Report - surl.li/safau

Report Overview

Submitted URL
surl.li/safau
IP
172.67.69.76
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 19:48:44
Access
public
Website Title
Surli redirect page
Final URL
surl.li/safau
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
surl.li	unknown	unknown	2014-02-25	2024-04-18	16 kB	996 kB	172.67.69.76
web-screen.com	unknown	2022-08-29	2022-09-03	2024-03-21	873 B	400 kB	104.21.20.132
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	452 B	837 B	142.250.74.100
t2.gstatic.com	unknown	2008-02-11	2013-05-07	2024-05-08	524 B	1.1 kB	142.250.74.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed
2024-05-08	medium	surl.li	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-20
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 00:19:20 Times Seen350346 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	surl.li/sandbox%20eval%20code	128 B	2023-05-06	2024-05-19
Pretty URL surl.li/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-19 23:56:15 Times Seen21673 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	surl.li/js/app.js	191 kB	2024-01-30	2024-05-08
Pretty URL surl.li/js/app.js IP 172.67.69.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-30 09:31:09 Last Seen2024-05-08 21:48:44 Times Seen19 Hash 3b7dcb881b63a2390982ba3bb199029d 3faa66779e78dd9ccf65e3a725e17dd49e40475c cf2029cd54d2545c7d89a4f818bbf38ff19936018dfc6ad48236fa9f60dd333a Loading...

	surl.li/safau	656 B	2023-03-07	2024-05-08
Pretty URL surl.li/safau IP 172.67.69.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:17:17 Last Seen2024-05-08 21:48:44 Times Seen50 Hash df778921590215698107aace10c02c87 dc29195d36827035014f1178d13a0ca82362ab88 5fc4c8108d3bc539cae87bdc5638e21a2bdc5d3b249c4bb5919166d3fd1c9e7b Loading...

	surl.li/js/preview.js	90 kB	2024-02-02	2024-05-08
Pretty URL surl.li/js/preview.js IP 172.67.69.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-02 16:05:11 Last Seen2024-05-08 21:48:44 Times Seen24 Hash d6cc50ebd8325127ffa10f492624d26c 6ad43cb17ca53d08d360e0bcfe9e909f694f2c86 9d6dfd360ccbae2e81dc8f69b9c561e99e7034b0417b2a0bcbc85c2ff629ab6d Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-05-19
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-19 23:56:15 Times Seen21530 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	surl.li/sandbox%20eval%20code	147 B	2023-04-11	2024-05-20
Pretty URL surl.li/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-20 00:19:20 Times Seen350861 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

HTTP Transactions (18)

URL IP Response Size

surl.li/css/app.css

172.67.69.76

200 OK

167 kB

URL GET HTTP/2
surl.li/css/app.css
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
167 kB (166864 bytes)
Hash
35d7f9d315121fd599e1846b3f885fca
3bf5b710c6dd300b25ef7943490e716cae8e38a7
c20eff650c669edbdae775787c8c9fa6acf6e7f640bc3ff7fd6582c4cbf6fe75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.css HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: text/css
last-modified: Tue, 30 Apr 2024 07:35:00 GMT
etag: W/"66309f24-27979"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DP%2FIAbWCs9fi3AAUAsK98Br0oQ3x%2F7MxnakZypFGy7Iq4VoF%2FODRefsLHB6hpCD1Jnnegt%2BIuujVzDXHri5H84c9XOgG%2B9hSfhoL%2Byl3tu9wgaL7nzfdMwA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7667bb67130-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/surli-logo.svg

172.67.69.76

200 OK

133 kB

URL GET HTTP/2
surl.li/img/surli-logo.svg
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
133 kB (133364 bytes)
Hash
482601fd25a8410e0868ce1e178cbaea
79a25cfa623613a31fc7d3813cfa9a223b54b2a8
f389fb51afbd8077d4e8e260bf820115f7111c246e02cc4aab081c5317c56db6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/surli-logo.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-233d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=owjgB9bidhGtInTiDEFXSb5W%2FsMXWXvxUyEHt%2BzrS2iSNmzfo0x%2BlcJEVtyNfBQ6zoNut5%2FtVgpgHR%2BFR%2BDNpFpHydSSf8I4QgllfA9FTlqSI2kKjNcEEME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bd27130-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/fonts/rubik/Rubik-Medium.ttf

172.67.69.76

200 OK

116 kB

URL GET HTTP/2
surl.li/fonts/rubik/Rubik-Medium.ttf
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409
Size
116 kB (116056 bytes)
Hash
4dd3023b03ba2b68d4b9da9176b7285a
d734c149587c12d9083c03bc90009c84b52aec78
ce40d27c6c90b990229510c46115ec852237276e1aa09cdebffc6ae085b1d1e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/rubik/Rubik-Medium.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/octet-stream
content-length: 116056
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-1c558"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5674
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2BvOisZ1dBhOWSXr%2FHRQOzL0gKFwUrxdke3%2B3nqZ5JRiUpmTzAshOE%2Bqn1hUoBn47bjrHqipNUaJ2V49cczG5H1aqX2a1FeINNJT6nmFOMF3d4jn3EAPwj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf767ce6c7130-OSL
X-Firefox-Spdy: h2

surl.li/js/preview.js

172.67.69.76

200 OK

46 kB

URL GET HTTP/2
surl.li/js/preview.js
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65469)
Size
46 kB (45806 bytes)
Hash
d6cc50ebd8325127ffa10f492624d26c
6ad43cb17ca53d08d360e0bcfe9e909f694f2c86
9d6dfd360ccbae2e81dc8f69b9c561e99e7034b0417b2a0bcbc85c2ff629ab6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/preview.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-160f5"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2FruXyCS2cUjJsIteUBLDypN10ZrvxOPIwOKnIbEFm2jWWoOsCbd9%2FGYtidcSID7PdNfXXvSvMPkGzgTP7I9tp7ISfZFeHCtk3k4lWWGBO027XdnnOhxtbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bf47130-OSL
content-encoding: br
X-Firefox-Spdy: h2

web-screen.com/storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png

104.21.20.132

200 OK

385 kB

URL GET HTTP/3
web-screen.com/storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png
IP
104.21.20.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 800 x 800, 8-bit/color RGBA, non-interlaced
Size
385 kB (385289 bytes)
Hash
46514ea7a5f7c1560caedee2fbf173f5
a1ac2ba4f9f9dc8abe01cb129cca5d75090c37f7
6619a587a97b9854431f0000d932cdeace7a7f0b16c6cc45a448b53914d8358a

HTTP Headers

GET /storage/screenshots/2024/03/acc08714-ba87-40c1-8eab-c43f64cb6db9.png HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/png
content-length: 385289
last-modified: Thu, 28 Mar 2024 14:17:55 GMT
etag: "66057c13-5e109"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivrhmXy3nykRSEmstQrhDIwfVDQSDgzWv3ho12Yj4kUJZyE3NqT3Y5w9b3YBaykrchLcAxW1YLvmIRxkJZ70CPUWfp5wIZH4i6dAUfo2cfjN6Sb0F2m4C5SzjmxOVbQOmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf769d8e956cb-OSL
alt-svc: h3=":443"; ma=86400

www.google.com/s2/favicons?domain=https://t.me/LR_game_queen_0106

142.250.74.100

301 Moved Permanently

344 B

URL GET HTTP/2
www.google.com/s2/favicons?domain=https://t.me/LR_game_queen_0106
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
344 B (344 bytes)
Hash
f6df57d29a74f0a145c4516553d736bd
04aa51fdba878f38c8771ce969f7262edc0d61f4
3edfa2a29e0cebada2aa6bf906cb71e92dfb50f98a24df8a9780323c3db433e4

HTTP Headers

GET /s2/favicons?domain=https://t.me/LR_game_queen_0106 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 08 May 2024 19:48:17 GMT
expires: Wed, 08 May 2024 20:18:17 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16

142.250.74.100

200 OK

325 B

URL GET HTTP/3
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0
ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
325 B (325 bytes)
Hash
7d9da589fc799850f6d70bc4164098b8
503630487f4d3aef60fedd4f6fa10a6f6932701c
7dd8012f6e461c3da9ded542f7542fe98aa9e52c41b00f176d51de4cac47d140

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://t.me/LR_game_queen_0106&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://surl.li/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://telegram.org/img/website_icon.svg?4
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 325
date: Wed, 08 May 2024 19:48:17 GMT
expires: Wed, 15 May 2024 19:48:17 GMT
cache-control: public, max-age=604800
last-modified: Thu, 07 Sep 2023 19:46:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

surl.li/getMetaInfo

172.67.69.76

200 OK

568 B

URL POST HTTP/2
surl.li/getMetaInfo
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
JSON text data
Size
568 B (568 bytes)
Hash
a0c0b380c4c538bc206eac42b7d81081
2222d43b9c7c4cb7750f0cc244f1a5f84b5af901
12d94d53ce4c40bd530a1212c16d00f3c44010e47fa1966115a053d2e3513e3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /getMetaInfo HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: 481ZdYety5UiZjXI5oBDVmT5XHWGVg9SxB5mBtkF
X-Requested-With: XMLHttpRequest
Content-Length: 43
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjVhTGZraFhtNmZXTzdWN1p6em9FU3c9PSIsInZhbHVlIjoiZWVtQm1iVWpQU0JkWHc0NW1jcFlmTVg1NjJuSVNtb2lraXl4bXpWWWt1MDBjY2d6V05TbXQzSTFDd0RjNklwQ0ZtdFg0clcwV2p3aWF4WmtNTzBkZVduays1d3ZxUk9jTkxHWktzTnZ1VVhva3VqL3VTaHJaM1hpU2FDZVhmZVMiLCJtYWMiOiJjZTkwMWVjMzBmZDhjYTJiZmNlNTYwNGU1M2ZiYThmNzJlZDE2MjUyZmNjMTFmMmY5ZWM4NTQ3MDNhMWZhMDBkIiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IlFXcXphRGQvWHB1bmdaYXNqcStEM0E9PSIsInZhbHVlIjoib3dBOS9jaWs3NUU5bDlFbEpSaWYyN3BNVDZkSTBsUFI4aG1IMVR2L1lNeTNkSkM3UExYZ0MwYThyNDZSQTNoVE5rZTBSWnVmczAyaHpvTGNlOXY4dHl0S0ZLNXpaMG1uTzJRSXR6OWJMK1dlc2IrV1R6T1hxT0c4VDlqaUg3UTUiLCJtYWMiOiIxMmU5OGQ0MGIyNjE2M2M2MmNmMzVkZmIxNzc3M2QyOGUyOTg2ZTM0MTRhYzc4YjI0YzE0NzQxM2M2YmZiOGM3IiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PGAvqsleckGLuQ88WKfyNILYOSd6KV8BT4KK2H4QUIBE6A1uy6dne%2Fcl7cUN2nzZt9CCDGtw8WHsFleAHNsltq722YPjVtbdou7i27XLJ2tCI35Mp1Aj7m0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bf7683f3a7130-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/pc-rouded-icon.svg

172.67.69.76

200 OK

23 kB

URL GET HTTP/2
surl.li/img/pc-rouded-icon.svg
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
23 kB (22841 bytes)
Hash
7005e41f692583c19abac0a7fd5b7c5f
bda49cd99401420d490a32f2f547e4ddd43b7300
2f9e711abfb70ec1515ded7f4c18c9208b1325f53b551698b90fa4664542ceed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pc-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-4f3e"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TtwSrdjwjo6Vkv9txv2x9uoignaNUMt2Ww3lIIEOfxCAajSne%2Bub%2BxrNCNVgmbPUH22Y8pQznzuTVylMeaDwUOzuopa3Upnco5hR4PPC5AguovbgtznoS%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668be87130-OSL
content-encoding: br
X-Firefox-Spdy: h2

web-screen.com/img/plug.jpg

104.21.20.132

200 OK

14 kB

URL GET HTTP/2
web-screen.com/img/plug.jpg
IP
104.21.20.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerCloudflare, Inc.
Subjectweb-screen.com
FingerprintA2:90:6A:2E:A9:56:79:71:CC:53:5D:F0:D7:0A:ED:BB:54:19:F9:A9
ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 1280 x 720, 8-bit/color RGB, non-interlaced
Size
14 kB (13510 bytes)
Hash
6448aca5739995f3b9c1b3c5e50ce7a0
f50fa07327f55f864a42698fd8fa86270f35da9b
856f999ea580bfa2f03ce5872b848246a66492f17675693e2f429938250d231a

HTTP Headers

GET /img/plug.jpg HTTP/1.1
Host: web-screen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/jpeg
content-length: 13510
last-modified: Mon, 29 Aug 2022 13:27:44 GMT
etag: "630cbed0-34c6"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=798o%2Br9JkSdukQSiubyVAZlr%2BGGmCt%2Fe6F1et6Y9jHXoZCPsMZrpuV%2FnDRAj9XIzX1zFbhBePcvg%2Fkz1H3Hi9rszzDauwntfRcpxVEt2chvgt2iS9eXkvbthm2B8Qe2F3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7685f09b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

surl.li/fonts/roboto/Roboto-Regular.ttf

172.67.69.76

200 OK

130 kB

URL GET HTTP/2
surl.li/fonts/roboto/Roboto-Regular.ttf
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularhtt
Size
130 kB (129584 bytes)
Hash
afe8eacfc0903cc0612dc696881f0480
ba879317acdc045b8fa78cb8f948650627d0477c
7277cfb805def6410f317129b8e1f78bdd47d1a4e24c233077d06e88a36e57ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/roboto/Roboto-Regular.ttf HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/octet-stream
content-length: 129584
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-1fa30"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5674
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s99OCYFNcl0L5S6fNCwe9WtBniFYfWMvOfNWz8SwSPoJ77nk16YqjmiTnAWiILvgJjq4m9J1tHXNt0TLx5n8NEG456LcayzNa3cDSPgqMHiipzGo0LcMaFU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7673cfe7130-OSL
X-Firefox-Spdy: h2

surl.li/img/planet-rouded-icon.svg

172.67.69.76

200 OK

5.5 kB

URL GET HTTP/2
surl.li/img/planet-rouded-icon.svg
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
5.5 kB (5492 bytes)
Hash
cf00d275a5654cc07016460a38be539b
cd9c598412e8458b0a281d8990934c8c6cc1e7f2
020cb7186e35ea89767786c09150f598251b2215a0308dbf6469e30d2ecca2bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/planet-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-1574"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKS7eFgdiheogFB7bXaHGgeooPcKyc7Gs5B0OvbURTX%2BrCYS82Q7ju9DhxnKf3lziaGRLK2QZ2041AqGcsh53V9rk8cTOTsRV1eteiDoTLLqo9EZgWL6QK0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bf17130-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/getPreview

172.67.69.76

200 OK

100 B

URL POST HTTP/2
surl.li/getPreview
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
100 B (100 bytes)
Hash
3995eab67fa199fcd8a28d87e87f3f3e
32766e8fbc44ac8e255c3ffe800134ef1b618cde
73f1e648661c36325fe14af68b7eb209c30942fd92544dfab3b6a0b65ab25bba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /getPreview HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: 481ZdYety5UiZjXI5oBDVmT5XHWGVg9SxB5mBtkF
X-Requested-With: XMLHttpRequest
Content-Length: 43
Origin: https://surl.li
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/json
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IndSZUliRkxMSFhWK1NTVlBIVjZVS2c9PSIsInZhbHVlIjoiak43NkJ0RmFSRitWZE44elBMYkpxVVJQdjNpck9oTFgwRGJlL1BkNFN5N3BBR3pkeDF5MURuMTJrMmJWWnpVN3A4aFhrYmlHYUV2cVFUVVNyUFZYMkp5bVhnSFR1L3haNFRHeXBwVUExTTlGMjJDQnk0WFpxS2UzalNJbGl6VUsiLCJtYWMiOiJlYmViYzllYTdmMzU4MzkxNGY4NGEwZjI1Njc2MjI5MjZmNzAyZTdhZTcxN2JlN2YwNDU4NWE5MWIwZmM2NTM3IiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IlpvSE5HemlTTkpyQkRLM3hSY2Y5UlE9PSIsInZhbHVlIjoiS0RBandWQmo5bWE2OG1yT0MvUkdBMmF0VVNPb1dMdFIzR3JiUXU5MXRtSzBLdFN5QVdEUkRXV1VJL1RsR2ZJUXVRdWErYlFtVG5FU2NHbDEwcTcvaWZwYnpxTGl6SGMyVFp0eThVc3lKZGpzQXY4MTErSFNiaUxOVTVVNzZ6b1AiLCJtYWMiOiJiMTFjYmM3YmQ1YmY3NTI2M2Y1YzM2NGE2Nzk4MzViNTc5ZWFlZGVkMDFhNjhhODU4ODYzM2FlZjgyZDZkNWJiIiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sA1VFsNfwHcs8TH1ThyvMbdUjPHWYhk2AN8LxBOxXJ%2Bs8FQnpX%2B7RT356w8AhQkrGMFfDR7omSbXLXAfBweLq7%2FGIbaE5rH4jOkiKd1ubpKgssvvK8IL0Ww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bf7683f2d7130-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/favicon.ico

172.67.69.76

200 OK

15 kB

URL GET HTTP/2
surl.li/img/favicon.ico
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
ec9741289f19f212fd2ffb2dda1df05c
9b97a75a795b848f086f75db50903dd15954a573
13c9447a56e92641eff376880ff848e6e8e25719f721421f9b276a9b152753d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6IndSZUliRkxMSFhWK1NTVlBIVjZVS2c9PSIsInZhbHVlIjoiak43NkJ0RmFSRitWZE44elBMYkpxVVJQdjNpck9oTFgwRGJlL1BkNFN5N3BBR3pkeDF5MURuMTJrMmJWWnpVN3A4aFhrYmlHYUV2cVFUVVNyUFZYMkp5bVhnSFR1L3haNFRHeXBwVUExTTlGMjJDQnk0WFpxS2UzalNJbGl6VUsiLCJtYWMiOiJlYmViYzllYTdmMzU4MzkxNGY4NGEwZjI1Njc2MjI5MjZmNzAyZTdhZTcxN2JlN2YwNDU4NWE5MWIwZmM2NTM3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpvSE5HemlTTkpyQkRLM3hSY2Y5UlE9PSIsInZhbHVlIjoiS0RBandWQmo5bWE2OG1yT0MvUkdBMmF0VVNPb1dMdFIzR3JiUXU5MXRtSzBLdFN5QVdEUkRXV1VJL1RsR2ZJUXVRdWErYlFtVG5FU2NHbDEwcTcvaWZwYnpxTGl6SGMyVFp0eThVc3lKZGpzQXY4MTErSFNiaUxOVTVVNzZ6b1AiLCJtYWMiOiJiMTFjYmM3YmQ1YmY3NTI2M2Y1YzM2NGE2Nzk4MzViNTc5ZWFlZGVkMDFhNjhhODU4ODYzM2FlZjgyZDZkNWJiIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/x-icon
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-3aee"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1842
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2B8E0slOT7yEjPoSn7H1S8NQZjsrDcfk3dXbY6BqSC56zYorjfaot%2BrPFaf2MxPZ5nhV%2BqaYlRaXQ%2BvQ7CyEvas4u6ts7PLRZDcJfOuWw927QWjkXsKGj9s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf76b1c5b7130-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/img/gears-rouded-icon.svg

172.67.69.76

200 OK

3.6 kB

URL GET HTTP/2
surl.li/img/gears-rouded-icon.svg
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
SVG Scalable Vector Graphics image
Size
3.6 kB (3615 bytes)
Hash
885433deecd92aadc9f592c46910e45e
99d2add61faead1d839e483908ffef51ad3841b6
310d329ed1bf4b78504ec8186a7dd107440303f4abee0335c729ebc7d77a2649

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gears-rouded-icon.svg HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: W/"6634dc3d-e1f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4zbimmqNkZamHu721Kz1aPr4ADYF4DwoLYfpF2YY1CX31XqvU%2Bm4PUOoFcrjfgil4%2B%2FLZNhyGvueq55KtMpB%2BnPCuOn7Wuy1xolMCdp6%2FfEwFndg118tnNE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bec7130-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/js/app.js

172.67.69.76

200 OK

191 kB

URL GET HTTP/2
surl.li/js/app.js
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type

Size
191 kB (190893 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.js HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/safau
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 17 Jan 2024 14:23:01 GMT
etag: W/"65a7e2c5-2e9ad"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6830
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7PHJqmr9vD02BNHJPrcG%2Bt8t3PffNCjk1JdsH83%2Fks2kokDNdzwfTtGlIPKTIuQEYHt23I8dSLP6FoD9LGHP2Sfe5sMXMhuYR7p0ddedxUq3qh4JU1vBoTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7668bf27130-OSL
content-encoding: br
X-Firefox-Spdy: h2

surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea

172.67.69.76

200 OK

139 kB

URL GET HTTP/2
surl.li/fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://surl.li/safau
Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2016 The Nunito Sans Project Authors (https://github.com/Fonthausen/NunitoSans)Nunito
Size
139 kB (139168 bytes)
Hash
4dac705158fb1ca226d583b3829f82a0
771b9299e1d5d4239c032c7d4243a6f9343f89c4
7acb3e456d98d55be401bb07a32c9cb04e074de37bd58932b11bcf0fe9f59ab0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/NunitoSans-Regular.ttf?a427ddbe4dc20889d6e0ac752dce4bea HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://surl.li/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:17 GMT
content-type: application/octet-stream
content-length: 139168
last-modified: Fri, 03 May 2024 12:44:45 GMT
etag: "6634dc3d-21fa0"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5673
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kbEHB5Y8JxLlCGa1spHJYf5vx8luVk9q%2F4cjdXtIFjnqf%2FzZI5A9eBL7EHTgidgp8ab7URDmOEdFvURDQ0iRZGyUeEw3WfhGqP7oG5xNCFXggzanHd0Odhk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880bf7672cef7130-OSL
X-Firefox-Spdy: h2

surl.li/safau

172.67.69.76

200 OK

13 kB

URL User Request GET HTTP/2
surl.li/safau
IP
172.67.69.76:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsurl.li
Fingerprint4A:8A:47:88:45:49:9E:79:20:E2:25:13:21:0D:14:FD:40:9F:73:38
ValiditySat, 30 Mar 2024 17:55:26 GMT - Fri, 28 Jun 2024 17:55:25 GMT

File type

Size
13 kB (13096 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /safau HTTP/1.1
Host: surl.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 19:48:16 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.15
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6ImpiWWNlbDZudjhacDRKRnVWOXEvalE9PSIsInZhbHVlIjoiakRuQWU0M1pmSE9wcUEwNDZtTzVTVEN6U2VLUExPRVF0WWdXY21sWnZOQ0dwSDA1RXNJZjFlanRmcVRWcVV0Y2ZpZTJSdFp5ZGVVWUpXYWVvMFF6QUV1TXprWm9hQXBZSy9lWUhsY0Y4K0FiUCtScmp2b0NUVHEwLzRUK1MxenQiLCJtYWMiOiIyNzBmNjIyNWI1MjY0YTYzMDZiNWE1ZGE1ZDkzMDZkNzU3OWNlYWZiZmQxMWI1NWVkYTI1NzcxNGI3YjVlNmI3IiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:16 GMT; Max-Age=7200; path=/; secure; samesite=lax
surli_application_session=eyJpdiI6IlpxNnk0a0o1OGs1VFpVQkorK2pMYlE9PSIsInZhbHVlIjoiNHhRNndkb29USFVuenVOdGZZM3FJSFJlYWN0T0pMTnBrM1RhZEdTRllVaURJQVlPMXZDN1ZXVDdqblhnT25SRkl0QUFBVHZXeklSaUYyVGVFZW5teGdpeWRwZzBlNXNIOXorV3phTnFweUNWd0xTR2tJYWpyQnVCNFlWWThpM1ciLCJtYWMiOiJlZTQ2YzQxOTJlYTQ3NmRiZjE1ZDg2NzY3ZTZlYWQzOTVhZTllMTQ2N2ZhNWQyZWM5ZDc1OGQ3OGRlNGI1Y2FmIiwidGFnIjoiIn0%3D; expires=Wed, 08 May 2024 21:48:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZIcltf5a4E02ifCaPDePm1VNCD%2BDxgc7uegQ%2BsyrckXp1aXqR%2FIQwQQ7aXFvN%2BFvj23TUf2718QcpW0LBfsnfgIaIqbcOme7nWCKnUsHPm7ZPGJpwM2aX0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880bf7632d577130-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL GET HTTP/2

IP

ASN

Requested by