Report - xat.com/lewd

Report Overview

Visitedpublic

2025-01-22 06:18:44

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-01-22	1.8 kB	121 kB	104.17.25.14
xat.com	335294	1997-09-20	2012-05-23	2025-01-15	5.4 kB	1.8 MB	172.67.38.142
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-22	416 B	316 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-22	medium	xat.com/content/web/R00200/common.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	xat.com/content/web/R00200/lib/jquery.localize.js	ScriptElement	2.2 kB	2023-03-07	2025-03-11
URL xat.com/content/web/R00200/lib/jquery.localize.js IP / ASN 172.67.38.142 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-03-11 Times Seen 2543 Size 2.2 kB (2172 bytes) MD5 0bd1f24c520de8776095ab9d2e9de2a1 SHA1 471abdec03596ef981f2f38de48a3a99b3959706 SHA256 99330f241956c44236cb84cef7ee89bbcf2dde089772d1465a1c7e36c1475835 Format Code Loading...

	xat.com/content/web/R00200/direct.js	ScriptElement	523 kB	2024-12-14	2025-01-26
URL xat.com/content/web/R00200/direct.js IP / ASN 172.67.38.142 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-12-14 Last Seen 2025-01-26 Times Seen 104 Size 523 kB (523202 bytes) MD5 8123702d3e683722e76dc2c255e9b2d0 SHA1 d58acec130d8ff36341c06c2afa89cffe1b3d752 SHA256 cdfe78644cf0ce4c33f1c56f369507d64aaaba06a296bed3586d3c0d4d14ffa8 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-P4SDK5JMQ9	ScriptElement	315 kB	2025-01-22	2025-01-22
URL www.googletagmanager.com/gtag/js?id=G-P4SDK5JMQ9 IP / ASN 142.250.74.168 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-01-22 Last Seen 2025-01-22 Times Seen 3 Size 315 kB (315074 bytes) MD5 818ded024228911edf331de81dc54df8 SHA1 d70b87f58ee0d9b652d067b42359976378bb21f3 SHA256 81b7e807c2bd7ce269f639d3124c7e9ee639e94bc0ec7fe2a8c6700feaa5297f Format Code Loading...

	xat.com/content/web/R00200/pwa.js?z4	ScriptElement	80 kB	2024-11-14	2025-01-26
URL xat.com/content/web/R00200/pwa.js?z4 IP / ASN 172.67.38.142 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-11-14 Last Seen 2025-01-26 Times Seen 294 Size 80 kB (80203 bytes) MD5 cff4b3ae8cc6336cecb832cdc2eb65c7 SHA1 2b416bec554ec7525d61f578aff3a00aa665fdad SHA256 8db1dcd1b3105dec313e30e221794de8611b7634d1726b20dd3425111cd30706 Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-08-04
URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP / ASN 104.17.25.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-04 Times Seen 128046 Size 90 kB (89476 bytes) MD5 dc5e7f18c8d36ac1d3d4753a87c98d0a SHA1 c8e1c8b386dc5b7a9184c763c88d19a346eb3342 SHA256 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js	ScriptElement	52 kB	2023-03-07	2025-03-11
URL cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js IP / ASN 104.17.25.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-03-11 Times Seen 2547 Size 52 kB (52190 bytes) MD5 9c17b78b7bdf4820e70c04330ed2b155 SHA1 47f412c1800686b459c053bf3fb6c0f8a0421833 SHA256 4a82f849e9618156eef475449fe30bc64aa9d4b9aa172764fd069ca90d41dd5f Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js	ScriptElement	84 kB	2023-03-07	2025-08-04
URL cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js IP / ASN 104.17.25.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-04 Times Seen 6937 Size 84 kB (84152 bytes) MD5 7f389f5d2622ce2090eca7c36bcb90bc SHA1 ab27031159724e2421f6ff5c70f48e657abe9d39 SHA256 8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01 Format Code Loading...

	xat.com/content/web/R00200/common.js	ScriptElement	855 kB	2024-12-14	2025-01-26
URL xat.com/content/web/R00200/common.js IP / ASN 172.67.38.142 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-12-14 Last Seen 2025-01-26 Times Seen 103 Size 855 kB (854640 bytes) MD5 b936eff2162accb53a495046233d98da SHA1 190588dfaf346c26db07038853cd0a09bac196dd SHA256 1a7d9c3a507c001f33c4ca76695fc0734abed08eab267b3e9c9553810f8f8948 Format Code Loading...

HTTP Transactions (16)

URL IP Response Size

GET cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/css/bootstrap.min.css

104.17.25.14

200 OK

18 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/css/bootstrap.min.css

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeASCII text, with very long lines (65326)

First Seen2023-04-05

Last Seen2025-08-04

Times Seen7465

Size18 kB (17717 bytes)

MD5023b3876bb73aa541367fc40a193d2b7

SHA18ed2d6350d23f857d92805737d0f97c675de666b

SHA256f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Certificate Info

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02

ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.5.3/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: text/css; charset=utf-8
content-length: 17717
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f85cefb-27288"
last-modified: Tue, 13 Oct 2020 15:59:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 717154
expires: Mon, 12 Jan 2026 06:18:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3XiYcIZAjMbkkJ7rcRgOnf874HBXlMPuaeeO7i5J8YwuuGEitIOwE%2BGCLj4p%2B936pYgpx%2B6CMlwXUAy7YJ7ixbPtz4f7K6RHB%2Bs3fNylr56RNNTIrlzSoa4%2Fr6cqEad6jnWiinV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 905d6d138df6568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET xat.com/images/app/apple-touch-icon.png

172.67.38.142

200 OK

4.5 kB

URL GET HTTPS

xat.com/images/app/apple-touch-icon.png

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typePNG image data, 180 x 180, 8-bit colormap, non-interlaced

First Seen2024-05-20

Last Seen2025-02-24

Times Seen2473

Size4.5 kB (4544 bytes)

MD579f8bb1d5de761929bb222df125cb9c9

SHA191b74fa4b5b77a1002137f4b07356befa5c0e962

SHA2568f514eed8bbd7b44669a13af85315d26eb0cf783af15068591e814e9e04e3935

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /images/app/apple-touch-icon.png HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/lewd
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: image/png
content-length: 4544
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: origSize=4660
access-control-allow-origin: *
etag: "5fd5cffa-1234"
expires: Sat, 01 Feb 2025 13:00:28 GMT
last-modified: Sun, 13 Dec 2020 08:25:30 GMT
cf-cache-status: HIT
age: 1703872
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d13d92a56a5-OSL
X-Firefox-Spdy: h2

GET xat.com/content/web/R00200/img/favicon-16x16.png

172.67.38.142

200 OK

638 B

URL GET HTTPS

xat.com/content/web/R00200/img/favicon-16x16.png

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced

First Seen2023-08-11

Last Seen2025-03-11

Times Seen2497

Size638 B (638 bytes)

MD511242f8dd27c9c81933b6d6027783b4d

SHA1ca9cc26ea8c806e91ad2b8f1c7c3f0fc1058616c

SHA256db10e510c768f5c061989c0fe414fff937b764150c84365af7964596e5deab16

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /content/web/R00200/img/favicon-16x16.png HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/lewd
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: image/png
content-length: 638
last-modified: Thu, 13 Jul 2023 16:18:21 GMT
etag: "64b023cd-27e"
expires: Sun, 26 Jan 2025 14:47:38 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2215842
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d13d92b56a5-OSL
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65451)

First Seen2023-03-07

Last Seen2025-08-04

Times Seen128046

Size28 kB (27958 bytes)

MD5dc5e7f18c8d36ac1d3d4753a87c98d0a

SHA1c8e1c8b386dc5b7a9184c763c88d19a346eb3342

SHA256f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Certificate Info

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02

ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 517949
expires: Mon, 12 Jan 2026 06:18:20 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=926sqdI12ywHOxb2St4ugzAfAWL8Q3vgGrOlONW1K3pcsOxu2OdFsiEUvyUDLxg8ZoJxMNkZ9%2B3KXmtOWjjmlqwdsNsRgCfv18y1VYzdn09suqqWfg8svDE8nF%2BsDAMy3yXLPiWE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 905d6d145d360b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js

104.17.25.14

200 OK

19 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65299)

First Seen2023-03-07

Last Seen2025-08-04

Times Seen6937

Size19 kB (19143 bytes)

MD57f389f5d2622ce2090eca7c36bcb90bc

SHA1ab27031159724e2421f6ff5c70f48e657abe9d39

SHA2568d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01

Certificate Info

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02

ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT

HTTP Headers

GET /ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 19143
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f85cefb-148b8"
last-modified: Tue, 13 Oct 2020 15:59:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 253773
expires: Mon, 12 Jan 2026 06:18:20 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nS2TqDvAPE5PksgGl5Lso8ioZpsPc3esZikCmAdN8Lm%2FhqGkgz9BcIp3EIMBnun%2Fk7yOUW8uYBCmEw6WGgKs6Lzk7onZcGqew4q4vPmguKX8CeUWMPCLC5z1263ewaGo3YeHbRDA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 905d6d14bd690b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET xat.com/lewd

172.67.38.142

200 OK

12 kB

URL User Request GET HTTPS

xat.com/lewd

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typegzip compressed data, from Unix

First Seen2025-01-22

Last Seen2025-01-22

Times Seen1

Size12 kB (12105 bytes)

MD5bc4592e4fb0587edd3589e8bccf0f3bf

SHA15a79604f2e96066e5da40fc90da12d504634fb54

SHA25665c32e82e365b2ce02057ea2aa6845a02f0840e7b284b9eb3b277abb8507d147

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /lewd HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:19 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=1800,public
content-encoding: gzip
cf-cache-status: DYNAMIC
vary: accept-encoding
set-cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb; SameSite=Lax; path=/; expires=Wed, 22-Jan-25 07:18:19 GMT; HttpOnly
server: cloudflare
cf-ray: 905d6d0dbd3856a5-OSL
X-Firefox-Spdy: h2

GET xat.com/content/web/R00200/direct.css

172.67.38.142

200 OK

329 kB

URL GET HTTPS

xat.com/content/web/R00200/direct.css

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typegzip compressed data, from Unix

First Seen2025-01-22

Last Seen2025-01-22

Times Seen1

Size329 kB (328709 bytes)

MD56c9198ad27e463c9cfb2e69a54ea726f

SHA1d5f9b8d0fd82cd32b600439b79acde957e701f4e

SHA256d9f756214c4ef394abad81c33317160a6ed9e0f23bfd4049e44455fcbe7c4374

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /content/web/R00200/direct.css HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/lewd
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: text/css
last-modified: Wed, 11 Dec 2024 11:43:50 GMT
etag: W/"67597af6-9d03"
expires: Wed, 22 Jan 2025 11:50:16 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
content-encoding: gzip
cf-cache-status: HIT
age: 66484
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d13f94656a5-OSL
X-Firefox-Spdy: h2

GET xat.com/web_gear/chat/Announce.php?c=1737526700888

172.67.38.142

200 OK

608 B

URL GET HTTPS

xat.com/web_gear/chat/Announce.php?c=1737526700888

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeJSON text data

First Seen2024-09-07

Last Seen2025-02-24

Times Seen209

Size608 B (608 bytes)

MD59bf3ec11b674e69b0d832dc6090c74da

SHA12f5ed6f09a7572134c6bae71b2df77ad2cec567e

SHA2567dc090917cd228aa5fb05ebf7003eedea8f90e015d1ef92334b030d6d97f6339

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /web_gear/chat/Announce.php?c=1737526700888 HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xat.com/lewd
Content-type: application/x-www-form-urlencoded; charset=UTF-8
DNT: 1
Connection: keep-alive
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:21 GMT
content-type: application/json
cache-control: max-age=300, public, must-revalidate
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 905d6d189c8556a5-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET xat.com/content/web/R00200/pwa.css

172.67.38.142

200 OK

490 B

URL GET HTTPS

xat.com/content/web/R00200/pwa.css

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeASCII text, with very long lines (490), with no line terminators

First Seen2024-08-05

Last Seen2025-02-24

Times Seen1436

Size490 B (490 bytes)

MD51b677fccc5be0f3744e5e8af37f66d8c

SHA1a21a525a43e4217ade11aacb9fd2f3f80c9fb6d7

SHA2562b181a7f46f30288369aadf240d5f981b082f6d15e376730a1860339d43bebee

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /content/web/R00200/pwa.css HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/lewd
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:19 GMT
content-type: text/css
last-modified: Mon, 21 Oct 2024 14:25:19 GMT
etag: W/"6716644f-1ea"
expires: Wed, 22 Jan 2025 16:03:53 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 51266
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d11afc456a5-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET xat.com/content/web/R00200/direct.html

172.67.38.142

403 Forbidden

8.2 kB

URL GET HTTPS

xat.com/content/web/R00200/direct.html

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeHTML document, ASCII text, with very long lines (8292), with no line terminators

First Seen2025-01-22

Last Seen2025-01-22

Times Seen1

Size8.2 kB (8232 bytes)

MD55ffb336902a1e449664a3d838748769c

SHA19a7281556b638ce3db326cd76f28a9648148eb73

SHA2566d8dae896d941ee45035f120f0c70ea9413de49dd40224f30a77ceeec7107482

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /content/web/R00200/direct.html HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xat.com/lewd
DNT: 1
Connection: keep-alive
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: vlmjoS3UWwgky8sg7/JXu48seh96UtghQiauGKU8FzbhhgTiAqQ7i2StapnyS7QrHZJmxAah3T8xNXvV6+ocOSJYOrQyWCnN+AqMZADKpzaI4geQLc77JoEO2LfkDdvkPS4/9qoJzYwsVeTGyw7XSw==$Bhl9Nfv33JTeRYAidFz7Yg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d14295956a5-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js

104.17.25.14

200 OK

52 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeJavaScript source, ASCII text, with very long lines (352)

First Seen2023-03-07

Last Seen2025-03-11

Times Seen2547

Size52 kB (52190 bytes)

MD59c17b78b7bdf4820e70c04330ed2b155

SHA147f412c1800686b459c053bf3fb6c0f8a0421833

SHA2564a82f849e9618156eef475449fe30bc64aa9d4b9aa172764fd069ca90d41dd5f

Certificate Info

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02

ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT

HTTP Headers

GET /ajax/libs/handlebars.js/4.7.6/handlebars.runtime.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 10770
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e72-cbde"
last-modified: Mon, 04 May 2020 16:10:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 8142
expires: Mon, 12 Jan 2026 06:18:20 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CTZZX%2FSKMtXGDuGz7fHFs04mQGLXBhCwa2Gc6yo9ARudEqGXGmxAui8vTVIsbZW6B76xlUv%2Folz2XsyWMliIp4CekR9p835h4jGK2M87Tah7K%2B7qBsfjWDrRSZ%2BRfN8V5WTPOOGy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 905d6d14bd6b0b45-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET xat.com/content/web/R00200/common.js

172.67.38.142

200 OK

855 kB

URL GET HTTPS

xat.com/content/web/R00200/common.js

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2024-12-14

Last Seen2025-01-26

Times Seen103

Size855 kB (854640 bytes)

MD5b936eff2162accb53a495046233d98da

SHA1190588dfaf346c26db07038853cd0a09bac196dd

SHA2561a7d9c3a507c001f33c4ca76695fc0734abed08eab267b3e9c9553810f8f8948

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /content/web/R00200/common.js HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/lewd
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: application/javascript
last-modified: Wed, 11 Dec 2024 11:43:21 GMT
etag: W/"67597ad9-d0a70"
expires: Wed, 22 Jan 2025 11:50:16 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 66484
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d14b9d656a5-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET xat.com/content/web/R00200/pwa.js?z4

172.67.38.142

200 OK

80 kB

URL GET HTTPS

xat.com/content/web/R00200/pwa.js?z4

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2024-11-14

Last Seen2025-01-26

Times Seen294

Size80 kB (80203 bytes)

MD5cff4b3ae8cc6336cecb832cdc2eb65c7

SHA12b416bec554ec7525d61f578aff3a00aa665fdad

SHA2568db1dcd1b3105dec313e30e221794de8611b7634d1726b20dd3425111cd30706

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /content/web/R00200/pwa.js?z4 HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/lewd
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:19 GMT
content-type: application/javascript
last-modified: Mon, 21 Oct 2024 14:23:28 GMT
etag: W/"671663e0-1394b"
expires: Wed, 22 Jan 2025 23:27:37 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 24642
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d11afc756a5-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-P4SDK5JMQ9

142.250.74.168

200 OK

315 kB

URL GET HTTPS

www.googletagmanager.com/gtag/js?id=G-P4SDK5JMQ9

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://xat.com/lewd

Resource Info

File typeJavaScript source, ASCII text, with very long lines (5268)

First Seen2025-01-22

Last Seen2025-01-22

Times Seen3

Size315 kB (315074 bytes)

MD5818ded024228911edf331de81dc54df8

SHA1d70b87f58ee0d9b652d067b42359976378bb21f3

SHA25681b7e807c2bd7ce269f639d3124c7e9ee639e94bc0ec7fe2a8c6700feaa5297f

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

FingerprintBB:2E:7E:AD:26:E1:69:CA:59:9D:25:40:5F:20:4A:82:34:E8:D2:04

ValidityMon, 09 Dec 2024 08:36:18 GMT - Mon, 03 Mar 2025 08:36:17 GMT

HTTP Headers

GET /gtag/js?id=G-P4SDK5JMQ9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 22 Jan 2025 06:18:20 GMT
expires: Wed, 22 Jan 2025 06:18:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 107548
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET xat.com/content/web/R00200/lib/jquery.localize.js

172.67.38.142

200 OK

2.2 kB

URL GET HTTPS

xat.com/content/web/R00200/lib/jquery.localize.js

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeJavaScript source, ASCII text, with very long lines (2227), with no line terminators

First Seen2023-08-11

Last Seen2025-03-11

Times Seen830

Size2.2 kB (2172 bytes)

MD5e4a04096e8980c1ee0a8b51cb9144d25

SHA13e0b452f230ea0c0e880d112fa89c0b4a25add6e

SHA25638091255abfbeabb92252231c1bd72be2a9b3f4673f9a4beda900f7541081e6f

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /content/web/R00200/lib/jquery.localize.js HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/lewd
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: application/javascript
last-modified: Tue, 15 Aug 2023 20:25:16 GMT
etag: W/"64dbdf2c-87c"
expires: Wed, 22 Jan 2025 20:23:53 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 35666
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d16db2156a5-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET xat.com/content/web/R00200/direct.js

172.67.38.142

200 OK

523 kB

URL GET HTTPS

xat.com/content/web/R00200/direct.js

IP / ASN

172.67.38.142

#13335 CLOUDFLARENET

Requested byhttps://xat.com/lewd

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2024-12-14

Last Seen2025-01-26

Times Seen104

Size523 kB (523202 bytes)

MD58123702d3e683722e76dc2c255e9b2d0

SHA1d58acec130d8ff36341c06c2afa89cffe1b3d752

SHA256cdfe78644cf0ce4c33f1c56f369507d64aaaba06a296bed3586d3c0d4d14ffa8

Certificate Info

IssuerGoogle Trust Services

Subjectxat.com

FingerprintF2:DB:EA:D6:08:35:5E:68:60:64:7F:47:89:F0:7B:55:BB:60:B0:17

ValidityFri, 06 Dec 2024 23:00:13 GMT - Thu, 06 Mar 2025 23:00:12 GMT

HTTP Headers

GET /content/web/R00200/direct.js HTTP/1.1
Host: xat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xat.com/lewd
Cookie: __cflb=0H28vBHvMdMsiCqyekQMKrTEmi8SmkGd7ysVhdZvMeb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Jan 2025 06:18:20 GMT
content-type: application/javascript
last-modified: Wed, 11 Dec 2024 11:43:24 GMT
etag: W/"67597adc-7fbc2"
expires: Wed, 22 Jan 2025 22:36:51 GMT
cache-control: max-age=86400
origin-trial: AuowOQVHzf/jZCWuHsZPPTAEqLM5Nd7BltXiY7QcjA2JYFwAXlVvtkt628oPsOl3JUGBlPHl/oiiWcvsJZbILwIAAABleyJvcmlnaW4iOiJodHRwczovL3hhdC5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OX0=
cf-cache-status: HIT
age: 27689
vary: Accept-Encoding
server: cloudflare
cf-ray: 905d6d170b6256a5-OSL
content-encoding: br
X-Firefox-Spdy: h2