Report - vekr7xaf.cc/invite/i=14580/

Report Overview

Visited public
2024-06-08 04:53:36
Tags
URL
vekr7xaf.cc/invite/i=14580/
Finishing URL
vekr7xaf.cc/enter/register
IP / ASN
172.67.162.89
#13335 CLOUDFLARENET
Title
t33n leak 5-17 age

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vekr7xaf.cc	unknown	unknown	No data	No data	7.4 kB	489 kB	104.21.15.111
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2024-06-07 10:07:16	2.7 kB	125 kB	104.17.2.184
cdn.discordapp.com	2474	2015-02-26	2015-08-24 15:06:21	2024-06-06 18:12:09	624 B	2.2 MB	162.159.133.233
verm63xap.cc	unknown	unknown	No data	No data	568 B	597 B	104.21.47.60
ocsp.sectigochina.com	unknown	2019-10-20	2022-02-25 07:42:56	2024-06-06 11:37:02	333 B	964 B	172.64.149.190
b.yzcdn.cn	425969	2014-12-08	2015-07-08 11:30:49	2023-10-23 14:59:32	424 B	9.8 kB	154.85.69.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed
2024-06-08	medium	vekr7xaf.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (33)

	URL	From	Size	First Seen	Last Seen
	vekr7xaf.cc/js/chunk-vendors.ea790e22.js	ScriptElement	949 kB	2023-03-07	2024-08-21
Pretty URL vekr7xaf.cc/js/chunk-vendors.ea790e22.js IP 104.21.15.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2024-08-21 09:33 Times Seen1004 Hash 4fee178f809d1b2a829099a8bb91c56c 178b6322fdc40c08fcbda0c096c668855ad49b51 c3580c9951b9554639c1404a246b3f27f818a99240c728f04cb964cd9e50b73d Loading...

	vekr7xaf.cc/js/app.2d66daba.js	ScriptElement	171 kB	2024-08-19	2024-08-19
Pretty URL vekr7xaf.cc/js/app.2d66daba.js IP 104.21.15.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash e9bf819e32d3ce790bbfd953a7e68049 f20d1bc5749a622e383ee5880d07c2bccd4006e1 b561d22b5d2978e8498dccaea0b6441f2fc4c9ef97e9b4c1f56d8247f2cae368 Loading...

		Size	First Seen	Last Seen
	#1 Eval - aebb752ea6461d3cf02e9647c73457d5	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash aebb752ea6461d3cf02e9647c73457d5 fc150198d403afe644ac018d13473bd18851186a 730ee376b2334fa5f7842c84e935327500daef9bc32ecfd5070932ad8554430a Loading...

	#2 Eval - e7141b16fb53cc231a8c9b1b4169de69	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash e7141b16fb53cc231a8c9b1b4169de69 08067b697ba6a8e825ad6f4eda781523deae4cfa 07b9e402ba776a0ff66f6cc24c98f98f474cb8323ffff1ecc615518b543925b2 Loading...

	#3 Eval - 4420ba4becefd973ae4bb4e26e1eab84	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 4420ba4becefd973ae4bb4e26e1eab84 d63c48406334f23e9c94763a31e63a8ee3c5c6e3 2e070525fc270da7426791b9e2a0fb065b95b091a972562ba20b701db448b78e Loading...

	#4 Eval - 87a8fb37859533283dcfc55a725ef903	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 87a8fb37859533283dcfc55a725ef903 25f4bf8857614e55927ba2847989641bc13a3497 bc0c5832147801510d38dc095a88d74c3c9d2ff7372fb26951b6d8715811285a Loading...

	#5 Eval - a13d208a868f08fca6d14ced46d53439	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash a13d208a868f08fca6d14ced46d53439 90fa3d11fe33c46ffdb45d011e246d776d3bd224 65a0c50fa97a15a3b8f58bf90787b0e3cd78e84dcb8888fef3d341ac7f8cebd8 Loading...

	#6 Eval - 2ccbd9941465079351e3337323fd7950	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 2ccbd9941465079351e3337323fd7950 47ca23e2b992cbc3c12b9252fa0bc356490ba44e f45bc0011c8cf57402181dfaca84a316e8c0b4c95aad54578a4b792d98498348 Loading...

	#7 Eval - f4af8ca10e57c704a70fe69cb7e7ed51	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash f4af8ca10e57c704a70fe69cb7e7ed51 f044bcd4f14c07f5288abd6d08d273efb72988b9 02d0515a1322304d3b812bee2595bfa9239acc51d6351712783b2791fce6b213 Loading...

	#8 Eval - cfc5cec21b1290592a96284b3926cf27	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash cfc5cec21b1290592a96284b3926cf27 4a4dcb020de70d769e4cb6585d5949c5e8c42255 507b2983cccab412707973e057eb8f4bc885791242b71d049d6bfd8444a113d6 Loading...

	#9 Eval - 6faba6d4efc2628a91ff41323ad7b5fd	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 6faba6d4efc2628a91ff41323ad7b5fd 06c0958b4c6928318851f1a46d4484213fa2abea 57795e0f97538063f059fcfd1817e0113d0000557ec9d1b8343b4ebef9a6dd16 Loading...

	#10 Eval - c6bfda7f7ca39448cb4b145e607634f1	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash c6bfda7f7ca39448cb4b145e607634f1 ff896fc22b2c6193a51713671891e3fa370f9ada dd9ae148129eb1a2f822dccfd0d39603a29da02662b03b94cadf691570f98da4 Loading...

	#11 Eval - 55ca8c45b8a67b48ad7f8fee8a9d2707	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 55ca8c45b8a67b48ad7f8fee8a9d2707 4264731befbe0a9a9c3ac6b11927e1a389793874 245625f7fdbabef236b952ecc30f0ccb4930e204153c3860f0f0b1861fae8bd1 Loading...

	#12 Eval - 6380e41a826efa92cfc9f02a7c496bd5	2.8 kB	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 6380e41a826efa92cfc9f02a7c496bd5 fb5b04fab1310d8694f3ed0a06c89a4e86ec731e 75d0abb0a557dff092b051556338764db20ba351eef96b5ac424120f156165d8 Loading...

	#13 Eval - 7ed2e71308b1f7b8b20e17d166682b4d	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 7ed2e71308b1f7b8b20e17d166682b4d 07542db5ce6fcdce332b5c2d7b8dad9230f2b1cd 3707854050ce365b90ea3bf446bbd6a1201c4d60d617fca4cff4816f0e5de00c Loading...

	#14 Eval - 379c6fa681d42a5797f37e971446d0d2	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 379c6fa681d42a5797f37e971446d0d2 d5b78b58fb4bc694eee94641e7e047ae69f130b0 0b6bf299e719da717d54690c9c06e68c3e22842787d5a270c555001c0bf2b83b Loading...

	#15 Eval - 1fc76a44264c34565ef80d5d70c4a4fd	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 1fc76a44264c34565ef80d5d70c4a4fd b1e16861e65ea9b4bff2576bccb73b6435cc7428 46f7b70c9a6d550046b89e9c3c5aa62c4cedc6a62b457afc6f8c3dc0f559e6ce Loading...

	#16 Eval - 7250974e2e7f41c406d4c9bfa03bce49	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 7250974e2e7f41c406d4c9bfa03bce49 7e0cff2a911902288c5a346724f9d0061b690041 f2c926e703e17c19dde0f340e38bc9ee9ce80230038e9a14f17b70fbbd4c3ec4 Loading...

	#17 Eval - 2a5a6d8cb7e1fd3e0a253cd1b7de61a8	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 2a5a6d8cb7e1fd3e0a253cd1b7de61a8 1557f75268a0b38191e8b5c1b21af3a576d00aa7 7a0593f417ae7c992818949c6d65c01d9473fb6718ef59348f9ed0884a1cf4c7 Loading...

	#18 Eval - df9c43c77d51855acfaada61e489a384	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash df9c43c77d51855acfaada61e489a384 cf61147f4ae1663791f6fec43398000f567d595a c52bdfc1d2925c31e8a601c1dc196afda1a1c04806dbc0cf688ea47c2963b00f Loading...

	#19 Eval - 773290e335c5c28de210c3ed63cb137a	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 773290e335c5c28de210c3ed63cb137a 644df60ff96b783ed91cdadf0cdf79c5f75bafa9 0a60109e24e34aab6557bc45329d2682c4ba80b6b096ae18d2e2d95a9ab73616 Loading...

	#20 Eval - 80f7b99634408596fb0613fc4abd8dc9	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 80f7b99634408596fb0613fc4abd8dc9 4c6743155e5172c1adc61449888d1a86769a1180 7ba70feb921fae9a274e0be7bfdcf0e748121ec02c553d241f0f1069732ed407 Loading...

	#21 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-05-03 03:00
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-03 03:00 Times Seen367812 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#22 Eval - f90994555eed1db7be6acb6e80f6b63a	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash f90994555eed1db7be6acb6e80f6b63a c131e9fe81a33822331425f707d7a702e0f4da7e 93d321f36b547d6dc0bd34245f864457f3b4ed6f868e252e1d38929eb32d40b6 Loading...

	#23 Eval - 24659620ed1b9f5ea0d459a7a8f7fa1c	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 24659620ed1b9f5ea0d459a7a8f7fa1c 90b3568441508bf6485c99d5f691905c204f5ef1 7141f525bae4c11cd8f328f3eaa1eb0ed8e02e7eb00f0c67db81b5f0b5da45ea Loading...

	#24 Eval - 85be93f613ffc9ee87d9d786e54b8128	61 B	2024-06-07 12:20	2024-08-19 20:33
Pretty Observations First Seen2024-06-07 12:20 Last Seen2024-08-19 20:33 Times Seen1611 Hash 85be93f613ffc9ee87d9d786e54b8128 6a0fbcba18552dffd2f9d3858943c57a57b5e979 3bf44c20ef7ef0046995c5a49e8f11f4be9ea7c5cc52ca291e59c706b0643923 Loading...

	#25 Eval - 4832020f7890bd712bab651bd1097b85	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 4832020f7890bd712bab651bd1097b85 4a34fa4f69ea61b5c8ab52ef395c9f61a1b59b6c 57cb170d737a63099905939b2705df640d006bba05e9b10c0191bcd94c5f1419 Loading...

	#26 Eval - 3e18216b17322a56e3f075a978d4c000	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 3e18216b17322a56e3f075a978d4c000 d408f154ab382a5656246ad848055109e30fd1b6 032e699e98dac8d728e3a6126c58c974117e471b5eebcd7019954906609d6234 Loading...

	#27 Eval - 4ccb3a20141cf98423510769d55ee59f	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 4ccb3a20141cf98423510769d55ee59f 1bd9277e0a0b35a204de47c0fee080cc8f384caa 5e4ed7fa890947debd755c20aa70f11f954ba08a6aa1c8d6b1988d23b88e43da Loading...

	#28 Eval - 44ba402c71cf5171acb514d66b088aaf	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 44ba402c71cf5171acb514d66b088aaf 01f874d26fecb108e0300b25afd65bd8f5b683c0 8bcb83a5918a07726895c8d190c7ce5a627deca0426d880c794c609417fb995b Loading...

	#29 Eval - 8193696cd7f5cdf784f6760e4c568ba1	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 8193696cd7f5cdf784f6760e4c568ba1 f1624a6dead01050eb1465264cdc4818112f76f0 634fddac98e402de94cd5bac03c668de6aba7a11ff14ce4f0e0f66bda66be6e4 Loading...

	#30 Eval - b4fdb9088cf18823cc1bbbed818a7d51	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash b4fdb9088cf18823cc1bbbed818a7d51 c847b39cc18b3ee446d812faaec405ac74801756 c758fed3a482b3478623b30eb417ae5479dcac82054893d181828b03d8ebfdf8 Loading...

	#31 Eval - 1294273c1c90ff5ad1b01c2579a07498	28 B	2024-08-19 20:31	2024-08-19 20:31
Pretty Observations First Seen2024-08-19 20:31 Last Seen2024-08-19 20:31 Times Seen1 Hash 1294273c1c90ff5ad1b01c2579a07498 81b92169766d20e88b1328daf0334f0534ee3a6c 294247fa33135d568867215fee522283e5e058341b2f65d335aab75e134fe5cf Loading...

HTTP Transactions (22)

URL IP Response Size

vekr7xaf.cc/invite/i=14580/

104.21.15.111

5.8 kB

URL
vekr7xaf.cc/invite/i=14580/
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (14208), with no line terminators
Size
5.8 kB (5817 bytes)
Hash
e9aeb3320b9781908901f86d42b36010
6f1532c3ba3d0899cc0904a865ec95bae54ca334
33e47eb1382ab56bb1ce5045f0bcbcbbb9b65724a96645363100be8957ec6356

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /invite/i=14580/ HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 08 Jun 2024 04:53:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 7qfOCJVfCnDwkefDWJ5Zd41Cdos449ORuqBmeM+Up1ho4bjR0vmJBY5G80e4dJVXo9vnjdWkFD+CShVuFWvBohdB8bhZPG/lcBCIw//tukI=$/5tVpK2A0zeYvMGKY5KfGg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMAqV6XA7qmCMJcJOd6FNX0GlqD8rNE8oK5yKFwJeV4dgsLWt5ZrbRT%2B5fDPO9a0u%2B%2Fc28KzzVDQAAKAWheo%2FtANVmhoABg%2BJfk8Yco0BdUyo4qSudr0bKd6q8RmbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 890646d65b2f9307-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=890646d65b2f9307

104.21.15.111

105 kB

URL
vekr7xaf.cc/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=890646d65b2f9307
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
105 kB (105412 bytes)
Hash
692dcb7b9176a814aede88cba8ce7703
f03238a1133395638e2be3488e072ae7566c868d
adfabacb5cbbe550f6c57fc6e0872a6edb0ac2082f4b1e12e0293dc4b21df35f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=890646d65b2f9307 HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vekr7xaf.cc/invite/i=14580/?__cf_chl_rt_tk=Y32LLiBN85yY8hb.4qp_X9g0uyG_TU780TjvWRnJzWE-1717822390-0.0.1.1-2302
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:11 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nq8ONEiNhXBXqTfCK0FckEm04QfJfZBW1zSF0MJaWpyWtXEiJrKk8X1k2%2Bgk1HTAp7P8jIdtuJEm5UWqybyPygasAY1PxLBTqalp0Ix99X%2F5ntHID0fq%2BLdEJXSzKA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 890646d86953abc2-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/favicon.ico

104.21.15.111

990 B

URL
vekr7xaf.cc/favicon.ico
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (2705), with no line terminators
Size
990 B (990 bytes)
Hash
2b8191e9c3bed0ce1616600b23b32b37
3f1b551c78950add8b47d14a6a6bfc950dc80ea4
5f75c95b3547fbcfda158cdc0b43865692652c8deedce312bec25763a8fdc801

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vekr7xaf.cc/invite/i=14580/?__cf_chl_rt_tk=Y32LLiBN85yY8hb.4qp_X9g0uyG_TU780TjvWRnJzWE-1717822390-0.0.1.1-2302
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3982
Last-Modified: Sat, 08 Jun 2024 03:46:49 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1eLun7MgZMKMxe7wdBowkTtItvUM4z4iWjeybZsKs0uuGiOO6FWS6Ct0s1iufU8AQ8iObSePtvNgV%2FI%2FmT%2FOpCz3tIbfHJDKsE99z6YiEcAjBqdle6kh%2FhzH7gprdA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 890646d909f7abc2-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/favicon.ico

104.21.15.111

990 B

URL
vekr7xaf.cc/favicon.ico
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (2705), with no line terminators
Size
990 B (990 bytes)
Hash
2b8191e9c3bed0ce1616600b23b32b37
3f1b551c78950add8b47d14a6a6bfc950dc80ea4
5f75c95b3547fbcfda158cdc0b43865692652c8deedce312bec25763a8fdc801

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vekr7xaf.cc/invite/i=14580/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3982
Last-Modified: Sat, 08 Jun 2024 03:46:49 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B8269fTjRMcwwSE%2B%2Fsjb4QRCloYyXLN8FwCRsR8CbwtgFSxX3G4ZEWVSvfJEMyRZQCl3P0%2Fhq9TeDwGXjR9HerbV7ukwuMdMSCAAjVCoI35ppZqwXUYyyaJG2LwWow%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 890646d99a58abc2-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/cdn-cgi/challenge-platform/h/g/flow/ov1/859402996:1717819761:81GfMUtyLdYvYShbdQFkVcOcxkGK3QNyiGDA24cQCd8/890646d65b2f9307/96851d863dbc3ee

104.21.15.111

12 kB

URL
vekr7xaf.cc/cdn-cgi/challenge-platform/h/g/flow/ov1/859402996:1717819761:81GfMUtyLdYvYShbdQFkVcOcxkGK3QNyiGDA24cQCd8/890646d65b2f9307/96851d863dbc3ee
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (16512), with no line terminators
Size
12 kB (12460 bytes)
Hash
5f137a0a9bfc6272f6fab6a4e70b4bfe
22dcf89342a2772ab52b50e144326733d910b338
e149e6f2da34a14c9db5e883244c339d813510dec07e48dccf8aa179463dfc20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/859402996:1717819761:81GfMUtyLdYvYShbdQFkVcOcxkGK3QNyiGDA24cQCd8/890646d65b2f9307/96851d863dbc3ee HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vekr7xaf.cc/invite/i=14580/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 96851d863dbc3ee
Content-Length: 1639
Origin: http://vekr7xaf.cc
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:11 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: YLysf5bGsaQdRbTLVRoEMW5A4YNZ9aX3nb+kU4ill08xTAFeYhS8tQYzg6NlYhd3$v9AIsLFQqEP/xhmw9+EkMw==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LAz5lQbNEm0KU5nd6CRU6KKkdy7ovt5MrfAmZTSTMZdPE7N%2Bo%2Fd0m75gSjE%2BaxvfD1oJdhlljPj09euoCqgyCdECiBoXTMTkx8MhocavtunkdQV76wdfo9lIpsueNg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 890646da5adfabc2-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/turnstile/v0/g/6aac8896f227/api.js?onload=OZxW4&render=explicit

104.17.2.184

14 kB

URL
challenges.cloudflare.com/turnstile/v0/g/6aac8896f227/api.js?onload=OZxW4&render=explicit
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42645)
Size
14 kB (14420 bytes)
Hash
0462e24566754058d5a2517254459c3f
2212aeb2c867d59e5f15984a51448aa1c05052cb
22401f58443400f39ce653a1736059092e1e5f85ffbbbaeda4b11c16b5bade6e

HTTP Headers

GET /turnstile/v0/g/6aac8896f227/api.js?onload=OZxW4&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://vekr7xaf.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Jun 2024 04:53:11 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 06 Jun 2024 21:04:54 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 890646daad6292a6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1328322786:1717819842:bSpB87cWXegjbeHerxbJioR3LtnjcZ8yB3z0qcAVPm8/890646dba8129981/defba8c198a3dae

104.17.2.184

91 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1328322786:1717819842:bSpB87cWXegjbeHerxbJioR3LtnjcZ8yB3z0qcAVPm8/890646dba8129981/defba8c198a3dae
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
91 kB (91087 bytes)
Hash
24249090b4ac62cf86067e216576b31f
aa8e175951609ac219bc2ea00c672615fc0c62c5
950f3185b902ac1840f50f3701d4f094c0c8809144f2988ecf7598fe43606228

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1328322786:1717819842:bSpB87cWXegjbeHerxbJioR3LtnjcZ8yB3z0qcAVPm8/890646dba8129981/defba8c198a3dae HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/dlpq1/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: defba8c198a3dae
Content-Length: 3338
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Jun 2024 04:53:12 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: K6YAPrLOGH6lWu6VHwV157b/cDOWxNf10D8eQBfQgGk5TFuscYSqSDg4D3GE/68SReZaCUOGtzJRcRi2PWLJZTdUahxRewANN4yPCrXy42Aldv3YkLLVws1mK5CGGQ2HXU656cNMeRpUN6DFmVd/KkTLzi0A5RoH1kA+Cw2xZoatJvLO0Qx0VEBtovitewXZxg8YMd8rmTh/pcXzVud2tcuAR+9A/RgFM1lapnW4dyZZHBV23Mau03KId0h/AHD0XBci85Qav7X6tMwn2h/l5SkKVCkytVAB2u+GBf6M0XtaAme5Qj7jSW77HMz6+gnfSp9OrwmyQ4pYEwf0o/czVDUxlPcA3VbGSI7Gul+xG2wK6Z4O3SwAagdXWsCuLtUqbheFfGANhOk1qrh5xIyz8SRc3ENfSSnAOWQ/sGEQlGUCx2pnM/YWhNHq6vh4TDg+$CU7WXMZQ1UbY4fTBz5yPUw==
server: cloudflare
cf-ray: 890646df2a4a9981-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/890646dba8129981/1717822392192/73gDnHVmJIg9unF

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/890646dba8129981/1717822392192/73gDnHVmJIg9unF
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 51 x 82, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
c09c96d4d16a1b12c30372b42c631b08
5f3708e1c84db62847f30665148273556fcc1a9c
2619af1441aa9b737211ea20cf085357f092cd2134049c9e70c3282d5eea11ea

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/890646dba8129981/1717822392192/73gDnHVmJIg9unF HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/dlpq1/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Jun 2024 04:53:12 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 890646e25c7c9981-CPH
alt-svc: h3=":443"; ma=86400

vekr7xaf.cc/cdn-cgi/challenge-platform/h/g/flow/ov1/859402996:1717819761:81GfMUtyLdYvYShbdQFkVcOcxkGK3QNyiGDA24cQCd8/890646d65b2f9307/96851d863dbc3ee

104.21.15.111

3.3 kB

URL
vekr7xaf.cc/cdn-cgi/challenge-platform/h/g/flow/ov1/859402996:1717819761:81GfMUtyLdYvYShbdQFkVcOcxkGK3QNyiGDA24cQCd8/890646d65b2f9307/96851d863dbc3ee
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4304), with no line terminators
Size
3.3 kB (3310 bytes)
Hash
3f5ad8d9b74b19faa9c333592dbea132
80b3cfb9021a95309d1404681a849ba215e9eeee
dc81d7797c8f89fe93c3c695929d2836a7dc848a809457c5a7663d0af8b3ce72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/859402996:1717819761:81GfMUtyLdYvYShbdQFkVcOcxkGK3QNyiGDA24cQCd8/890646d65b2f9307/96851d863dbc3ee HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://vekr7xaf.cc/invite/i=14580/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 96851d863dbc3ee
Content-Length: 3074
Origin: http://vekr7xaf.cc
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: sK+cfVKDSWhoF9L1QZH6I/+CsA7/30/kzYqbH+6WZ9LXRdGcWLzbdUway2LG2Cjyf0VYrwBhTpK74L+pGskGcA==$h5j6sFXTcr+0gNAA9lB6aQ==
cf-chl-out-s: XlhStO9QeZttXaMoXCIqgAHOQixlgnNi8OkfNMEoF2A2rcCoTj2r6F5C5E3qbKj2x813tHlkJWPMQ++3oGhlDPUs5/MeU598frjmsPpDntfxLE4bLmOoLoCiDi84WTanDeXTHByKKdRreprl6R8Q5zck4KjfWshajtliL6CfxD/fDqiNvcfCZ5icr5M6fCVv3dJw5RSNc6SxKUJDlFle2uF0X5ndO3ISa0faLTeaZ9C6/fYI/2JRqe283DXCdFZlVJQbsHfGxM8prHcsn6ZM6tfWzUCwk/QyIQs6Kle/XqD7WzpK4ctZCwpfhuIKXWWGmoeSjvj9aRrjMT9776JSpIymy41+ukD+JtEXDfAoVOt6HLTOmGFG6xG+KaV86kcie25iJUGsaSESh6t/FGt98coleZAphTICbIg2wIrmuecfREdN/HAGHQG0onE3ylm9rQTXL0eAoIMqhNOh8+c3CA==$wpIgLISVRQQ+Z9CxezWUfA==
set-cookie: cf_chl_rc_m=;Expires=Fri, 07 Jun 2024 04:53:20 GMT;SameSite=Strict
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pK1pok5c88SP62U1S5P8fIffoJHEONz0rVZNWHv99Ppsz2%2B5Dsv3Pb5YbXzoyvwdtagvFvMtmjf1d6lPRD4P7cQETnHQemoRN%2B1zOXZXJFkJxU%2F0P01YBLNIJuygrg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89064711b932abc2-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1328322786:1717819842:bSpB87cWXegjbeHerxbJioR3LtnjcZ8yB3z0qcAVPm8/890646dba8129981/defba8c198a3dae

104.17.2.184

18 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1328322786:1717819842:bSpB87cWXegjbeHerxbJioR3LtnjcZ8yB3z0qcAVPm8/890646dba8129981/defba8c198a3dae
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (22188), with no line terminators
Size
18 kB (17737 bytes)
Hash
8dda0fcb159cca89f93af7df4d151b30
c526ee5711607abf0bad74378520566d57cadabd
89f5545f9790a35bf8a0cd2f3571c656f3ffefe10f13dd4e0b4f7565d3870d0b

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1328322786:1717819842:bSpB87cWXegjbeHerxbJioR3LtnjcZ8yB3z0qcAVPm8/890646dba8129981/defba8c198a3dae HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/dlpq1/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: defba8c198a3dae
Content-Length: 27646
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 08 Jun 2024 04:53:15 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: vnbQoWoNWWUDVhMzKiV9X2UDQ0YM7WZXxRW6pqUMHJogUzLRpyNkXDYsZVpbzd8U$CgOOvNzmCfEcEVrcrPkCFA==
server: cloudflare
cf-ray: 890646f339959981-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

vekr7xaf.cc/css/chunk-vendors.c57533e1.css

104.21.15.111

200 OK

44 kB

URL GET HTTP/1.1
vekr7xaf.cc/css/chunk-vendors.c57533e1.css
IP
104.21.15.111:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vekr7xaf.cc/invite/i=14580/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (43872 bytes)
Hash
ebfffebc1f62c3be51082e6595a0a005
e278fbd6fd48150b3f366b50ed388983d934978c
f5ce9e73e1f7cea326eedd4f39d9b2d703ba4ccb31a6078cdc1fb16481298a32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-vendors.c57533e1.css HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/invite/i=14580/
Cookie: cf_clearance=OHcDDMR8ohsbETfXWosxMqLK0QwkEcvQLy93zQvo2tk-1717822390-1.0.1.1-Kr.VmsfjoFe8s874NtqiN4roTdqtEtbPO5nAHCoopE8hJSAGy_EyDM2jo8RXEnhehGWbt.6Fna4.goT5UDefGA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:20 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Jun 2024 18:14:06 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3123
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=REeuUm%2Bxe%2B8qyXkB7kMj4RQlReY2ZaSN6m57mP%2B3l3HOWeyLRkrJkVGbQGiaIn4ep7f0dUXkAa6tCTSXcP5Ql3iu8IF7zei%2F0ZrnCeUq4xe3J1%2FjAvr9ibu8nJElyw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 890647146f38be53-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/css/app.a46faf1c.css

104.21.15.111

2.5 kB

URL
vekr7xaf.cc/css/app.a46faf1c.css
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (14103), with no line terminators
Size
2.5 kB (2489 bytes)
Hash
b64e337f3c587d11819ca6f962223b5a
16c97b930ebab471bf259fe05085439cc2978836
6fffdc51453d46ea9ef266c8ff32e2352accc0eb81ef17fc69550f2b3d09c01e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.a46faf1c.css HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/invite/i=14580/
Cookie: cf_clearance=OHcDDMR8ohsbETfXWosxMqLK0QwkEcvQLy93zQvo2tk-1717822390-1.0.1.1-Kr.VmsfjoFe8s874NtqiN4roTdqtEtbPO5nAHCoopE8hJSAGy_EyDM2jo8RXEnhehGWbt.6Fna4.goT5UDefGA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:20 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Jun 2024 18:14:00 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nq3gAks7%2FTdckgJAU%2BTb9kWcNMhaediP5NUA8kQ34TXQ%2FCVJiJcDCGt%2BZArGElzkspYFRu92416fxt0DMtG2j0RWLHsO0zc550MNh7pIQVtGOQvGfi8KABSmGF1eVw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 890647146e91be3f-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/js/app.2d66daba.js

104.21.15.111

200 OK

24 kB

URL GET HTTP/1.1
vekr7xaf.cc/js/app.2d66daba.js
IP
104.21.15.111:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vekr7xaf.cc/invite/i=14580/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23864 bytes)
Hash
e9bf819e32d3ce790bbfd953a7e68049
f20d1bc5749a622e383ee5880d07c2bccd4006e1
b561d22b5d2978e8498dccaea0b6441f2fc4c9ef97e9b4c1f56d8247f2cae368

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.2d66daba.js HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/invite/i=14580/
Cookie: cf_clearance=OHcDDMR8ohsbETfXWosxMqLK0QwkEcvQLy93zQvo2tk-1717822390-1.0.1.1-Kr.VmsfjoFe8s874NtqiN4roTdqtEtbPO5nAHCoopE8hJSAGy_EyDM2jo8RXEnhehGWbt.6Fna4.goT5UDefGA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:20 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Jun 2024 18:15:47 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzR9GEEC%2FGdnQiny9Y9Gkzq2vFPKcGvYHWGJuagWYjXLD3YepCzzFTmQZHYL%2FnFkzWiteh5nSGPQLEBu82A0xF%2B%2BOELfTA9w5VjJeCTZY1Iu%2BPIdOF8MibGhS9erOA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 890647146c319311-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/js/chunk-vendors.ea790e22.js

104.21.15.111

272 kB

URL
vekr7xaf.cc/js/chunk-vendors.ea790e22.js
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (51759)
Size
272 kB (272420 bytes)
Hash
4fee178f809d1b2a829099a8bb91c56c
178b6322fdc40c08fcbda0c096c668855ad49b51
c3580c9951b9554639c1404a246b3f27f818a99240c728f04cb964cd9e50b73d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.ea790e22.js HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/invite/i=14580/
Cookie: cf_clearance=OHcDDMR8ohsbETfXWosxMqLK0QwkEcvQLy93zQvo2tk-1717822390-1.0.1.1-Kr.VmsfjoFe8s874NtqiN4roTdqtEtbPO5nAHCoopE8hJSAGy_EyDM2jo8RXEnhehGWbt.6Fna4.goT5UDefGA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:20 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Jun 2024 18:16:52 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2FjpoBVZmmJkkaH5yHGZk23dPeCfxWh7KQOkZUhp%2FxkiVVpQ2Au9p0yu7F%2FtfACBnIHa8BQKTDRLVnlaT%2FM5AARR2XwEO8SDv1w2rdIPdrnZ9330VM4VKvfv5AtpA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 890647143ad6abc2-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/invite

104.21.15.111

0 B

URL
vekr7xaf.cc/invite
IP
104.21.15.111:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /invite HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 20
Origin: http://vekr7xaf.cc
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/invite/i=14580/
Cookie: cf_clearance=OHcDDMR8ohsbETfXWosxMqLK0QwkEcvQLy93zQvo2tk-1717822390-1.0.1.1-Kr.VmsfjoFe8s874NtqiN4roTdqtEtbPO5nAHCoopE8hJSAGy_EyDM2jo8RXEnhehGWbt.6Fna4.goT5UDefGA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:21 GMT
Content-Length: 0
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QHXXrVMgDxU7HQlYmfQRcwbq1dwsbUtDQISJs29WyLZTHoG7%2FovzRX8eKnFvR28mr0Qi9Ldw3%2FvsV4re5nTfMmDQsSGoNSdxP7rFgAvL9fijjFj1hfKfQPUJvr6VHw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 890647172c9cabc2-CPH
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/getlog

104.21.15.111

200 OK

1.3 kB

URL GET HTTP/1.1
vekr7xaf.cc/getlog
IP
104.21.15.111:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vekr7xaf.cc/invite/i=14580/

File type
JSON text data
Size
1.3 kB (1324 bytes)
Hash
b142926f7351b9df6316595f22d6ef6b
e5007b119a2ffaadd960915f65cdfcf4a00e4b2a
0f12a8b9643a2adc67206e19deb77bfec2fc3c54f1eae2c8c8f0180d8a1589e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /getlog HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/enter/register
Cookie: cf_clearance=OHcDDMR8ohsbETfXWosxMqLK0QwkEcvQLy93zQvo2tk-1717822390-1.0.1.1-Kr.VmsfjoFe8s874NtqiN4roTdqtEtbPO5nAHCoopE8hJSAGy_EyDM2jo8RXEnhehGWbt.6Fna4.goT5UDefGA; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:21 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2EnbciEmE7kidUjrHQw2E73%2FBsTziMdZQ%2FhY7ArKH2%2B3eQdLzl%2BMrPiUUcKVhug2jHFRm%2B86KpDu8cFoNGulA1eHeD7gKFEeyYV4L4UhsV5W4ZQE%2BiFniMzgkf4Z3A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 890647183957be53-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

cdn.discordapp.com/attachments/1248685797960323245/1248685845859532950/ver.mp4?ex=666490d1&is=66633f51&hm=3e8453416e147bb6b5b1c9b566ab3c816d11a69f9c8bb6538854906969187d13&

162.159.133.233

2.2 MB

URL
cdn.discordapp.com/attachments/1248685797960323245/1248685845859532950/ver.mp4?ex=666490d1&is=66633f51&hm=3e8453416e147bb6b5b1c9b566ab3c816d11a69f9c8bb6538854906969187d13&
IP
162.159.133.233:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
2.2 MB (2185252 bytes)
Hash
5a8b1df062e5efef2849a1e2c89c1484
85c844b404292520a9ae599b3525ea15baf6cb49
80a79faec5c4310d0b188aac5efa4cb881844e2834b7895af0c71769212ca207

HTTP Headers

GET /attachments/1248685797960323245/1248685845859532950/ver.mp4?ex=666490d1&is=66633f51&hm=3e8453416e147bb6b5b1c9b566ab3c816d11a69f9c8bb6538854906969187d13& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 206 Partial Content
date: Sat, 08 Jun 2024 04:53:21 GMT
content-type: video/mp4
content-length: 2185252
content-range: bytes 0-2185251/2185252
cf-ray: 890647192a7babe4-CPH
cf-cache-status: HIT
accept-ranges: bytes
age: 38084
cache-control: public, max-age=31536000
content-disposition: attachment; filename=ver.mp4
etag: "5a8b1df062e5efef2849a1e2c89c1484"
expires: Sun, 08 Jun 2025 04:53:21 GMT
last-modified: Fri, 07 Jun 2024 17:11:45 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1717780305228738
x-goog-hash: crc32c=+I8yNQ==, md5=Wosd8GLl7+8oSaHiyJwUhA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2185252
x-guploader-uploadid: ABPtcPpAaCK-GxsFgHKvQvOXPCa7oPrwsbjMdnxFuiVQpTKysrgVz7C9WXL1FZ6MJI_kYJRmtTU
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LqR%2FTYJUKezDKdZ3TP%2BSsCeMipRrB4nnSV2Di74JdiqyqxqQCVtNvcfxkKcnQugWJqyzSk%2FnDtS%2Bh5Aq4FfHdDTU6KzO2kH%2B7f098mRnSzIrlg9m%2BqT%2BtYjmoPqY%2FnzeDUa3Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=uGYWmnV0MW7oQzDaI16t.zx8nZAqXnfexf58Emp0krw-1717822401-1.0.1.1-w5sjLEfjrN1sZrrs3sYLXMGrZ77oF99bU9Sef6MIkKi6UU.Tl.61kR2hUpfdBAJYNowEAqhiRpcWY3V1qhveIA; path=/; expires=Sat, 08-Jun-24 05:23:21 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=ZKq2z75_S.N0_CpovRhMyBH9iVgxLD9chbtBBCu3vKI-1717822401488-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

verm63xap.cc/socket.io/?EIO=3&transport=websocket

104.21.47.60

0 B

URL
verm63xap.cc/socket.io/?EIO=3&transport=websocket
IP
104.21.47.60:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: verm63xap.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://vekr7xaf.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: P+BSp4H+T1FveVkW0Rir0A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sat, 08 Jun 2024 04:53:21 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /2aKVQuYHUtJpp6wim9qaSTdA3E=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HEUEMbFQDbgsHZJhWjDn9wj2gjE0jM3tpzaOM44jo81ZYBXs1H%2Bp%2FzvF6mmFAy%2B0hbEYa6vJT7el1%2Bqaj3SYxUnqyB2rAHtR5TJzn7Bvcd%2Fa73a2DdLE8CpYJc9pd%2BY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 89064719af5a92a9-CPH
alt-svc: h3=":443"; ma=86400

vekr7xaf.cc/img/icons/favicon.svg

104.21.15.111

200 OK

990 B

URL GET HTTP/1.1
vekr7xaf.cc/img/icons/favicon.svg
IP
104.21.15.111:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vekr7xaf.cc/invite/i=14580/

File type
HTML document, ASCII text, with very long lines (2705), with no line terminators
Size
990 B (990 bytes)
Hash
2b8191e9c3bed0ce1616600b23b32b37
3f1b551c78950add8b47d14a6a6bfc950dc80ea4
5f75c95b3547fbcfda158cdc0b43865692652c8deedce312bec25763a8fdc801

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon.svg HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/invite/i=14580/
Cookie: cf_clearance=OHcDDMR8ohsbETfXWosxMqLK0QwkEcvQLy93zQvo2tk-1717822390-1.0.1.1-Kr.VmsfjoFe8s874NtqiN4roTdqtEtbPO5nAHCoopE8hJSAGy_EyDM2jo8RXEnhehGWbt.6Fna4.goT5UDefGA; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:21 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 489
Last-Modified: Sat, 08 Jun 2024 04:45:12 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xDdnMu7JUEl%2FH6QTJTLKxctmk34eC16A4Ix1g1TLHCSWgt2yxYOYDMHOGIEX6VpVKPUSsa9cy7pcrb40DM5lA67oVvPJalQtWX39cRc%2FQKTwwRl%2Fsg3kH6IPMi4sbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8906471bab7abe53-CPH
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

vekr7xaf.cc/img/icons/apple-touch-icon-152x152.png

104.21.15.111

200 OK

4.0 kB

URL GET HTTP/1.1
vekr7xaf.cc/img/icons/apple-touch-icon-152x152.png
IP
104.21.15.111:80
ASN
#13335 CLOUDFLARENET

Requested by
http://vekr7xaf.cc/invite/i=14580/

File type
PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced
Size
4.0 kB (4046 bytes)
Hash
1a034e64d80905128113e5272a5ab95e
92328e60f63d690f33cd4961b9934a539dc29b82
4d9685d610c4411caadd8d36ce94d3303cf5b05c8e04d67fc232c16a4469a135

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/apple-touch-icon-152x152.png HTTP/1.1
Host: vekr7xaf.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/invite/i=14580/
Cookie: cf_clearance=OHcDDMR8ohsbETfXWosxMqLK0QwkEcvQLy93zQvo2tk-1717822390-1.0.1.1-Kr.VmsfjoFe8s874NtqiN4roTdqtEtbPO5nAHCoopE8hJSAGy_EyDM2jo8RXEnhehGWbt.6Fna4.goT5UDefGA; inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:22 GMT
Content-Type: image/png
Content-Length: 4046
Connection: keep-alive
Last-Modified: Fri, 07 Jun 2024 18:14:10 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lilpi15l5BT0Cc0%2F1nblgD3XvHX8lDDxMQbp1ex21SqDARFGSW8xgHMML6CBq7N2MPfeZLjRdZnspbZ3pGwUB5yVUgamtgsg4rrOZCYg3OEB3%2FE%2B57mmRJU2NgOUSg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8906471baf9eabc2-CPH
alt-svc: h2=":443"; ma=60

ocsp.sectigochina.com/

172.64.149.190

472 B

URL
ocsp.sectigochina.com/
IP
172.64.149.190:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
886f69fc31139c46b5fd1a76502c9f51
c429946348de84bb45d4e092c1f8b71bca4192c2
f28272eaa2d3db536f68cb3a136cbd9082ea5c62e13b0829cd109ccd386cd06e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Jun 2024 04:53:23 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 05 Jun 2024 12:42:44 GMT
Expires: Wed, 12 Jun 2024 12:42:43 GMT
Etag: "c429946348de84bb45d4e092c1f8b71bca4192c2"
Cache-Control: max-age=374829,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 890647232ce510f3-CPH

b.yzcdn.cn/vant/icon-demo-1126.png

154.85.69.57

200 OK

8.9 kB

URL GET HTTP/2
b.yzcdn.cn/vant/icon-demo-1126.png
IP
154.85.69.57:443
ASN
#139057 LEGEND DYNASTY PTE. LTD.

Requested by
http://vekr7xaf.cc/invite/i=14580/
Certificate
IssuersslTrus
Subject*.yzcdn.cn
Fingerprint6A:A8:BA:7C:D4:B4:86:0B:74:EB:E6:19:C8:69:2E:8B:13:6C:1E:1B
ValidityThu, 09 Nov 2023 00:00:00 GMT - Mon, 09 Dec 2024 23:59:59 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
8.9 kB (8886 bytes)
Hash
f87c46f346a5548224ccbe0b6bd75df5
8e8b8bd4ba3e6b6c8557d94a726061fdd62492fd
b6304eb9b754d38d3ad74d0acce42c156536840351368ed3e4895a6b50cd9370

HTTP Headers

GET /vant/icon-demo-1126.png HTTP/1.1
Host: b.yzcdn.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://vekr7xaf.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Jun 2024 04:53:23 GMT
content-type: image/png
content-length: 8886
server: openresty
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=2592000
content-disposition: inline; filename="icon-demo-1126.png"; filename*=utf-8''icon-demo-1126.png
content-md5: +HxG80alVIIkzL4La9dd9Q==
content-transfer-encoding: binary
etag: "Fo6Li9S6PmtshVfZSnJgYf3WJJL9"
last-modified: Mon, 26 Nov 2018 11:08:05 GMT
x-reqid: YyIAAAASg9geDiAX
x-svr: IO
x-qiniu-zone: 0
x-log: X-Log
x-ser: BC5_dx-lt-yd-zhejiang-huzhou-3-cache-7, BC165_lt-obgp-fujian-xiamen-33-cache-1, BC132_IT-Lombardia-Milan-1-cache-1, BC46_DE-Frankfurt-Frankfurt-11-cache-4
x-cache: HIT from BC46_DE-Frankfurt-Frankfurt-11-cache-4(baishan)
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations