7ef48eb07aff1bb43d7de8ec2af73fa6.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 25598
server: nginx/1.23.0
date: Fri, 10 May 2024 09:32:00 GMT
last-modified: Thu, 25 Jan 2024 16:52:23 GMT
etag: "65b291c7-63fe"
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: R_UyPXqPNGz_-oYhrji-8jsCaXvRl8jDfR5H7kp8DAQIQH2X9yUjaw==
age: 29620
X-Firefox-Spdy: h2

9irrkt8b54.xyz/pc/static/js/chunk-23bc8014.19b14d53.js

172.67.134.207

200 OK

4.3 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-23bc8014.19b14d53.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (4624), with no line terminators
Size
4.3 kB (4300 bytes)
Hash
a78d97cf4279fd2f26e139bd6701a182
cd7103db352e8a5eee686ce07ebcf4d59a14b272
5f6403ca605f0e1be5d64baa8c6644f5e0df25addeaac7ce61ae0cabbe3339da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-23bc8014.19b14d53.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-10cc"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OCXIZmq8qv7JY089LKhNIz4WfspnwObjEXAXUFO2ev%2BOXPLS%2FoiOAGDFRsAD%2F%2BiKnlZY6vj%2BbOEcxOrPdrCUi8PmC3mBab8xG9Etyk3aCJBHUSoIxDruGqn9ACYtAYeczw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeabbe615687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20211119/4078574/8c0242cc3ef6de2ae8690746a28f15f2.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20211119/4078574/8c0242cc3ef6de2ae8690746a28f15f2.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20211119/4078574/8c0242cc3ef6de2ae8690746a28f15f2.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-5c94de6f.8e5f8723.css

172.67.134.207

200 OK

3.4 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-5c94de6f.8e5f8723.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (3373), with no line terminators
Size
3.4 kB (3373 bytes)
Hash
35ce7e44bb34da512e428a66ae2f9c42
fd3b21cc2752043d52f5831fe5383c255769077c
910f79476451dd6ca77b740b4aad6c2b0c6afd76889e7727190f3429d61f49d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-5c94de6f.8e5f8723.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-d2d"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HCkyEsRR1K22YVUGC9EYsqTDCgDHsEaFBPEL2i3eIfC5t3BPXQP%2FF%2BtD6UGrzCUYCDD0sQYbaqt%2BdSpffzmbSl49deEdH%2FAyG5%2Bg6RmGgfIJ%2Fb0jiKqCKQDxUWW%2F2Fun9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea33a625687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-13ee06ec.c65e4786.js

172.67.134.207

200 OK

1.9 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-13ee06ec.c65e4786.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (2070), with no line terminators
Size
1.9 kB (1894 bytes)
Hash
f93a4ad9ecdebc9f111f914edb75a383
976f177bfc611c493269ec58b5eb9e334a49c5c2
37ec7464739fcf62a762544cf58f7a121f94155fad405750bc67888b198c7b5a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-13ee06ec.c65e4786.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-766"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UNgDHo6EQ3%2BPrX%2BiCiYCn1eZhwQBCJIgW5kknynTerlP2uz6OaXPU52lGvo5vwkmbzavpQdfYBuVHRIVZOWqBMubfttTCHPMu0rv5UPtyN6xIwAVWH8VkoKSig%2FOcbIuVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea9ebb75687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-6bae4258.3ece3635.js

172.67.134.207

200 OK

1.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-6bae4258.3ece3635.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (1255), with no line terminators
Size
1.2 kB (1164 bytes)
Hash
2e9f8df88c37d66e331d87c6b6ef112d
43ee827ea16dc53511f92c90b7319cff48cd5f19
6f419aa09bc3fb1ce50b2cb3315c22a2e7583a7a97c36c17da17fc956ac0405b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-6bae4258.3ece3635.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-48c"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGOxtTJ8fuKNrvWGcglc8V8XYtE8MlvQNURX4X3XpFtR4xzu2pVoZhmKP3cOAkDdpynW%2FxwdbhKpnYtjevLnTw1XqcJWQxlN7DT8ZAZQTZzm0rGHXuowib2iaAYzvMcnpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb0acdc5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-0f63a0ff.6cc99b82.css

172.67.134.207

200 OK

14 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-0f63a0ff.6cc99b82.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (13621), with no line terminators
Size
14 kB (13621 bytes)
Hash
64f92716797b713ccc384ac49f574191
036ff716d67167265961ef95c82390f40a5d34a5
907530f8975e7b2a093e614683a49a73bf190654f05c9f31a60617381eb0f7d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-0f63a0ff.6cc99b82.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:43 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-3535"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 4
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O8tB1ZPDBHlP%2B%2B9N%2BcwhwFpz1FuZVSyq90Ge7hx01ogotR6dZ1%2B%2BbU%2BnNP0Gk3z0c6gXzKQls%2BRnVlDN247zQkL0GCYOgsOwyJvcRbh5aOf94xHKuikvsON%2Bbx0PWbv2xA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe9e3b8d5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240126/4846192/ba41fd15c51d179974e277d565615216.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240126/4846192/ba41fd15c51d179974e277d565615216.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240126/4846192/ba41fd15c51d179974e277d565615216.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

xkm.covers.zhgxb6.xyz/uploads/avatar/20211231/3124880/2d7780a258855b15dfdba4f90101dd85.jpg

54.230.111.97

200 OK

223 kB

URL GET HTTP/2
xkm.covers.zhgxb6.xyz/uploads/avatar/20211231/3124880/2d7780a258855b15dfdba4f90101dd85.jpg
IP
54.230.111.97:443
ASN
#16509 AMAZON-02

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerAmazon
Subjectxkm.covers.zhgxb6.xyz
FingerprintCF:C3:71:3C:6F:06:62:21:C4:23:D9:45:79:8E:0E:73:81:6A:55:95
ValidityFri, 29 Sep 2023 00:00:00 GMT - Sun, 27 Oct 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1236, components 3
Size
223 kB (222800 bytes)
Hash
159596b485c725139cb546001486954a
1c4788cc3a612f7e275adbf1bc05bce93782e353
6b9cbc0a3e057c7bed0eb183ad24e8251a5a6f403bf40c5755e8f579840b0c4b

HTTP Headers

GET /uploads/avatar/20211231/3124880/2d7780a258855b15dfdba4f90101dd85.jpg HTTP/1.1
Host: xkm.covers.zhgxb6.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 222800
server: nginx/1.23.0
last-modified: Fri, 31 Dec 2021 15:56:11 GMT
access-control-allow-headers: *
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
accept-ranges: bytes
date: Fri, 10 May 2024 07:20:50 GMT
etag: "61cf281b-36650"
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VQBQrZKV5b7TU_dQ2LERZk5wJxgHXXKiE2QorgTKRyQP-ugv4j0IgA==
age: 37490
X-Firefox-Spdy: h2

txtimg.msud6g.com/uploads/txt/20210608/2632223/75784c1b502e794c04d762b64feab983.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210608/2632223/75784c1b502e794c04d762b64feab983.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210608/2632223/75784c1b502e794c04d762b64feab983.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-1b390f92.aea7f0e6.js

172.67.134.207

200 OK

3.6 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-1b390f92.aea7f0e6.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (3898), with no line terminators
Size
3.6 kB (3631 bytes)
Hash
b6f6ece740ac1708df5610dbf3952e3b
e77ff028a93dec7950a06dbe3cee9690785e8d63
175e20544d418de7e100087ca6c339ce33636c83ac43690e6477a235d2598525

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-1b390f92.aea7f0e6.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-e2f"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BpArGVBwjE%2BNSwDVeIjyF9y0WYFT%2FAsr7TztGU5k6ZFNvN35eeJxUzqluDrp3OFH11Wz0Ql1QRClLVB%2BBUH1yEfSSZhGhhjP2ZVFywFBiNm5cgWYQGfge3AOiv1kYQDTHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeaa9cab5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-4eda1712.db32484f.css

172.67.134.207

200 OK

255 B

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-4eda1712.db32484f.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with no line terminators
Size
255 B (255 bytes)
Hash
be0567fcd24ab4ba591da53a43761dd6
d57c745dd5201abcf6f5462ff5413891b09f718b
24027f79b361a5e07f9e62a95fc4aa33d34b55c88f9d2f0032c6bac5e0f31c82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-4eda1712.db32484f.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-ff"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fU582efoId1cGeDqZ6BU3o%2BW9O%2BR%2FGJIsZ8wZGC%2Bq2TS%2BNKLa9CU33rDAgK0BpZXmci0vlbeF1ped6f6Wjl0fKqJCdiOCm5uRcRNG%2BO3hMbUtJx5LhP4wllP7y68%2FxL42g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea218e65687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-23bc8014.27969551.css

172.67.134.207

200 OK

584 B

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-23bc8014.27969551.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (584), with no line terminators
Size
584 B (584 bytes)
Hash
d6a8da7142f015804347722fefd94b04
a87c45c9dc2b5fc08cc14729a1d84115d182e07e
b7434be7ed2b16a2a984e6cfe06abf90e679c156988bf10c979cd3f0594d31e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-23bc8014.27969551.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-248"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aXnxPqaN%2BJqUA1mxaL15CFNEKYN8x6Jk1K8KZbgE2sXvFiaMGUV%2BH1DlHfOdZaU1eMaYSV00oPWgtMPhQtlG898HKhgXx4IWApf8i6ibbtphGQWdu%2BnkVcoDsarsyTmuEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea09f045687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-2d0a50f6.b42939cf.js

172.67.134.207

200 OK

11 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-2d0a50f6.b42939cf.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (11020), with no line terminators
Size
11 kB (11020 bytes)
Hash
d01ad61303b0137265a1d0ac8284be75
f1481b2c695fc1acbe0c0e3199d9d6590ad1116c
3bc11b753ecba621df540ccdbecb3f885e3172687da0e629d904c5f0a9f85566

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-2d0a50f6.b42939cf.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:45 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-2b0c"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0K7vtvveQmduDsDahTCN1QkC9KwNKJXn0OUfSwFL2yCwzuQ2HfwyydLuQjBgTNQufhKLM4oqrteeq17PHojPSdHga45R6F4nl2C3dAeE185cWdT5jbqLGUtkGlB4us5R0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeac6f625687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/index.02972eef.js

172.67.134.207

200 OK

1.5 MB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/index.02972eef.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type

Size
1.5 MB (1465651 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/index.02972eef.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:37 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-165d33"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wcRXnca8boO8sFt2CmCxnSh7R0nvQIeFziiFElPcfrGkWaXq9bB0fErUpbrzZW4PDzoKwCQQaIgDQ4z4nBs%2Fn2gfrjkpDA9sybKqznpvaCoy4LOXA8RcLCWuLt6DWEFv6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe76ef105687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-0f63a0ff.6cc99b82.css

172.67.134.207

200 OK

14 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-0f63a0ff.6cc99b82.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (13621), with no line terminators
Size
14 kB (13621 bytes)
Hash
64f92716797b713ccc384ac49f574191
036ff716d67167265961ef95c82390f40a5d34a5
907530f8975e7b2a093e614683a49a73bf190654f05c9f31a60617381eb0f7d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-0f63a0ff.6cc99b82.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:39 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-3535"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9fkFqtKtOXXn8MQ%2BD6ewPl7gTpOkYGQQsJXSSPZXMHbsOej1ym3L4%2B1GHyWMC9gX%2BcLiJGcNgUnYEalVJrlr9yyotQ8xtknLNCticuoIzZhX0v514GdxB05PXrF2VZyROQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbe810c6b5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240510/6198399/b6e18dfe481571787c4ae6d0806187fd.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6198399/b6e18dfe481571787c4ae6d0806187fd.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6198399/b6e18dfe481571787c4ae6d0806187fd.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6166079/b501d4b009ae571a296ed9b8fba6ca54.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6166079/b501d4b009ae571a296ed9b8fba6ca54.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6166079/b501d4b009ae571a296ed9b8fba6ca54.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20210917/330089/aac21c3aeeed244f9447eb532d023b50.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210917/330089/aac21c3aeeed244f9447eb532d023b50.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210917/330089/aac21c3aeeed244f9447eb532d023b50.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/css/chunk-1b390f92.45ecd933.css

172.67.134.207

200 OK

1.5 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-1b390f92.45ecd933.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
ASCII text, with very long lines (1470), with no line terminators
Size
1.5 kB (1470 bytes)
Hash
842c39ff9d7073a36f02473894ec8803
b88cccd434bf36a03e2d5902b8e39481a8fc0d14
3ca6327f26ee954f093fe2055f3760d102b8449355633272aac049a4c6cb23c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-1b390f92.45ecd933.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-5be"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5hseZ2guCaKOAFR5bQsN%2BKqFb6l6GdqpOFR%2F5mnO6BPLi0g5LpoSq3t1iIyAuE8gUhwlZ9L%2Ff%2FZQpRRW%2BXS%2BMdaKAeHpIb%2BLG5N6IFcliXp7j2DHsiNMlQkx0HYZXkp%2BiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea08ede5687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/css/chunk-4cbe607e.08a584c8.css

172.67.134.207

200 OK

3.2 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/css/chunk-4cbe607e.08a584c8.css
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
SHARC architecture file
Size
3.2 kB (3246 bytes)
Hash
2c6c1516235193fd309add87b38d796f
377db680b5bb72c693164abef50247d5cd86268b
4e27ed01279a6d0cbffaaea1469e65c5b895406dd9e101938cacc8d3181dd99b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/css/chunk-4cbe607e.08a584c8.css HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:44 GMT
content-type: text/css
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-cae"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oeihYS5CpPWFRy32YhHEubZEgXjcWf9avYYS2E%2FkjMS%2FWmXqgRbChzOc61h3dz2NGWgS4GEuAMWR%2F6JuFJtB6S%2B4A9USMYx%2BbOGfGNKMa5Esto7RLV5ruiPfzS26XCsBxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbea1c88c5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240510/6204628/3a1e28c5450047b2c1d31f4712cf39d5.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6204628/3a1e28c5450047b2c1d31f4712cf39d5.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6204628/3a1e28c5450047b2c1d31f4712cf39d5.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-4eda1712.35b8a881.js

172.67.134.207

200 OK

949 B

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-4eda1712.35b8a881.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (1003), with no line terminators
Size
949 B (949 bytes)
Hash
c4907a77020b7e0eee21a74abe0609bb
288d73e95589b6f3875ec1010e9b75e1f49646b0
9f1bb82c65a5dccca7ebbc9d45010256313c45d17dea1f2afe329cdfd071b40d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-4eda1712.35b8a881.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-3b5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FHDgWYdiMnHB3CO7gR15elYZnSBvqGCGtYa4lZGv5eA3m0%2FYJjO6t%2Ffl7sa%2BQyH3v1ECeTsMhN6NnofE0rwf0szoMpMatOh%2Fy17x7Jxzxuo3SzpEjclQS%2F011qA2KHNokw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbead98e95687-OSL
alt-svc: h3=":443"; ma=86400

9irrkt8b54.xyz/pc/static/js/chunk-67cf1e82.11edb979.js

172.67.134.207

200 OK

52 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-67cf1e82.11edb979.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type

Size
52 kB (51786 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-67cf1e82.11edb979.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-ca4a"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1EznjggwV9z0EPrDrnTRR9UNgNgqYPEeovdaouLusZPne0v1BAvLtMdg8c8zkU90W0wbew9B2ljtLlNSM4d7XNRqACkp7S71lFpLWDaLYWdGJp1jk5ZuxYPEiOtO%2BTSy%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeaf3b4b5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20210610/38105/79c10382fd8143d4e3b908526983f292.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210610/38105/79c10382fd8143d4e3b908526983f292.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210610/38105/79c10382fd8143d4e3b908526983f292.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

9irrkt8b54.xyz/pc/static/js/chunk-a6bce218.ca697e1b.js

172.67.134.207

200 OK

8.5 kB

URL GET HTTP/3
9irrkt8b54.xyz/pc/static/js/chunk-a6bce218.ca697e1b.js
IP
172.67.134.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://9irrkt8b54.xyz/pc/index.html
Certificate
IssuerLet's Encrypt
Subject9irrkt8b54.xyz
Fingerprint6B:92:E2:17:06:07:92:9D:F3:5F:0C:77:2D:65:19:3B:22:2D:A5:08
ValidityTue, 23 Apr 2024 14:56:29 GMT - Mon, 22 Jul 2024 14:56:28 GMT

File type
JavaScript source, ASCII text, with very long lines (8921), with no line terminators
Size
8.5 kB (8491 bytes)
Hash
8fe2b9df98a6b30c0863d7052c426d35
6f35bce294691a63d86ef4041303fd84ee5c1a13
5d4ca058e1d96fe09b832c305d1ab09f9b0e98b2f2ab52066f75c26dcf5bcdf3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/static/js/chunk-a6bce218.ca697e1b.js HTTP/1.1
Host: 9irrkt8b54.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: _ga_JLHM041W4B=GS1.1.1715363137.1.0.1715363137.0.0.0; _ga=GA1.1.1838131346.1715363138; statistics=Sat%20May%2011%202024%2017:45:39%20GMT+0000%20(GMT)
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 17:45:46 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 07:34:59 GMT
etag: W/"66261323-212b"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bXVrXZij%2F%2F5a1gLLpWQJE4WaV5b1hCv6Yql%2BKQ3tjP7XfzyJXni3sHIVvsRMAKJuQo5lC0%2BXMYoXz4By6b5xGyELtUHFojOOJicsXX7Bm%2BKvlQTq%2B3ci4En26pOhieN2Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bbeb11d7d5687-OSL
alt-svc: h3=":443"; ma=86400

txtimg.msud6g.com/uploads/txt/20240126/4846192/f897decce73a3cfbb0a786928e6c791b.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240126/4846192/f897decce73a3cfbb0a786928e6c791b.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240126/4846192/f897decce73a3cfbb0a786928e6c791b.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20210608/2213975/0f0f81e7f96e292bf2042d45c4134aac.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20210608/2213975/0f0f81e7f96e292bf2042d45c4134aac.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20210608/2213975/0f0f81e7f96e292bf2042d45c4134aac.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/6206514/154b05573289261f29a2cd39ce6c026c.jpg

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/6206514/154b05573289261f29a2cd39ce6c026c.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/6206514/154b05573289261f29a2cd39ce6c026c.jpg HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

txtimg.msud6g.com/uploads/txt/20240510/3310463/d4bd305104896fec8b2b2cd811e5e101.txt

0.0.0.0

0 B

URL GET
txtimg.msud6g.com/uploads/txt/20240510/3310463/d4bd305104896fec8b2b2cd811e5e101.txt
IP
0.0.0.0:0
ASN
#0

Requested by
https://9irrkt8b54.xyz/pc/index.html

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uploads/txt/20240510/3310463/d4bd305104896fec8b2b2cd811e5e101.txt HTTP/1.1
Host: txtimg.msud6g.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://9irrkt8b54.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML