Report - 2sr9i933o4pj2y.xyz/

Report Overview

Visited public
2025-01-19 00:32:54
Tags
URL
2sr9i933o4pj2y.xyz/
Finishing URL
2sr9i933o4pj2y.xyz/#/
IP / ASN
172.67.188.230
#13335 CLOUDFLARENET
Title
P站视频

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
2sr9i933o4pj2y.xyz	unknown	unknown	No data	No data	11 kB	2.2 MB	188.114.97.1
api.ofin9qop7yst21ho.xyz	unknown	2024-12-20	2025-01-02	2025-01-19	1.0 kB	2.0 kB	104.21.64.1
oct.ofin9qop7yst21ho.xyz	unknown	2024-12-20	2025-01-02	2025-01-14	1.0 kB	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed
2025-01-19	medium	2sr9i933o4pj2y.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	2sr9i933o4pj2y.xyz/static/cdn/js/axios.min.js?v=4.6.0	ScriptElement	18 kB	2023-03-13	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/cdn/js/axios.min.js?v=4.6.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:01 Last Seen2025-05-02 06:36 Times Seen245 Hash d1e71c0ca404956d46e475dbe30566b8 474c81de5ff1418895a10cb6e03f9ab522914b69 1d389f625c1d774224d32527657e7398e57a65c718a07748f0ad7faecce8de3e Loading...

	2sr9i933o4pj2y.xyz/static/cdn/js/DPlayer.min.js?v=4.6.0	ScriptElement	223 kB	2023-10-28	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/cdn/js/DPlayer.min.js?v=4.6.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-28 00:26 Last Seen2025-05-02 06:36 Times Seen44 Hash 522e3038f0e1a6b64dd9c3fd46729c72 f58bd2c4aab1db4c8e5295bc2a4ad78b00db78d9 c0244ad0320bc4ae666695ffe8224f08904745fc6438c1c1672ea0736a173c12 Loading...

	2sr9i933o4pj2y.xyz/static/cdn/js/artplayer.js?v=4.6.0	ScriptElement	157 kB	2023-08-02	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/cdn/js/artplayer.js?v=4.6.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 17:26 Last Seen2025-05-02 06:36 Times Seen89 Hash eebdffce9072a55f9a27ce01bb2eaa68 85f6333abe8373cfe174467196723ae21a7c177a f00cd84fe00f126d17e42f1a738483b586f67aafc5f92578df5efa34336435d3 Loading...

	2sr9i933o4pj2y.xyz/static/20241228132831/js/chunk-vendors.js	ScriptElement	598 kB	2024-09-24	2025-04-02
Pretty URL 2sr9i933o4pj2y.xyz/static/20241228132831/js/chunk-vendors.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-24 04:50 Last Seen2025-04-02 00:59 Times Seen32 Hash bd04292b0b6d9de63f4dbeccd6ddae4d 9f4b20cfc8bb2be38aaa40f118f4cf2b707fdd8e f10edade95297349354abf377ab16abc5bbd40cc7565b12668f9a0d6206ab392 Loading...

	2sr9i933o4pj2y.xyz/static/20241228132831/js/styles.js	ScriptElement	136 B	2024-01-14	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/20241228132831/js/styles.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-14 03:58 Last Seen2025-05-02 06:36 Times Seen42 Hash 56553cd4f2eec09b827cc5c5e69440ab 4e8e8b5b01d026fec4ce1bb1c4a182fdd0e87fd2 0adb7a06383ccae16d657dccc2eac1bc4601fe8257ee838d84dd6b85b81ffcf4 Loading...

	2sr9i933o4pj2y.xyz/	ScriptElement	1.1 kB	2024-09-28	2025-01-19
Pretty URL 2sr9i933o4pj2y.xyz/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-28 08:09 Last Seen2025-01-19 01:34 Times Seen14 Hash be91491d7647f0ddd7ea36e0454ba9c5 e67f9c03b5d5762acc1ca5df2050614f90779bbe 1a0e737a89ee69da8d5ce2363c084fcdf011767f987be7b35e204861903c26db Loading...

	2sr9i933o4pj2y.xyz/static/cdn/js/hls.min.js?v=4.6.0	ScriptElement	314 kB	2023-03-12	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/cdn/js/hls.min.js?v=4.6.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:49 Last Seen2025-05-02 06:36 Times Seen247 Hash 1b39bd8557eb71f9b9656b43d1873bb1 de34747fa37584963b282f9b5fb3194f237e9730 1526bf833cddf7a0dd01359e785719945717254f5c43962ddf019ed79b6623b4 Loading...

	2sr9i933o4pj2y.xyz/static/20241228132831/js/app.js	ScriptElement	171 kB	2025-01-02	2025-01-19
Pretty URL 2sr9i933o4pj2y.xyz/static/20241228132831/js/app.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 04:06 Last Seen2025-01-19 01:34 Times Seen12 Hash 70fdf6e9f5d75dfd1d91c42f4464ebf2 e32c0c703c252c6b23d556ed513a33a482dc429d 571430652dc22f0597460a5dbad587fb1e202bca2105d7d52d2a096b017a2447 Loading...

	2sr9i933o4pj2y.xyz/static/cdn/js/jsjiami.js?v=4.6.0	ScriptElement	13 kB	2024-04-23	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/cdn/js/jsjiami.js?v=4.6.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 22:46 Last Seen2025-05-02 06:36 Times Seen48 Hash be7039fad3d87104b7dfc0b9d6427451 d38345625d30aaba8f49e56e9a076b99b2a6546c 8d6ac2aba72d0ebf0cbc1a7629c7db8c655bc6cf2200206cad9e7fcd50bc5aa2 Loading...

	2sr9i933o4pj2y.xyz/	ScriptElement	1.4 kB	2024-09-28	2025-01-19
Pretty URL 2sr9i933o4pj2y.xyz/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-28 08:09 Last Seen2025-01-19 01:34 Times Seen14 Hash 639517cedfb152aee67f56d18e83abb5 8a4ce9f9789185057ef4c325fc4a0097d3493931 a5ff57a6947654703fb5e889eae81a1ef9e644fbf166a0aeb37c290d3f90fb9b Loading...

	2sr9i933o4pj2y.xyz/static/cdn/js/nprogress.js?v=4.6.0	ScriptElement	12 kB	2023-03-07	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/cdn/js/nprogress.js?v=4.6.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:49 Last Seen2025-05-02 12:07 Times Seen321 Hash 5fc208df77427b19a1558ee3c2e2d344 a7e1146d2021c42e68b599dc8bcc69d44fc31df3 6b9611076ec2701c0115c4f9105fdfdc4e2fcc8ab21eb491f3bf27b1e358c3ae Loading...

	2sr9i933o4pj2y.xyz/static/cdn/js/crypto-js.min.js?v=4.6.0	ScriptElement	48 kB	2023-03-10	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/cdn/js/crypto-js.min.js?v=4.6.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 18:36 Last Seen2025-05-02 06:36 Times Seen304 Hash c8b215ef1c396901ab19c41a7ac42cd7 00e971d00ca3e26ef1bc0f7586e16c5e30296ebe 817c88066f7a344d4471bb20d30652e641f498eedd9c28e5a6ed661c67795010 Loading...

	2sr9i933o4pj2y.xyz/static/cdn/js/lodash.min.js?v=4.6.0	ScriptElement	73 kB	2023-03-07	2025-05-02
Pretty URL 2sr9i933o4pj2y.xyz/static/cdn/js/lodash.min.js?v=4.6.0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-02 15:21 Times Seen10977 Hash 9becc40fb1d85d21d0ca38e2f7069511 ae854b04025db8b7f48fdd6dedf41e77eae44394 a9705dfc47c0763380d851ab1801be6f76019f6b67e40e9b873f8b4a0603f7a9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - ac9d22bc8d9861b18ef2c2db5c19e53b	132 B	2025-01-02 04:06	2025-01-19 01:34
Pretty Observations First Seen2025-01-02 04:06 Last Seen2025-01-19 01:34 Times Seen12 Hash ac9d22bc8d9861b18ef2c2db5c19e53b 1ed9cc554d272f98047d1c69fccaa55dd0b3a291 baf0436c56301ccde06d9b4642da230a8ae5b5eb844c833779a70b0fe61040aa Loading...

	#2 Eval - 4671db29bf9a4bf8f47c4ce5bb4737b9	138 B	2025-01-02 04:06	2025-01-19 01:34
Pretty Observations First Seen2025-01-02 04:06 Last Seen2025-01-19 01:34 Times Seen12 Hash 4671db29bf9a4bf8f47c4ce5bb4737b9 f58a752d9375994654ac0c98d6958ac9ee2c7e1c 9ecde0aff09985523b275e2a2b8cdd384c8903b092f56d499153e7969230c325 Loading...

	#3 Eval - a10a820c84580545ca7e2dea450cf345	138 B	2025-01-02 04:06	2025-01-19 01:34
Pretty Observations First Seen2025-01-02 04:06 Last Seen2025-01-19 01:34 Times Seen12 Hash a10a820c84580545ca7e2dea450cf345 73fb943fe4badf2a59a5a451e150b894d448d711 f39ada9505062acf085acbfaa7c144f0bf0a8e481475fd2ba2ed5bf7983228d1 Loading...

	#4 Eval - 2d881b9f7923de9af3d69598e92e6dc6	138 B	2025-01-02 04:06	2025-01-19 01:34
Pretty Observations First Seen2025-01-02 04:06 Last Seen2025-01-19 01:34 Times Seen12 Hash 2d881b9f7923de9af3d69598e92e6dc6 0f67513ea06fc5ed6444a813300885d721f108d0 cd6a146f7ec30373c1404f81ec41be022d792e74b6c94af95ceab4ee7012b59a Loading...

	#5 Eval - 0f4dd681080d8c63cacf31a5f39fe3f0	132 B	2025-01-02 04:06	2025-01-19 01:34
Pretty Observations First Seen2025-01-02 04:06 Last Seen2025-01-19 01:34 Times Seen12 Hash 0f4dd681080d8c63cacf31a5f39fe3f0 93ff5aa73a0470078aa6e6afdaf09e6d2fbc562e dd53a7f7d29d995194b4696144ad41434b7e21485804d6e4eaddc1cb92684ed5 Loading...

	#6 Eval - 7fa5f3e37fb7933ff476635c14b736d5	138 B	2025-01-02 04:06	2025-02-16 19:42
Pretty Observations First Seen2025-01-02 04:06 Last Seen2025-02-16 19:42 Times Seen15 Hash 7fa5f3e37fb7933ff476635c14b736d5 af5d483bdc925e6b1060abaabd21651b89282495 a7799b5b95e5337f441f970d1063142bb9867aa109df883bd6a9d9af72358cd9 Loading...

	#7 Eval - e08b82459d6c4b57addbc127b2d4e679	132 B	2025-01-02 04:06	2025-01-19 01:34
Pretty Observations First Seen2025-01-02 04:06 Last Seen2025-01-19 01:34 Times Seen12 Hash e08b82459d6c4b57addbc127b2d4e679 e55befc2b8677f0a053bcb0580902d3187556164 0111c8580858819b4c01285d5d0e3547f3fd3049914335a92cb477ae209acaa4 Loading...

	#8 Eval - fa9cbca7565429fe3a07addf111a2676	132 B	2025-01-02 04:06	2025-01-19 01:34
Pretty Observations First Seen2025-01-02 04:06 Last Seen2025-01-19 01:34 Times Seen12 Hash fa9cbca7565429fe3a07addf111a2676 cded841871adcbd45df16ad2e76bd345e97a3fa5 b17a6c58101a557e8beee614302cab57359156f7941a9e7533caf49948a8961f Loading...

HTTP Transactions (30)

URL IP Response Size

2sr9i933o4pj2y.xyz/static/20241228132831/js/app.js

188.114.97.1

200 OK

62 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/js/app.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
62 kB (62496 bytes)
Hash
70fdf6e9f5d75dfd1d91c42f4464ebf2
e32c0c703c252c6b23d556ed513a33a482dc429d
571430652dc22f0597460a5dbad587fb1e202bca2105d7d52d2a096b017a2447

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/js/app.js HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-29a39"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aNBMxjUKVGwt6XIzjlhA4wTd96PwZzEh3axY7fhjIRcF%2FlwGr%2Bbdf1mYaXXAfIUK1RwIwIoYUM%2B96Y10qFDScDGNTb4XuwvftT5CuiOhgUwDo1ZocU5yQ1yrTv8JGT9Zrj4E4g8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57f95eb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2441&min_rtt=924&rtt_var=1628&sent=213&recv=36&lost=0&retrans=0&sent_bytes=221518&recv_bytes=5261&delivery_rate=12136625&cwnd=151200&unsent_bytes=0&cid=b8986305623b3aab&ts=1463&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/js/home.js

188.114.97.1

200 OK

41 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/js/home.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
41 kB (41070 bytes)
Hash
263858bc699085963a70da5db41dafdf
1e7fce47d79b520ee8f2db60b9bfadf459feeae0
17fa8d2f1cd5e28821423e4c12ea928e592513bf0cc1b68ac61ba4c3f042b1ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/js/home.js HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:32 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-1a811"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8FqLQzKxUgs8v7WZwILEg%2BroqP4aWR7i7Ewe2%2FucDwrXh%2FV72tdyb7%2BRfDTyHuSAXhPV4uRRv%2BRD9%2FMJb2B9pPWE%2BXv0ycP3qGmG3Nh7tNJ%2FTosHwrI%2BIs5sYPPgXb%2Fi7gtRIPs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba64cbb5b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1515&min_rtt=924&rtt_var=516&sent=633&recv=60&lost=0&retrans=0&sent_bytes=707815&recv_bytes=8613&delivery_rate=23263807&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=3368&x=1", cfExtPri, cfHdrFlush;dur=0

api.ofin9qop7yst21ho.xyz/fast-endecode/main/request

104.21.64.1

200 OK

0 B

URL POST HTTP/2
api.ofin9qop7yst21ho.xyz/fast-endecode/main/request
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subjectofin9qop7yst21ho.xyz
Fingerprint35:78:66:8F:5D:84:62:BF:A1:E5:52:0A:73:EB:AB:66:DF:92:41:0E
ValidityFri, 20 Dec 2024 15:35:55 GMT - Thu, 20 Mar 2025 16:33:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fast-endecode/main/request HTTP/1.1
Host: api.ofin9qop7yst21ho.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2sr9i933o4pj2y.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 19 Jan 2025 00:32:47 GMT
content-length: 0
vary: Origin
access-control-allow-methods: POST, GET, POST, OPTIONS
access-control-allow-headers: content-type, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKwv3DjzL0VxNzMtKptRVYiOTHUHJTGmNrHFA007WgcB6TV%2FDRpMkDikG7xYF3m42fEghN5Y%2Bsu%2Fd%2BcYQuBCOVth4Lu9WUmq5lrqJN7UW%2Fo%2B6yjzw7OeKWqVW2uhxdq5HR3zJUzM7bvr83I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042bac35b85b4f7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1085&min_rtt=425&rtt_var=1198&sent=9&recv=13&lost=0&retrans=0&sent_bytes=3297&recv_bytes=1548&delivery_rate=5648894&cwnd=254&unsent_bytes=0&cid=6530f8a3df0aaf0d&ts=1175&x=0"
X-Firefox-Spdy: h2

2sr9i933o4pj2y.xyz/static/20241228132831/js/author~authorSearch~authorSearch2~chat~communityDetail~creation~customer~explore~exploreIosPlay~expl~7b0a4d4b.js

188.114.97.1

200 OK

3.8 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/js/author~authorSearch~authorSearch2~chat~communityDetail~creation~customer~explore~exploreIosPlay~expl~7b0a4d4b.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (13370), with no line terminators
Size
3.8 kB (3763 bytes)
Hash
b413264a70f8bdf6c1298d8cf1be5fdb
a6da9f8caffb7e5628bfb81c360234c6b85548ac
c47edfeb017bd97cffe36e5e86002627ebec73b4a8b8cc1c9b9374fef3dd64de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/js/author~authorSearch~authorSearch2~chat~communityDetail~creation~customer~explore~exploreIosPlay~expl~7b0a4d4b.js HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:32 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-343a"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0FSeEEUx4RWv3xGBZl99%2BlF9YuThKwIa3nFBEsbJxYVEmjWeshamysRESsaqHJKsbVyV3pbUGXuT8hySLsP4zNoZBW3aqfx%2FOu56q3RssNyfIzcsrnajaKlAxogUjB%2B9lK%2Bwo%2Fc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba64bba3b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1869&min_rtt=924&rtt_var=1050&sent=566&recv=54&lost=0&retrans=0&sent_bytes=629610&recv_bytes=8342&delivery_rate=5279935&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=2930&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/css/author~authorSearch~authorSearch2~creation~explore~home~subscribe.css

188.114.97.1

200 OK

7.4 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/css/author~authorSearch~authorSearch2~creation~explore~home~subscribe.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with very long lines (27313), with no line terminators
Size
7.4 kB (7355 bytes)
Hash
40687f5612e1b90ce8507257380f762c
fcc8d70d5101a7d66e40e09d5c9bbd09f816da65
67ad0ae6578c1ee5acda99d0dee3d303848bd77583377113107bb5a1b6d7e6e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/css/author~authorSearch~authorSearch2~creation~explore~home~subscribe.css HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:32 GMT
content-type: text/css
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
etag: W/"676fc470-6ab1"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t7jYPjhWRDbRJ1JFVOkA%2FneTv7ffwaFY3BfBjuv2eCB%2FCDch6WVzB%2Fnamnklzdz4NPZOMMtPwmR00AuLPpHLIFAMPoQzWUDiagDu%2FnYj0xpq%2BKvIXCHid9RkAoJtb9Ty0TUu540%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba64bbb0b503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1869&min_rtt=924&rtt_var=1050&sent=559&recv=54&lost=0&retrans=0&sent_bytes=621382&recv_bytes=8342&delivery_rate=5279935&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=2930&x=1", cfExtPri, cfHdrFlush;dur=0

api.ofin9qop7yst21ho.xyz/fast-endecode/main/request

104.21.64.1

200 OK

0 B

URL POST HTTP/2
api.ofin9qop7yst21ho.xyz/fast-endecode/main/request
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subjectofin9qop7yst21ho.xyz
Fingerprint35:78:66:8F:5D:84:62:BF:A1:E5:52:0A:73:EB:AB:66:DF:92:41:0E
ValidityFri, 20 Dec 2024 15:35:55 GMT - Thu, 20 Mar 2025 16:33:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fast-endecode/main/request HTTP/1.1
Host: api.ofin9qop7yst21ho.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2sr9i933o4pj2y.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 19 Jan 2025 00:32:47 GMT
content-length: 0
vary: Origin
access-control-allow-methods: POST, GET, POST, OPTIONS
access-control-allow-headers: content-type, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KduoW%2Bn0Gpeh3xAsaQvEQ%2F0tJKBH1tz4q0GEGehzdV7xsEzLguvgLRWtQ50gpLm9ZdUzVKUymgxzYKYDBsujScB%2FFGeTKWrmKk%2Fmly8T61%2BqgtNaOQ7FctzdGT27TNZU%2B2Jk6k1ByVolb6w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042bac35b82b4f7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1560&min_rtt=425&rtt_var=1847&sent=14&recv=15&lost=0&retrans=0&sent_bytes=4935&recv_bytes=1828&delivery_rate=5648894&cwnd=255&unsent_bytes=0&cid=6530f8a3df0aaf0d&ts=1191&x=0"
X-Firefox-Spdy: h2

2sr9i933o4pj2y.xyz/static/cdn/js/crypto-js.min.js?v=4.6.0

188.114.97.1

200 OK

48 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/js/crypto-js.min.js?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (47576), with no line terminators
Size
48 kB (47576 bytes)
Hash
c8b215ef1c396901ab19c41a7ac42cd7
00e971d00ca3e26ef1bc0f7586e16c5e30296ebe
817c88066f7a344d4471bb20d30652e641f498eedd9c28e5a6ed661c67795010

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/js/crypto-js.min.js?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-b9d8"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z3D8rjw6YhKlijdktKFP9jvyyp7NIMWBPYab12Qm0cHAbVpnkiI0NZtg0NXG78wQxU91e176W%2FkkdZSKmnMVmRWyCReHRmeWXlkAfLv1I087nYAMe3MlZETYnGD7isjLpY5WMKo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57e942b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2421&min_rtt=924&rtt_var=1365&sent=94&recv=32&lost=0&retrans=0&sent_bytes=81269&recv_bytes=5078&delivery_rate=1629628&cwnd=48000&unsent_bytes=0&cid=b8986305623b3aab&ts=1187&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/cdn/js/DPlayer.min.js?v=4.6.0

188.114.97.1

200 OK

223 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/js/DPlayer.min.js?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type

Size
223 kB (222624 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/js/DPlayer.min.js?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-365a0"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2LVebuhrLbnIStzN%2Bv1Pr%2FAJbM13llriGOaxhkuBVlu1v5ClknaYR6NAWeVcADiCuGNS2KU6ATDDDgJAWEm%2FBTf6DeRuS%2B%2FB0b6BowxB9oypmwkWHq%2BQZp9tQ0Wdn%2FHTnfpC3cs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57f955b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2323&min_rtt=924&rtt_var=1251&sent=289&recv=38&lost=0&retrans=0&sent_bytes=312306&recv_bytes=5353&delivery_rate=18771286&cwnd=151200&unsent_bytes=0&cid=b8986305623b3aab&ts=1605&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/favicon.ico

188.114.97.1

200 OK

784 B

URL GET HTTP/3
2sr9i933o4pj2y.xyz/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
Size
784 B (784 bytes)
Hash
f01fe0b27ab5620848295331cd6e8eb0
dd9018d2711a9740e1395011e8623a04da3c0ff5
d1a6467455a3522674023766194f6629c36ca79020d9b8ee0c2ae93de5c0bee7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:33 GMT
content-type: image/x-icon
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-310"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NAkC8qJdMtl37NY73lXVowP%2BDCHct5oUv0fq87RtyOUycebMJ4ZBaVquv6Wi7cgdZZ1KnWicM%2BXP2B5pXxk1SRMRX7Y86v81xufeadKWTAQFoCsErf176BsvCLXCzeLIvyYZFRQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba6c896eb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1516&min_rtt=924&rtt_var=388&sent=661&recv=62&lost=0&retrans=0&sent_bytes=739251&recv_bytes=8914&delivery_rate=15471209&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=4198&x=1", cfExtPri, cfHdrFlush;dur=0

oct.ofin9qop7yst21ho.xyz/fast-endecode/main/request

0.0.0.0

0 B

URL OPTIONS
oct.ofin9qop7yst21ho.xyz/fast-endecode/main/request
IP
0.0.0.0:0
ASN
#0

Requested by
https://2sr9i933o4pj2y.xyz/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fast-endecode/main/request HTTP/1.1
Host: oct.ofin9qop7yst21ho.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2sr9i933o4pj2y.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

oct.ofin9qop7yst21ho.xyz/fast-endecode/main/request

0.0.0.0

0 B

URL OPTIONS
oct.ofin9qop7yst21ho.xyz/fast-endecode/main/request
IP
0.0.0.0:0
ASN
#0

Requested by
https://2sr9i933o4pj2y.xyz/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fast-endecode/main/request HTTP/1.1
Host: oct.ofin9qop7yst21ho.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2sr9i933o4pj2y.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

2sr9i933o4pj2y.xyz/static/cdn/js/axios.min.js?v=4.6.0

188.114.97.1

200 OK

18 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/js/axios.min.js?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (17808)
Size
18 kB (17843 bytes)
Hash
d1e71c0ca404956d46e475dbe30566b8
474c81de5ff1418895a10cb6e03f9ab522914b69
1d389f625c1d774224d32527657e7398e57a65c718a07748f0ad7faecce8de3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/js/axios.min.js?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-45b3"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qTm%2FIXvvep21shpNmAXKiROCaNPIUeWx%2BAPyG2WJkjsY45YRY%2B0nu%2BLWdMmsiWq9OHN1oSMwpOcKMV43sFbrDsFHpirN6tHJT1Vu4Nxfv5QRYgqOlvY1cWX9zqYX6ln7iKs42i0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57e943b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2815&min_rtt=1478&rtt_var=1680&sent=56&recv=28&lost=0&retrans=0&sent_bytes=36708&recv_bytes=4899&delivery_rate=36038&cwnd=12000&unsent_bytes=0&cid=b8986305623b3aab&ts=1047&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/cdn/js/jsjiami.js?v=4.6.0

188.114.97.1

200 OK

13 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/js/jsjiami.js?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (12713), with no line terminators
Size
13 kB (12713 bytes)
Hash
be7039fad3d87104b7dfc0b9d6427451
d38345625d30aaba8f49e56e9a076b99b2a6546c
8d6ac2aba72d0ebf0cbc1a7629c7db8c655bc6cf2200206cad9e7fcd50bc5aa2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/js/jsjiami.js?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-31a9"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KlXJ%2FpdlVzH3R%2BTGaBqaO5XivANj1mgKjy%2B4OnHV9z0FlqjfpW6q09bkWBrPqgq6N9u2sHvOvBm%2Bftp0dqcaNRufHpyOzK6ZRdfvebxVdWeMFxvxIRh5j8dP%2F0%2B7zfxvKy%2FmTdM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57f957b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3654&min_rtt=1703&rtt_var=1912&sent=38&recv=24&lost=0&retrans=0&sent_bytes=17608&recv_bytes=4725&delivery_rate=801229&cwnd=12000&unsent_bytes=0&cid=b8986305623b3aab&ts=891&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/js/chunk-vendors.js

188.114.97.1

200 OK

598 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/js/chunk-vendors.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
598 kB (597475 bytes)
Hash
bd04292b0b6d9de63f4dbeccd6ddae4d
9f4b20cfc8bb2be38aaa40f118f4cf2b707fdd8e
f10edade95297349354abf377ab16abc5bbd40cc7565b12668f9a0d6206ab392

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/js/chunk-vendors.js HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-91de3"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vUMmIdXcpGkWOM%2B6G3kjGHozVkYxRFU3ZqovW5lNZKzdt53YdyHU0kiNt9kGO%2F9dVtFONQmXprGRbA6vagP9PrwA1gnOTKiF43fG%2BQrfkfIu6MQFudJQMcwbLF%2F8%2B7bIYvOGDRA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57f959b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2220&min_rtt=924&rtt_var=1144&sent=327&recv=39&lost=0&retrans=0&sent_bytes=355975&recv_bytes=5400&delivery_rate=18789584&cwnd=151200&unsent_bytes=0&cid=b8986305623b3aab&ts=1807&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/js/author~authorSearch~authorSearch2~creation~explore~home~subscribe.js

188.114.97.1

200 OK

28 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/js/author~authorSearch~authorSearch2~creation~explore~home~subscribe.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (27979), with no line terminators
Size
28 kB (27979 bytes)
Hash
756ad75126179ce5d7dbee525a07b8b8
673bf4fef5835817bbca4642ce282d1b19427a3a
4d85c3525245fef09a666cf3fa6f841bb8007ab2d1367e3ede46d8a69bd0ab69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/js/author~authorSearch~authorSearch2~creation~explore~home~subscribe.js HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:31 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-6d4b"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d0G1hcoPtCHEjZlV%2BDd%2BFhWu%2B3f9MfPmlg8duPWIRXIalAhQfK7qwuv1fPbKUQF3WcrPnpU55sDjp%2BNOJb%2F5E3oQlSpDmQ%2Fh0tsnb8idgad63oClKfN1rC1cFJDg7oI5kRUXR50%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba64bbb1b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2210&min_rtt=924&rtt_var=1255&sent=501&recv=51&lost=0&retrans=0&sent_bytes=552977&recv_bytes=8205&delivery_rate=8702397&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=2673&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/css/styles.css

188.114.97.1

200 OK

47 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/css/styles.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with very long lines (47110), with no line terminators
Size
47 kB (47110 bytes)
Hash
ed69b1e245dd267457699f34f74fbd88
b7b0f841b942370b1aeebad83e80a90afdda3421
06dcacaa4a5df8bfa7694b791787b96df8c7a3edf09d0dbd5c40e419410d4a8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/css/styles.css HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: text/css
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
etag: W/"676fc470-b806"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NVWAUOBG%2BaMmTRfZIHqw7WPCQylBRhD6XU%2BUgeWv3SDfSJrIo47JNYi7qznzRJDfZp4t30ZHUuGqbZvfFW4Xb3RwXCxZ%2FkZ5SOZqsJ2tz6zTA8%2BuaIHb2VBMEX7NS6V7lG0g2Ls%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba57e93fb503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3162&min_rtt=1478&rtt_var=1934&sent=47&recv=26&lost=0&retrans=0&sent_bytes=27194&recv_bytes=4811&delivery_rate=2985302&cwnd=12000&unsent_bytes=0&cid=b8986305623b3aab&ts=938&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/css/app.css

188.114.97.1

200 OK

26 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/css/app.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with very long lines (26126), with no line terminators
Size
26 kB (26126 bytes)
Hash
563f415602c95c84bd72d4f18068feaa
5f981b39557aa92eabd664e96bf59d9ffce72ecb
ab6bc9eb2482d138180373479796e172a53ac1f207a08be9904b2601bd077e04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/css/app.css HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: text/css
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
etag: W/"676fc470-660e"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5XDCZbII0liYUnXQ%2BSscIz98wkO1J%2FFo8lU12RpCITO7zqHyBjEXV5AE25UYYJvPYr1g3lLUcMakx71H6St9ZdcyR4LFKePiVeppegVpvx7ZWxCKcoUPu83nesIA8ZnuoNAq4ig%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba57e941b503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4168&min_rtt=3516&rtt_var=1784&sent=26&recv=22&lost=0&retrans=0&sent_bytes=4492&recv_bytes=4637&delivery_rate=168924&cwnd=12000&unsent_bytes=0&cid=b8986305623b3aab&ts=870&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/cdn/js/nprogress.js?v=4.6.0

188.114.97.1

200 OK

12 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/js/nprogress.js?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text
Size
12 kB (11565 bytes)
Hash
5fc208df77427b19a1558ee3c2e2d344
a7e1146d2021c42e68b599dc8bcc69d44fc31df3
6b9611076ec2701c0115c4f9105fdfdc4e2fcc8ab21eb491f3bf27b1e358c3ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/js/nprogress.js?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-2d2d"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iwRPRymZIbcGmFpPl1hA0zZ7nhHI8c58sxOCnGhFvONcP%2BKS0RoF2s89bkqrNj%2BlrTE0zU9LOFprmhpaXbZf9ikyXxhbrMsn0l2f0XEQsmFhvpsfSWpKl0l1GoUeRjJsrkvSorc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57e94db503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3403&min_rtt=1641&rtt_var=1937&sent=43&recv=25&lost=0&retrans=0&sent_bytes=22780&recv_bytes=4768&delivery_rate=3150891&cwnd=12000&unsent_bytes=0&cid=b8986305623b3aab&ts=902&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/css/author~authorSearch~authorSearch2~creation~explore~followDetails~home~search~special~subscribe.css

188.114.97.1

200 OK

16 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/css/author~authorSearch~authorSearch2~creation~explore~followDetails~home~search~special~subscribe.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with very long lines (16232), with no line terminators
Size
16 kB (16232 bytes)
Hash
cc00f28e9ece2909d5aeb5503c964d62
39e44b2e339044d628a5185e5450b31720464ece
6f8eeafbc8d4c84e1c058359194a7203954a7ddc57b455d959aa421ef095d26c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/css/author~authorSearch~authorSearch2~creation~explore~followDetails~home~search~special~subscribe.css HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:32 GMT
content-type: text/css
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
etag: W/"676fc470-3f68"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mo91U%2FfaB5J%2FyzMLvht5iP4rlEikGq9moGbNQayAywcKEF8oauRNdaVLg9wlCxn3UDhIkOlV0LQW3tPe5zKuN643s4%2FTfb1puFTOhDY2ojnx%2FrbXTdHSV2%2B2fGIvX9%2B1PRLjRMA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba64bba6b503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1727&min_rtt=924&rtt_var=828&sent=570&recv=56&lost=0&retrans=0&sent_bytes=634161&recv_bytes=8432&delivery_rate=7916124&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=2947&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/css/author~authorSearch~authorSearch2~chat~communityDetail~creation~customer~explore~exploreIosPlay~expl~7b0a4d4b.css

188.114.97.1

200 OK

21 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/css/author~authorSearch~authorSearch2~chat~communityDetail~creation~customer~explore~exploreIosPlay~expl~7b0a4d4b.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with very long lines (21132), with no line terminators
Size
21 kB (21132 bytes)
Hash
60c3c4c56cd401e4fae625ea886e2d02
0d9c92331282c3626f5f609c521dcd03022bc14c
06818616dd2b47e9b27748b701e2050def88b28dd08c1935293b27e8fb273566

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/css/author~authorSearch~authorSearch2~chat~communityDetail~creation~customer~explore~exploreIosPlay~expl~7b0a4d4b.css HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:32 GMT
content-type: text/css
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
etag: W/"676fc470-528c"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUkbCstQtOmxCeHfeqwLV%2BkI66NTwgh4WiMJhm80cYlQk%2FYj4OgZ6wBjRhmRrD8QWW5aqLHPXR8yCrxtORr%2Bv0MfUQDKIEtFjmyuAkD9tcEaUUYJ2xuhwL877PNXYEpgFRqvJpY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba64ab9cb503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1986&min_rtt=924&rtt_var=1089&sent=552&recv=53&lost=0&retrans=0&sent_bytes=613493&recv_bytes=8297&delivery_rate=24212392&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=2914&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/cdn/css/nprogress.css?v=4.6.0

188.114.97.1

200 OK

1.7 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/css/nprogress.css?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with very long lines (1778), with no line terminators
Size
1.7 kB (1699 bytes)
Hash
f87ff961c0d61d18137de3222c4f0762
a628703abf8db7fe2ac7a39fe4a0e8dacfa59965
afeadf6bb69c140922205976712ee95873551bdc8bacb87d38bde66891ee4558

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/css/nprogress.css?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: text/css
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
etag: W/"676fc470-6a3"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0qIIxDXoBjJvybGHO%2FyIUQSu3qg1VWjY%2BEGEt99kI5qby%2B7ZZP%2FV7AfeAtLf44zRZJJGtnRuJfsZWjbzs3Fp6Sr3Eww%2F5T7OH4IrR7z11GUROyIUHnlK8ks3y4Zyd5G7R9DNqA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba57d938b503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3933&min_rtt=2293&rtt_var=1806&sent=36&recv=23&lost=0&retrans=0&sent_bytes=16243&recv_bytes=4681&delivery_rate=13780&cwnd=12000&unsent_bytes=0&cid=b8986305623b3aab&ts=874&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/css/chunk-vendors.css

188.114.97.1

200 OK

102 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/css/chunk-vendors.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
102 kB (101976 bytes)
Hash
08cb5cb0396aa9607599e1169a5af20c
aa14e1e1e0cf7a4fa4c483bf995e616c41d95aa1
5ee85f8de5d3ee200b694d30c58161f92dba897fcbe2bfd265fe457697b4167f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/css/chunk-vendors.css HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: text/css
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
etag: W/"676fc470-18e58"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PJdMDGGd333BpKPD4NfXrYTQ36UnIsgr0k1JyMoUs7pisWOyn9tCNDh1PqwuQvZ8nujGc9k0Er000S0pHICI5H5XirfTQoxMhfRueV4foAs3wFYbeEETryfEsWe5q78lA94IR3M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba57d93db503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2725&min_rtt=1478&rtt_var=1441&sent=62&recv=29&lost=0&retrans=0&sent_bytes=43763&recv_bytes=4943&delivery_rate=3372775&cwnd=12000&unsent_bytes=0&cid=b8986305623b3aab&ts=1119&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/js/vendors~card~home~my.js

188.114.97.1

200 OK

207 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/js/vendors~card~home~my.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
207 kB (207441 bytes)
Hash
e36b2d6ad08321ff28e87633577e5500
75df03785f8c522ae73b2817451c1438c75a19d8
5cbbe4a5ef770fbad779de975e3b4ce057557b42b1390352582fccf86ed11d32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/js/vendors~card~home~my.js HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:31 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-32a51"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5uNiVQ%2BqFXKZkAY0FdXDMq17pbkjC0K1Cwg0ig5YyuskovRJBazviXW4U%2BG0Lim3suUwG5oWQfYSMJPwvxAZtmx0ArmtI2BSm%2BCn6m5%2Ba9WsJsamfqrl5XbWHl1WQvJTHA3dWkQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba64ab9bb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2079&min_rtt=924&rtt_var=1202&sent=510&recv=52&lost=0&retrans=0&sent_bytes=563424&recv_bytes=8251&delivery_rate=28938&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=2813&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/cdn/js/lodash.min.js?v=4.6.0

188.114.97.1

200 OK

73 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/js/lodash.min.js?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (4143)
Size
73 kB (73015 bytes)
Hash
9becc40fb1d85d21d0ca38e2f7069511
ae854b04025db8b7f48fdd6dedf41e77eae44394
a9705dfc47c0763380d851ab1801be6f76019f6b67e40e9b873f8b4a0603f7a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/js/lodash.min.js?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-11d37"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jF6E%2B3vse3QUhOCysD%2BhKpwxtwITYvLGNdzOOP4iauOT61V2erLcHZueDCTRk%2FHBQmT2W2BCwgS08%2Bao%2BRQCWAuRrzc7i2JHFtnynXyF07LlW8oK56XaU45Czd2AboEyXUSojX8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57e94ab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2279&min_rtt=924&rtt_var=1308&sent=109&recv=33&lost=0&retrans=0&sent_bytes=98942&recv_bytes=5124&delivery_rate=9744309&cwnd=48000&unsent_bytes=0&cid=b8986305623b3aab&ts=1270&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/cdn/js/artplayer.js?v=4.6.0

188.114.97.1

200 OK

157 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/js/artplayer.js?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type

Size
157 kB (157066 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/js/artplayer.js?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-2658a"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g1IIHYYx4HMUhbDvuO9iwf5isT9%2FeUEdavzCdA%2Fi1JYjwx0zmbNRO2wf5rtUJVCHAaClPq%2BjKvPCN%2FCWqdO6wCYYIOr77%2FYCTCF5uftcpNtF3xloc5pwJNEzYXA93X1yheuigCg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57e952b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2469&min_rtt=924&rtt_var=1278&sent=256&recv=37&lost=0&retrans=0&sent_bytes=272827&recv_bytes=5307&delivery_rate=14585059&cwnd=151200&unsent_bytes=0&cid=b8986305623b3aab&ts=1486&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/js/author~authorSearch~authorSearch2~creation~explore~followDetails~home~search~special~subscribe.js

188.114.97.1

200 OK

14 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/js/author~authorSearch~authorSearch2~creation~explore~followDetails~home~search~special~subscribe.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
JavaScript source, ASCII text, with very long lines (14453), with no line terminators
Size
14 kB (14453 bytes)
Hash
86c3ecf55182933689375e68f333e16c
f37e90290a26642be3efc699ba6977f6af3a122b
fdfaaeeb085e8bed3327be512b1908f207ed3d23d142c482afa26a5480cc3796

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/js/author~authorSearch~authorSearch2~creation~explore~followDetails~home~search~special~subscribe.js HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:32 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-3875"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNIrnQbytMwn9twTrwsP5AS5yvSrR5QgiO2st%2Fvga5KLtxzzgjG4x9ToSq4v%2FYjyxRXG1jm%2F7qzwNOO%2B3HQgpESQYPLWw9K6i091siEskINqaeXPXdI6WRN8wJ6SouMZ1n4lmg8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba64bbaab503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1648&min_rtt=924&rtt_var=779&sent=576&recv=57&lost=0&retrans=0&sent_bytes=641332&recv_bytes=8478&delivery_rate=4441540&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=3071&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/

188.114.97.1

200 OK

4.8 kB

URL User Request GET HTTP/2
2sr9i933o4pj2y.xyz/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
HTML document, ASCII text, with very long lines (5151), with no line terminators
Size
4.8 kB (4846 bytes)
Hash
550d69c9fffcd502021ca676b94cfa49
2cd3018953711458581695bce17aca0c14ed6fcd
1db44bc114fcfa9b1735eb5619db78ff63cb0d23be539a83a00b1094e7c2b488

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 19 Jan 2025 00:32:29 GMT
content-type: text/html
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvH7Plu16smLL3jDHIRaMcsQoNRFfQdwm%2BPQ7iVpfsX8sYnowT1mYFPefyl2dK2LVEOljNKnyZt3EI36zJPT8REHx35p1M7c%2FHQXBlAuhWQjm1jr3V54Qwk%2F3wmpVKxbvTxuQc4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba520c8f56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6185&min_rtt=410&rtt_var=11527&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3296&recv_bytes=1251&delivery_rate=6840944&cwnd=254&unsent_bytes=0&cid=058c2140aeb6e0bf&ts=679&x=0"
X-Firefox-Spdy: h2

2sr9i933o4pj2y.xyz/static/cdn/js/hls.min.js?v=4.6.0

188.114.97.1

200 OK

314 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/cdn/js/hls.min.js?v=4.6.0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type

Size
314 kB (314271 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/cdn/js/hls.min.js?v=4.6.0 HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-4cb9f"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gOeKp8U7MIvgZaTEGTD%2Bdf7JXaz20VtK8UHAEV%2BDDSR3AzSZ01z5AZi6Pu4nHdYY6gZDm047rgnhxuY%2BAKMRiYI0BtJoC70nNQcZPQfZK8hOU%2BIWFkbPb4hznAkrclecZUP0hl4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57e950b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2279&min_rtt=924&rtt_var=1308&sent=133&recv=33&lost=0&retrans=0&sent_bytes=127035&recv_bytes=5124&delivery_rate=9744309&cwnd=48000&unsent_bytes=0&cid=b8986305623b3aab&ts=1271&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/js/styles.js

188.114.97.1

200 OK

136 B

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/js/styles.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with no line terminators
Size
136 B (136 bytes)
Hash
87788cfed3db122314f301c2fac3ce23
9792490cd6f9e25c9f7572860a61793f763d438a
939543d8b261dfad922de42be11f342ad92b26a33a73bdde20d91bec8d14b241

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/js/styles.js HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:30 GMT
content-type: application/javascript
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
etag: W/"676fc470-88"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Srab06jeh3lzv36TSeOXNXndv393rOwYLV%2BQHuE1DgcZs9vvZ9VCjrdUqsTTTS51rZ21UINrvFnHqNmiuvaigxMf5nL0KRgcBT9dIIB%2F1av8ZdiHX9%2FQ9ZCfNBjdbitKNF3Ya9E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 9042ba57f95bb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2959&min_rtt=1478&rtt_var=1857&sent=55&recv=27&lost=0&retrans=0&sent_bytes=35922&recv_bytes=4855&delivery_rate=5687293&cwnd=12000&unsent_bytes=0&cid=b8986305623b3aab&ts=953&x=1", cfExtPri, cfHdrFlush;dur=0

2sr9i933o4pj2y.xyz/static/20241228132831/css/home.css

188.114.97.1

200 OK

168 kB

URL GET HTTP/3
2sr9i933o4pj2y.xyz/static/20241228132831/css/home.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://2sr9i933o4pj2y.xyz/
Certificate
IssuerGoogle Trust Services
Subject2sr9i933o4pj2y.xyz
FingerprintBB:35:6E:DD:87:83:1E:B7:73:4E:20:12:80:69:12:12:69:D5:14:5D
ValiditySat, 11 Jan 2025 04:54:47 GMT - Fri, 11 Apr 2025 05:52:14 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
168 kB (168352 bytes)
Hash
4065dfe7f6039342ff1c5d99c7ac8768
7bb64e63266904efae786d42dec67cb0b95b920e
9c8339ad48b4b2d0adfaa7522201f137d8592d96ed541ae22e9289bda53b13b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/20241228132831/css/home.css HTTP/1.1
Host: 2sr9i933o4pj2y.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Jan 2025 00:32:32 GMT
content-type: text/css
last-modified: Sat, 28 Dec 2024 09:27:12 GMT
vary: Accept-Encoding
etag: W/"676fc470-291a0"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1n1Nv8eqTk1NlxwZPQHRpGUHKe4e%2Bd951xcd7AFuxPaXubcWTVCAVIi6P3qK9DjrMcIS7JNcth%2Fbte0QVweglcJ1M%2FYbOVxkeJW68es4YHtKRtGTuWN7wLA%2FIHtYG%2FAl0vqwNus%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9042ba64cbb3b503-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1579&min_rtt=924&rtt_var=723&sent=581&recv=58&lost=0&retrans=0&sent_bytes=646726&recv_bytes=8523&delivery_rate=3534872&cwnd=302400&unsent_bytes=0&cid=b8986305623b3aab&ts=3096&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML