| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash1e18b4b3f44634f1c261b0f67f797a5b 0fa9e958f4866efccda31d4ec1075f6a35daf8a1 03ed89595297b2f8db049fdee09e8157476d520a086141d0268d9f00aeb1b5fb
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Wed, 01 May 2024 03:35:03 GMT
Server: ECAcc (amb/6AD5)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7GwGUk_s-Rq2FNc5woXxMjUhhcBH-fqzdD_WD-62QZM5b5WXRNIGhg==
|
|
| lumrfugqq28l.xyz/ | 54.230.111.57 | | 39 kB |
IP54.230.111.57:0
File typeHTML document, ASCII text, with very long lines (950), with CRLF, CR, LF line terminators Hash77ff88d82647c3ff845fb73c3c13bc0b cd8abcbbb59f217142367aa4fff8a0030d3c0821 77b36fb7170477f535b57ae811cbf0f890c025d8d10c20d5fecf00deaafabe7f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: lumrfugqq28l.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 41693
server: nginx/1.22.0
date: Wed, 01 May 2024 03:35:03 GMT
last-modified: Wed, 17 Apr 2024 07:42:07 GMT
etag: "661f7d4f-a2dd"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XuLTc8WB0wexBDYoCvFmqWM72b58JQcIs0sPqdtC_38t-zyhN77-sg==
X-Firefox-Spdy: h2
|
|
| lumrfugqq28l.xyz/static/cdn/js/jsjiami.js | 54.230.111.57 | 200 OK | 9.7 kB |
URL GET HTTP/2lumrfugqq28l.xyz/static/cdn/js/jsjiami.js IP54.230.111.57:443
Requested byhttps://lumrfugqq28l.xyz/enter.html CertificateIssuerAmazon Subjectjjwev1i017l2.xyz Fingerprint2F:DD:58:A1:AE:37:2D:90:A8:0F:28:3A:14:6B:AC:35:BE:A8:E1:EA ValidityFri, 29 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (9736), with CRLF line terminators Hasha5d5ec9a3a04d9699af465b9f4dbd050 9073c5f868284ecdef2bc49d424a50473263f314 0149036c01f4cfee3a50f62969319f2f78b33176543d633a0e56f8ca96735bd8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/cdn/js/jsjiami.js HTTP/1.1
Host: lumrfugqq28l.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lumrfugqq28l.xyz/enter.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 9739
server: nginx/1.22.0
date: Wed, 01 May 2024 03:35:04 GMT
last-modified: Wed, 17 Apr 2024 07:42:07 GMT
etag: "661f7d4f-260b"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Yypfwk3BQaCb3JI3RaWxNabsM27zcChiX5TGhR5DEokTgVw2S8XPqQ==
X-Firefox-Spdy: h2
|
|
| lumrfugqq28l.xyz/static/20240417154011/css/index.css | 54.230.111.57 | 200 OK | 36 kB |
URL GET HTTP/2lumrfugqq28l.xyz/static/20240417154011/css/index.css IP54.230.111.57:443
Requested byhttps://lumrfugqq28l.xyz/enter.html CertificateIssuerAmazon Subjectjjwev1i017l2.xyz Fingerprint2F:DD:58:A1:AE:37:2D:90:A8:0F:28:3A:14:6B:AC:35:BE:A8:E1:EA ValidityFri, 29 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (36481), with no line terminators Hashf53daa41a0a1f7f8933c0e240d0c24eb 9c03c4028edbf0d2c1cce1def399069512eab86c a5f7a9e94af6921c13f2dbddfb5c90943a76781ef714c06e4bf70bd816904e3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/20240417154011/css/index.css HTTP/1.1
Host: lumrfugqq28l.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lumrfugqq28l.xyz/enter.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 36481
server: nginx/1.22.0
date: Wed, 01 May 2024 03:35:04 GMT
last-modified: Wed, 17 Apr 2024 07:42:07 GMT
etag: "661f7d4f-8e81"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5761ACWTncBbLAL_aM2UhLdmWV8M9E6ynDmEC51Z77I6-C82KXf5XQ==
X-Firefox-Spdy: h2
|
|
| lumrfugqq28l.xyz/static/20240417154011/js/index.js | 54.230.111.57 | 200 OK | 40 kB |
URL GET HTTP/2lumrfugqq28l.xyz/static/20240417154011/js/index.js IP54.230.111.57:443
Requested byhttps://lumrfugqq28l.xyz/enter.html CertificateIssuerAmazon Subjectjjwev1i017l2.xyz Fingerprint2F:DD:58:A1:AE:37:2D:90:A8:0F:28:3A:14:6B:AC:35:BE:A8:E1:EA ValidityFri, 29 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (40052), with no line terminators Hash11984a26bf295dca7d9947ac9273f6e1 1a5b0bd0b5700500568d691e1c6642d70eea22d9 862f71c05b36fa1ea4c4e52081175832189cb10e7306f0dddc4d3862386d5502
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/20240417154011/js/index.js HTTP/1.1
Host: lumrfugqq28l.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lumrfugqq28l.xyz/enter.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 40174
server: nginx/1.22.0
date: Wed, 01 May 2024 03:35:04 GMT
last-modified: Wed, 17 Apr 2024 07:42:07 GMT
etag: "661f7d4f-9cee"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: M7ZJPWYlmFvAy3cMcpixONKj4WlssxDqlpsDOzW9fMRzspnqTXvnCA==
X-Firefox-Spdy: h2
|
|
| lumrfugqq28l.xyz/static/20240417154011/css/chunk-vendors.css | 54.230.111.57 | 200 OK | 187 kB |
URL GET HTTP/2lumrfugqq28l.xyz/static/20240417154011/css/chunk-vendors.css IP54.230.111.57:443
Requested byhttps://lumrfugqq28l.xyz/enter.html CertificateIssuerAmazon Subjectjjwev1i017l2.xyz Fingerprint2F:DD:58:A1:AE:37:2D:90:A8:0F:28:3A:14:6B:AC:35:BE:A8:E1:EA ValidityFri, 29 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size187 kB (186956 bytes) Hashddc43391b198c6de21ea9e7fc5f0352e 29ddd37a000206a3828f28f3cdedd6404a366daf d791a8aea8829f4e81caef657a18008255ec09e3d54758293f2ca790b26fe90c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static/20240417154011/css/chunk-vendors.css HTTP/1.1
Host: lumrfugqq28l.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lumrfugqq28l.xyz/enter.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 186956
server: nginx/1.22.0
date: Wed, 01 May 2024 03:35:04 GMT
last-modified: Wed, 17 Apr 2024 07:42:07 GMT
etag: "661f7d4f-2da4c"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eggNS1HdOlOKGzHvCehDAdwdQIKVykAdW1TIa4vCkwz_TbCxj0BUVg==
X-Firefox-Spdy: h2
|
|
| lumrfugqq28l.xyz/static/20240417154011/js/chunk-vendors.js | 54.230.111.57 | 200 OK | 930 kB |
URL GET HTTP/2lumrfugqq28l.xyz/static/20240417154011/js/chunk-vendors.js IP54.230.111.57:443
Requested byhttps://lumrfugqq28l.xyz/enter.html CertificateIssuerAmazon Subjectjjwev1i017l2.xyz Fingerprint2F:DD:58:A1:AE:37:2D:90:A8:0F:28:3A:14:6B:AC:35:BE:A8:E1:EA ValidityFri, 29 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65360), with no line terminators Size930 kB (930035 bytes) Hash5c0f7dd7b1c97dd00e5a54ad1833ae47 c9550f1aca003905bb0a0cb45c85fcba178d3f34 d1ce646edeaf16827f02df79e503b48935929d1c9625dd820f99f961e23f6241
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Unique code from Jetriz, Swid & Jeniva of the Tetris framework | Quad9 DNS | malicious | Sinkholed |
GET /static/20240417154011/js/chunk-vendors.js HTTP/1.1
Host: lumrfugqq28l.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lumrfugqq28l.xyz/enter.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 930035
server: nginx/1.22.0
date: Wed, 01 May 2024 03:35:04 GMT
last-modified: Wed, 17 Apr 2024 07:42:07 GMT
etag: "661f7d4f-e30f3"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xOGV5MOenQPtK7v0RKs9BagM60HrlrRSJOifqGGSsOMolMVRNYJFSg==
X-Firefox-Spdy: h2
|
|
| lumrfugqq28l.xyz/favicon.ico | 54.230.111.57 | 200 OK | 3.8 kB |
URL GET HTTP/2lumrfugqq28l.xyz/favicon.ico IP54.230.111.57:443
Requested byhttps://lumrfugqq28l.xyz/enter.html CertificateIssuerAmazon Subjectjjwev1i017l2.xyz Fingerprint2F:DD:58:A1:AE:37:2D:90:A8:0F:28:3A:14:6B:AC:35:BE:A8:E1:EA ValidityFri, 29 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT
File typePNG image data, 90 x 90, 8-bit colormap, non-interlaced Hash47b453539b8944ecdc587a8db88022e0 7867d74e921338dfc1aff0bfa2e6a9ed2b357d34 5e1fe9bb70d664878f4704611ec4f086aeb4725e0a6d9c1555b9a0e1413a9989
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: lumrfugqq28l.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lumrfugqq28l.xyz/enter.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 3760
server: nginx/1.22.0
date: Tue, 30 Apr 2024 11:48:42 GMT
last-modified: Wed, 17 Apr 2024 07:42:07 GMT
etag: "661f7d4f-eb0"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: u27cH_eJipZhloX92WXoXBxV_iE2z2tB-RtGS6pb5H_bt608J6WPDQ==
age: 56784
X-Firefox-Spdy: h2
|
|
| lumrfugqq28l.xyz/enter.html | 54.230.111.57 | 200 OK | 1.3 kB |
URL User Request GET HTTP/2lumrfugqq28l.xyz/enter.html IP54.230.111.57:443
CertificateIssuerAmazon Subjectjjwev1i017l2.xyz Fingerprint2F:DD:58:A1:AE:37:2D:90:A8:0F:28:3A:14:6B:AC:35:BE:A8:E1:EA ValidityFri, 29 Mar 2024 00:00:00 GMT - Sun, 27 Apr 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1410), with no line terminators Hashc7f78e19870c742b4f0039af958fdb44 84e9e430e7cc1f3ab333c67369bacb54eb9c86eb 189f4e29e2b8334be7bea83212440a0b208eb105269c5bb982a977018317c1e7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /enter.html HTTP/1.1
Host: lumrfugqq28l.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lumrfugqq28l.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1332
server: nginx/1.22.0
date: Wed, 01 May 2024 03:35:04 GMT
last-modified: Wed, 17 Apr 2024 07:42:07 GMT
etag: "661f7d4f-534"
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MMbBsP6CKnKUReU6f2AN9uKqCQBGX-sThezTuRvaGXbd5E3zUqGXMw==
X-Firefox-Spdy: h2
|
|