Report - surl.li/safau

Report Overview

Submitted URL
surl.li/safau
IP
104.26.4.19
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 22:48:42
Access
public
Website Title
Surli redirect page
Final URL
surl.li/safau
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
surl.li	unknown	unknown	2014-02-25	2024-04-18	16 kB	1.1 MB	104.26.5.19
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	452 B	837 B	142.250.74.100
web-screen.com	unknown	2022-08-29	2022-09-03	2024-03-01	873 B	400 kB	104.21.20.132
t0.gstatic.com	unknown	2008-02-11	2013-05-06	2024-04-11	510 B	1.2 kB	172.217.21.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed
2024-04-18	medium	surl.li	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	surl.li/sandbox%20eval%20code	147 B	2023-04-11	2024-05-02
Pretty URL surl.li/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-02 06:33:00 Times Seen343962 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-02
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-02 06:33:00 Times Seen343455 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	surl.li/sandbox%20eval%20code	128 B	2023-05-06	2024-05-02
Pretty URL surl.li/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-02 05:56:24 Times Seen21316 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	surl.li/js/app.js	191 kB	2024-01-30	2024-04-30
Pretty URL surl.li/js/app.js IP 104.26.5.19 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-30 09:31:09 Last Seen2024-04-30 16:53:55 Times Seen15 Hash 3b7dcb881b63a2390982ba3bb199029d 3faa66779e78dd9ccf65e3a725e17dd49e40475c cf2029cd54d2545c7d89a4f818bbf38ff19936018dfc6ad48236fa9f60dd333a Loading...

	surl.li/safau	656 B	2023-03-07	2024-04-30
Pretty URL surl.li/safau IP 104.26.5.19 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:17:17 Last Seen2024-04-30 16:53:55 Times Seen46 Hash df778921590215698107aace10c02c87 dc29195d36827035014f1178d13a0ca82362ab88 5fc4c8108d3bc539cae87bdc5638e21a2bdc5d3b249c4bb5919166d3fd1c9e7b Loading...

	surl.li/js/preview.js	90 kB	2024-02-02	2024-04-30
Pretty URL surl.li/js/preview.js IP 104.26.5.19 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-02 16:05:11 Last Seen2024-04-30 16:53:55 Times Seen17 Hash d6cc50ebd8325127ffa10f492624d26c 6ad43cb17ca53d08d360e0bcfe9e909f694f2c86 9d6dfd360ccbae2e81dc8f69b9c561e99e7034b0417b2a0bcbc85c2ff629ab6d Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-05-02
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-02 05:56:25 Times Seen21179 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

HTTP Transactions (18)

URL IP Response Size

surl.li/img/pc-rouded-icon.svg

104.26.5.19

200 OK

28 kB

URL GET HTTP/2
surl.li/img/pc-rouded-icon.svg
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
28 kB (28263 bytes)
Hash
7005e41f692583c19abac0a7fd5b7c5f
bda49cd99401420d490a32f2f547e4ddd43b7300
2f9e711abfb70ec1515ded7f4c18c9208b1325f53b551698b90fa4664542ceed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pc-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-4f3e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AQSom%2FhyXDjGKTfuXGIuOJCFiVgoys1F0V5d2w734ti5D2VJ9Vk1EkECTiwr6d34jM5LManbRl0ttZmHwQn6MB1UI5EeLQL1pRyGXiTbby5qAleGq2%2FUhKw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b77569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/gears-rouded-icon.svg

104.26.5.19

200 OK

140 kB

URL GET HTTP/2
surl.li/img/gears-rouded-icon.svg
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
140 kB (140183 bytes)
Hash
aecbc06e12760ff4f4334696cb12f70f
479d2ba236eeb0c524d10d2681beaf890b154604
b08ee81fa51d661b5c24460f41bb2ee09eeb5157c9426c6b3b83d7ada262473d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gears-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-e1f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irNI3WyFvKiA0ftgeW1XSLgvEAOIJx9hE9ZJsh1XcrW5bPpgp%2BloAQedc45nvgXszREjC0xN3ElQhW0r31SG%2FS%2BzF6Zi44r7iYykvXlVsDdbWRUoLnFNNF0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b79569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/planet-rouded-icon.svg

104.26.5.19

200 OK

132 kB

URL GET HTTP/2
surl.li/img/planet-rouded-icon.svg
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
132 kB (132202 bytes)
Hash
7a6de872239474d5c24060e4d6b89bae
9c921e59d96e37770aad1045ba2900e233d5b657
6c847af4400d327ad6a64ae87c50f6990011348f1cbbe293de44b7bc283eb379

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/planet-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-1574"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sTgjHvzLNWLeHLblTTGVXKjSnWZHqthoJhzXOArMSB1hBvSFEP%2BjoeaqArg9Tj9%2BbhYtt4lOA1RKNnON724VBrRHS2PwBzfYG1zQDsi%2B5jIxtfrj%2FBDLqek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b7a569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/fonts/rubik/Rubik-Medium.ttf

104.26.5.19

200 OK

116 kB

URL GET HTTP/2
surl.li/fonts/rubik/Rubik-Medium.ttf
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409
Size
116 kB (116056 bytes)
Hash
4dd3023b03ba2b68d4b9da9176b7285a
d734c149587c12d9083c03bc90009c84b52aec78
ce40d27c6c90b990229510c46115ec852237276e1aa09cdebffc6ae085b1d1e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/rubik/Rubik-Medium.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/octet-stream
content-length: 116056
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-1c558"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UV1hubZCPBuHzW4deBs%2B84lez%2BEO4nbHUesSUHZZL9S9ndynfYJdMFXUFUJ359kKPojzvhLWJR79FAwpPNzJx8i3KoUEmhZtTjnEGY8bQLwYCK7c6TUga9Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833955c02569a-OSL
X-Firefox-Spdy: h2

www.google.com/s2/favicons?domain=https://t.me/LR_game_queen_0106

142.250.74.100

301 Moved Permanently

344 B

URL GET HTTP/2
www.google.com/s2/favicons?domain=https://t.me/LR_game_queen_0106
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06
ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
344 B (344 bytes)
Hash
0c93a6eed052c9b7405e3b636e8927ff
8084f8e0ec6dc8a0c5483b0d055dce7794e111c5
cc4b95215011739b1d41dfc490b82e92f8930052efede56d87f3c92f0bb1a999

HTTP Headers

GET /s2/favicons?domain=https://t.me/LR_game_queen_0106 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 18 Apr 2024 22:48:17 GMT
expires: Thu, 18 Apr 2024 23:18:17 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

web-screen.com/storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png

104.21.20.132

200 OK

385 kB

URL GET HTTP/3
web-screen.com/storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png
IP
104.21.20.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced
Size
385 kB (385289 bytes)
Hash
46514ea7a5f7c1560caedee2fbf173f5
a1ac2ba4f9f9dc8abe01cb129cca5d75090c37f7
6619a587a97b9854431f0000d932cdeace7a7f0b16c6cc45a448b53914d8358a

HTTP Headers

GET /storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/png
content-length: 385289
last-modified: Thu, 28 Mar 2024 14:17:55 GMT
etag: "66057c13-5e109"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7SOhOEgjYE2UlbUMvT1CcGTprVV1jaDD85SHnGTuCkSCVJhofvz9CXi2SZrzk8VhXsMq70fFN5X9FWeq52kQDVGnnn4siR6cZ3keoBlXn9ccQQbRmogrV7JEhvWEbMx7Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833970e1db4eb-OSL
alt-svc: h3=":443"; ma=86400

t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16

172.217.21.164

200 OK

325 B

URL GET HTTP/2
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
IP
172.217.21.164:443
ASN
#15169 GOOGLE

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
325 B (325 bytes)
Hash
7d9da589fc799850f6d70bc4164098b8
503630487f4d3aef60fedd4f6fa10a6f6932701c
7dd8012f6e461c3da9ded542f7542fe98aa9e52c41b00f176d51de4cac47d140

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surl.li/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://telegram.org/img/website_icon.svg?4
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 325
date: Thu, 18 Apr 2024 22:48:18 GMT
expires: Thu, 25 Apr 2024 22:48:18 GMT
cache-control: public, max-age=604800
last-modified: Thu, 07 Sep 2023 19:46:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

surl.li/css/app.css

104.26.5.19

200 OK

28 kB

URL GET HTTP/2
surl.li/css/app.css
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
28 kB (28182 bytes)
Hash
fe365dbe3eae340f056236a1bd3c3bfb
0f33b3da6a8cf61a1678a4d163cc5c6792502e6f
af0aa34df3fa81b0c4b798d3ad818d8b7188a03a0a75fa79a830e2c0c1a78061

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.css HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: text/css
last-modified: Tue, 09 Apr 2024 12:14:36 GMT
etag: W/"6615312c-27950"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1hQ%2BTaxnE%2BBLxwTxWDPbcbMmeCWbtfK0%2BPVhZLCkMb9t1a%2BHFHEWKSzuIG2Of2vWoo8yOFwih7CvvwHw9RBrDFDaKyzbGw2m7KDp9Y7m1%2FiXFfySdn7rAEg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b67569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/surli-logo.svg

104.26.5.19

200 OK

14 kB

URL GET HTTP/2
surl.li/img/surli-logo.svg
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (14143 bytes)
Hash
482601fd25a8410e0868ce1e178cbaea
79a25cfa623613a31fc7d3813cfa9a223b54b2a8
f389fb51afbd8077d4e8e260bf820115f7111c246e02cc4aab081c5317c56db6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/surli-logo.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-233d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NfYWe%2ByGja1kwL9nqbjljt9bhy3XNWVsaRVoDWVXOebj6ETGj%2BYFv6bQd2o6DSXABLswnlg7rf0CknQ4%2Fa2iTMlnq5zdD%2FAOjnYpW0Yywz8DeAzVJKnLE6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b6c569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/getPreview

104.26.5.19

200 OK

8.3 kB

URL POST HTTP/2
surl.li/getPreview
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
ASCII text, with no line terminators
Size
8.3 kB (8320 bytes)
Hash
b5f8b7bc5d48582ddbe36904364462ed
96a0c8ebdaad43bb17ed91685a7a76ddad32826e
2b12d3381f934eb813d49acd63f32a13a095eaceeee270a356684fe87e2a7a02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /getPreview HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: YbaJ4rPRuDXbJkMVAZhWuTQTF04Zt2WqPmo7N2xy
X-Requested-With: XMLHttpRequest
Content-Length: 43
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IkFwZVVNZzlwZmhHMC9xNXFPeStORGc9PSIsInZhbHVlIjoiTUlLNmhwY21ITEE5YWZNMTRYZGNLUGVBNWpaclNhVnQ5R2xGL0dQTC9uNGNmZldCMkVxVEJHTFhhbktDKzRUcEVKeTNxaUxydE5hQXBsa1FPbGNaa3hYYVlmQUZMZWlsZU94UUYrWnFWclJ2a1J6RWNKc3pRTUYvM0JzOXhQL3giLCJtYWMiOiJjODRmYzIyYzIyYjg3YzRmYWU0NWUzNzM2MjM1ZmViNjI2NjUwNWRmZjlmZjQxYTQzMTllMmRmMDllYWFmYzFmIiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IlVsUkNvNWVMd0ljYXRrZWd5amg5NVE9PSIsInZhbHVlIjoiUUxtY2IzZ2xpZnNhbVNwWFNNN2J0QjZONnNuSTR5QXdhcWcwb04xaWdCNmtGY3EwWllSd3pBTWx4UlEyY0E4eUx5Y2djS2VPV0xDZWFOUkZya3dEZ01SMVBBL1FNakJlZy96aUhBeTd0R1lJQjBkc3ZaVEwzRUlzUmxicFpkeTciLCJtYWMiOiJjMmMwYmZjMTZlY2FmMzYyMWQ3Y2M0OGU0YmYyYzg2NjQ5ZmI4YmZmZWRiZDZlMWRlZmM2OTc0Y2IyNGQ3ODJiIiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8uNWFrDoupsfn8GD78%2B5IgdMm3gRF7m3p6h55XwDiYu%2BzYIfwx6jVea7V1F262kiyCWToF%2BXUVPAyBwyin3AwbTon7wg5w60NL2EwIMCjrOyFTmE6i8MAws%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876833958c1a569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/favicon.ico

104.26.5.19

200 OK

15 kB

URL GET HTTP/2
surl.li/img/favicon.ico
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
ec9741289f19f212fd2ffb2dda1df05c
9b97a75a795b848f086f75db50903dd15954a573
13c9447a56e92641eff376880ff848e6e8e25719f721421f9b276a9b152753d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/x-icon
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: W/"66213285-3aee"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=do56obP0y64dMecj73%2F%2BuGO6mbl%2Fv998U9flkhrtdInvR%2BQ%2FH4mYgqMkEBt4Hk61FH6VVoKC96gq5I9RTACihDIGsxCXb8ezcoJjtkXLuRm2lSmymuYOsdk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87683396dcfb569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/js/app.js

104.26.5.19

200 OK

191 kB

URL GET HTTP/2
surl.li/js/app.js
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type

Size
191 kB (190893 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-2e9ad"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBUjCnHfsM%2B3WVscPdKPFkUzfGQ3S6SAPczhxDt71HjmJgAK5QorIhycPL2K4Lm%2BbdCFc4ftgfVs46PYwIbUWD%2FTk%2Fi6hSJM7dJ95LyTXlDjKMD1C2ajwmw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833948b7b569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

web-screen.com/img/plug.jpg

104.21.20.132

200 OK

14 kB

URL GET HTTP/2
web-screen.com/img/plug.jpg
IP
104.21.20.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 1280 x 720, 8-bit/color RGB, non-interlaced
Size
14 kB (13510 bytes)
Hash
6448aca5739995f3b9c1b3c5e50ce7a0
f50fa07327f55f864a42698fd8fa86270f35da9b
856f999ea580bfa2f03ce5872b848246a66492f17675693e2f429938250d231a

HTTP Headers

GET /img/plug.jpg HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: image/jpeg
content-length: 13510
last-modified: Mon, 29 Aug 2022 13:27:44 GMT
etag: "630cbed0-34c6"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3587
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vNm295MSQVIeo5A3%2Bm9%2FuWPolmV9gJ3wQerOt2w%2FC9q%2BCPJ0UnZ9qWW6gvUR44FaSlarGE8LbaDomtftXQkIDc%2FUNA9eHE3l2qXK5qcqCrE0kW25ic8kPHJBWbHtWkwv4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87683394ff5b568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea

104.26.5.19

200 OK

139 kB

URL GET HTTP/2
surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2016 The Nunito Sans Project Authors (https://github.com/Fonthausen/NunitoSans)Nunito
Size
139 kB (139168 bytes)
Hash
4dac705158fb1ca226d583b3829f82a0
771b9299e1d5d4239c032c7d4243a6f9343f89c4
7acb3e456d98d55be401bb07a32c9cb04e074de37bd58932b11bcf0fe9f59ab0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/octet-stream
content-length: 139168
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-21fa0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EpZ8R0ZDRNRaHPvdt47U53dwVXWkck8bkfjHFlyDz5L8I66J3zVsPCyu55VyN2OeLZR%2BmBHAxIyAwa557DA0aIG%2BcE6K4kVxfvsu3roQ7OPVlitY4nuOTY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87683394fbd4569a-OSL
X-Firefox-Spdy: h2

surl.li/fonts/roboto/Roboto-Regular.ttf

104.26.5.19

200 OK

130 kB

URL GET HTTP/2
surl.li/fonts/roboto/Roboto-Regular.ttf
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularhtt
Size
130 kB (129584 bytes)
Hash
afe8eacfc0903cc0612dc696881f0480
ba879317acdc045b8fa78cb8f948650627d0477c
7277cfb805def6410f317129b8e1f78bdd47d1a4e24c233077d06e88a36e57ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/roboto/Roboto-Regular.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/octet-stream
content-length: 129584
last-modified: Thu, 18 Apr 2024 14:47:33 GMT
etag: "66213285-1fa30"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=07Esf6lnBaZH4b8K3fJ60OH87EmJcLWKR1KpmpKk5G1iFk6wRHZ6Doz01olOCmwCCOeNil7ntYcOsBTQGDAUVwLbUx1BN28u72CPNx0zC5pMOH5BeGgHFTo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833950bd7569a-OSL
X-Firefox-Spdy: h2

surl.li/getMetaInfo

104.26.5.19

200 OK

59 B

URL POST HTTP/2
surl.li/getMetaInfo
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
59 B (59 bytes)
Hash
94a2aef30f94a79ea7db90788223c580
5792a3f8cb223d02cafd8af00bdbfcd1404c96b6
fc1d48cb6bd2e225fdbf0a2a5d9e888b2bcebc8dd1d00c54478312f18a192cdc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /getMetaInfo HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: YbaJ4rPRuDXbJkMVAZhWuTQTF04Zt2WqPmo7N2xy
X-Requested-With: XMLHttpRequest
Content-Length: 43
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImNEVDM4MU9iMFptWTZRREtINlN5NGc9PSIsInZhbHVlIjoia2M1eHNTdFBWYU9pS3Y4T3NUa3VudnBHaUcrdnV4ZnRPaFoxZ1VEc3lzY1g2d3BUZ1F0Vk0rYUV6UXNWUjFjc2gxUUZaU1JES09XWGZMaHB2QmJqZ204cXNocDRLKzhuTDFTTXpUUkgzWkJYdmdTZXZXOTM2ZTdFVmN6alJ3cEkiLCJtYWMiOiI5N2QzYTMyNGM0OGNkMzc5YWEwMWE3NWNmNmQyYTFmMDY3NmI0NmNjYzY5NGQ5Y2EwMmVlMmIxMWM1ZTRkM2M5IiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IkdkZXNFeldhcXBidC9KMUZnSUhaeFE9PSIsInZhbHVlIjoiaVB5a3dRNGNGT0cyVkJhN1RnUkNvVEtueWdqNjZtcGxSaDF5TDhVOHlsL2kxT0J3eG9QOUovNHlUZTFNWEZ5VnIrV3plZTFTK09ITHFubFdKWGY3WXpaVWlWRTdVeGx2RXB0VjBSZEwrT0JyclVMOWVSbTF3T1poTTZWSk0zMjAiLCJtYWMiOiI3OWM0ODk2N2QyM2E4Y2YzYzYwNTRiYzA2M2ViZTkyOGI3NjQyYjgwZmIwODQ0ODBmYTAzMDRkZDI0NmE1NTk4IiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gObZ6w6IQtfWDKm%2B%2FKKukt%2FIsD27dZ1dRTCxZInNToENDcUZ4pvlQd%2F5e%2Fp0XvphIlhSgIBlWzLs0NjQbqOMjt9cRiGhuhCBw%2FYCt3cioeMAk%2FrYKdwLOXo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876833958c1c569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/safau

104.26.5.19

200 OK

13 kB

URL User Request GET HTTP/2
surl.li/safau
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type

Size
13 kB (13098 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /safau HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 00:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GOBlYVf0jRct2UbxL8YjF7uq%2FBqwDHekXUXQFs1rWteq18GTO0ywa79I9RFaV0QdgWoVBwJPyZOR85HehpoWmYf6VAAZGbF%2BJqseOGLuPqrLlwTOKJ6SajQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87683391fa29569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/js/preview.js

104.26.5.19

200 OK

90 kB

URL GET HTTP/2
surl.li/js/preview.js
IP
104.26.5.19:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type

Size
90 kB (90357 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/preview.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IlhvUU1tcFQ5WXZzcGpBM1FsUHlZcnc9PSIsInZhbHVlIjoiOEV0QmpUaHl6dEZFRGFkamZMWDZFV0NUcVRybDN2VHh6VG82WktFRTU5UVpnVmtGdEdRMzBzU3I2dlphd0pUaWlVQ0JBVml5Zk1KaXl2N2xnUXYrYzBNRmlnQkEwWnVOTWtSbFgwNS9SVlRpd3JQZjZRNk5ZRXpLZ3U2eXcvNmYiLCJtYWMiOiJiNjc4YzYyNGYyYmRjNzM0NTViNDI5NDhhZTFjMjljMWU5ZjY1OGIzY2VlYzcwMTc4MWE4YWFkNDdlODRjZDQ3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6ImpNYjdNSTQzNGhqTkp5ZnVLMjA5aWc9PSIsInZhbHVlIjoiK0JmM0xaQ282dTJGdHBrajk4RjU2Y0xIZ24xS0RvUSt0eG9TYyttRVhrRVNQV056dzRNNmFveGs1aGtXNGFoOXRPNWNCT3pwRm5MYlZISllLd0c5NjhFOUcwTnVUaGFqN0ljZXRxOUY2WEZOMnd2SXhkMXpBK2pKeVc1UDNrZ08iLCJtYWMiOiIxZjMzZDA5ZjA0ZTZhNTU1OGY4NGZhMDU5MjdmYTVhOGFiNWFkODdlZWE1N2NkYTI3ZjQ5M2VjOTRjNjE5OGMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 22:48:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-160f5"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jccLxxhy7pf1XpjUx7DNFXO5HmcOnWlS41RAfl1sO4Iaf26Vaqt6BalvfMKrKjaQWpTaTlAoWy8mLidZUm9sbe9k43AKbzHT%2Fy2O0Gaot4owzZbagmiexic%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876833949b7d569a-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL GET HTTP/2

IP

ASN

Requested by