Report - xxmb36ps.cc/invite/i=13615

Report Overview

Visited public
2024-06-15 18:36:06
Tags
URL
xxmb36ps.cc/invite/i=13615
Finishing URL
xxmb36ps.cc/enter/register
IP / ASN
104.21.70.43
#13335 CLOUDFLARENET
Title
t33n leak 5-17 age

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
b.yzcdn.cn	425969	2014-12-08	2015-07-08 11:30:49	2023-10-23 14:59:32	425 B	9.8 kB	154.85.69.53
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-15 18:20:48	1.6 kB	4.4 kB	23.36.77.32
xxmb36ps.cc	unknown	unknown	No data	No data	4.4 kB	1.3 MB	104.21.70.43
cdn.discordapp.com	2474	2015-02-26	2015-08-24 15:06:21	2024-06-14 18:12:58	1.3 kB	2.2 kB	162.159.129.233
xxrt34apx.cc	unknown	unknown	No data	No data	1.1 kB	1.2 kB	104.21.43.28
ocsp.sectigochina.com	unknown	2019-10-20	2022-02-25 07:42:56	2024-06-12 14:18:51	333 B	964 B	104.18.38.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-15	medium	xxmb36ps.cc	Sinkholed
2024-06-15	medium	xxmb36ps.cc	Sinkholed
2024-06-15	medium	xxmb36ps.cc	Sinkholed
2024-06-15	medium	xxmb36ps.cc	Sinkholed
2024-06-15	medium	xxmb36ps.cc	Sinkholed
2024-06-15	medium	xxmb36ps.cc	Sinkholed
2024-06-15	medium	xxmb36ps.cc	Sinkholed
2024-06-15	medium	xxmb36ps.cc	Sinkholed
2024-06-15	medium	xxmb36ps.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	xxmb36ps.cc/js/chunk-vendors.ea790e22.js	ScriptElement	949 kB	2023-03-07	2024-08-21
Pretty URL xxmb36ps.cc/js/chunk-vendors.ea790e22.js IP 104.21.70.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35 Last Seen2024-08-21 09:33 Times Seen1004 Hash 4fee178f809d1b2a829099a8bb91c56c 178b6322fdc40c08fcbda0c096c668855ad49b51 c3580c9951b9554639c1404a246b3f27f818a99240c728f04cb964cd9e50b73d Loading...

	xxmb36ps.cc/js/app.adb2714e.js	ScriptElement	177 kB	2024-06-15	2024-08-19
Pretty URL xxmb36ps.cc/js/app.adb2714e.js IP 104.21.70.43 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-15 15:04 Last Seen2024-08-19 19:55 Times Seen2 Hash e7cc2c789bcf0d46012a0a4e6c7e577e dd92ebdcc057110260cadd065a7af841f66c5cf9 1bd228f72a038e72ced5be516998a5a46aab2f303960002fcf05c17966bfcf61 Loading...

HTTP Transactions (20)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5c35a3180482afadf4e89f4cc249fa7b
8a088c184606fe3e4e0da8cd90b6eb5e6d30fb97
146fe131cf8436e3de4832a23b351400b4819dbd9b9716302248d3ab447f000c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "146FE131CF8436E3DE4832A23B351400B4819DBD9B9716302248D3AB447F000C"
Last-Modified: Sat, 15 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4677
Expires: Sat, 15 Jun 2024 19:53:36 GMT
Date: Sat, 15 Jun 2024 18:35:39 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17798
Expires: Sat, 15 Jun 2024 23:32:20 GMT
Date: Sat, 15 Jun 2024 18:35:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17798
Expires: Sat, 15 Jun 2024 23:32:20 GMT
Date: Sat, 15 Jun 2024 18:35:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17798
Expires: Sat, 15 Jun 2024 23:32:20 GMT
Date: Sat, 15 Jun 2024 18:35:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17798
Expires: Sat, 15 Jun 2024 23:32:20 GMT
Date: Sat, 15 Jun 2024 18:35:42 GMT
Connection: keep-alive

POST xxmb36ps.cc/invite

104.21.70.43

400 Bad Request

0 B

URL POST HTTP/3
xxmb36ps.cc/invite
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /invite HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 20
Origin: https://xxmb36ps.cc
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/invite/i=13615
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 400 Bad Request
date: Sat, 15 Jun 2024 18:35:42 GMT
content-length: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UR3iqkD72gcTaTrUfvIasM0a%2FntVpFgeFtjLxv96I7q9M9S4ellK%2FSCP2fgujuibPofqMfAqQN%2BZhAbBQHqX3CAobPCMkT3jwpryHMcj0uf0Kb5pK6R%2Fd7FtZSraWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8944a9554e5e56bd-OSL
alt-svc: h3=":443"; ma=86400

cdn.discordapp.com/attachments/1251189970886983843/1251190010523418655/xxu.mp4?ex=666dad00&is=666c5b80&hm=5ab54f3639f8d19cea1098a17b7862886212a4542d0109823a8ee21fcebf7884&

162.159.129.233

36 B

URL
cdn.discordapp.com/attachments/1251189970886983843/1251190010523418655/xxu.mp4?ex=666dad00&is=666c5b80&hm=5ab54f3639f8d19cea1098a17b7862886212a4542d0109823a8ee21fcebf7884&
IP
162.159.129.233:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
a1ca4bebcd03fafbe2b06a46a694e29a
ffc88125007c23ff6711147a12f9bba9c3d197ed
c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

HTTP Headers

GET /attachments/1251189970886983843/1251190010523418655/xxu.mp4?ex=666dad00&is=666c5b80&hm=5ab54f3639f8d19cea1098a17b7862886212a4542d0109823a8ee21fcebf7884& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 15 Jun 2024 18:35:42 GMT
content-type: text/plain;charset=UTF-8
content-length: 36
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ht13IgPe34oIT1bb%2FQNmmip%2BeWjqoE2QLJiYZTnldmyc0P3ZT28tgGwOqsXNYy8srF1IvYiARm%2FJ6Vb9tkF4fvIAz28BWSbysKyeFw1heEJO28Qo3mqZA8jpGf6Cn3LsYl5d5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cf_bm=y_jBlJhKk32l61SvrfCZIJHHc.b8o05iBPO7lwGM_dc-1718476542-1.0.1.1-Ds97VvGiGhGP.88Ri3S3oh91ep2ijhOzpppJDnE4JzIK.m27lvCD07BCG2c7iryPf0quWvt5uiV3zal4pZHruQ; path=/; expires=Sat, 15-Jun-24 19:05:42 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=1hR6wu2Xk6MHJM.OdMY71LfM0MHNnp2CDh8Pvy9E9SQ-1718476542557-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8944a956ed270b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xxrt34apx.cc/socket.io/?EIO=3&transport=websocket

104.21.43.28

0 B

URL
xxrt34apx.cc/socket.io/?EIO=3&transport=websocket
IP
104.21.43.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: xxrt34apx.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://xxmb36ps.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ak57gDCIIB76aq24juEocA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sat, 15 Jun 2024 18:35:42 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: QDTBGEagVtB49ewIiuOWmJWERoM=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F6p46%2Bbffdt1vHRS5jv5wcNlvQyluu9ZB2sdlnHpdzn%2BLdblBedEbzAZaQfEU%2Fsev8OaQ%2F4%2FnLlBpGwcFjNSonloB5EA%2FWEO5s2cKsqc5v5FWJeWxpPx5SlwW%2F031Zg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8944a956ba8656a4-OSL
alt-svc: h3=":443"; ma=86400

GET xxmb36ps.cc/img/icons/apple-touch-icon-152x152.png

104.21.70.43

200 OK

4.0 kB

URL GET HTTP/3
xxmb36ps.cc/img/icons/apple-touch-icon-152x152.png
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type
PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced
Size
4.0 kB (4046 bytes)
Hash
1a034e64d80905128113e5272a5ab95e
92328e60f63d690f33cd4961b9934a539dc29b82
4d9685d610c4411caadd8d36ce94d3303cf5b05c8e04d67fc232c16a4469a135

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/apple-touch-icon-152x152.png HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/invite/i=13615
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Jun 2024 18:35:42 GMT
content-type: image/png
content-length: 4046
last-modified: Sat, 15 Jun 2024 00:09:34 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VQrzWGldprsMmHHSz95FrAQLl3Jvkbvq6R0xYH%2F%2F7NJwQ9VEMgCmkq4WUW0r56vaIZQV797qxBiuW6PRmLhU%2FzQ%2Bn83pgcZgcrF9Mgzksl36NF0nx5yeziL%2FMGOZhw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8944a9580a8156bd-OSL
alt-svc: h3=":443"; ma=86400

ocsp.sectigochina.com/

104.18.38.66

472 B

URL
ocsp.sectigochina.com/
IP
104.18.38.66:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
4d863f8f33440826cdf9d2e68dcc145f
af81a9fbb5fbeccc8d7ac92baf0aea29658408c4
b2ae2d04f78e08ad3777f0c9ae75e0aa001abf07db2b9184c3c9c51829a062c7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 15 Jun 2024 18:35:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 12 Jun 2024 12:42:45 GMT
Expires: Wed, 19 Jun 2024 12:42:44 GMT
Etag: "af81a9fbb5fbeccc8d7ac92baf0aea29658408c4"
Cache-Control: max-age=325559,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8944a95d3e585689-OSL

GET b.yzcdn.cn/vant/icon-demo-1126.png

154.85.69.53

200 OK

8.9 kB

URL GET HTTP/2
b.yzcdn.cn/vant/icon-demo-1126.png
IP
154.85.69.53:443
ASN
#139057 LEGEND DYNASTY PTE. LTD.

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuersslTrus
Subject*.yzcdn.cn
Fingerprint6A:A8:BA:7C:D4:B4:86:0B:74:EB:E6:19:C8:69:2E:8B:13:6C:1E:1B
ValidityThu, 09 Nov 2023 00:00:00 GMT - Mon, 09 Dec 2024 23:59:59 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
8.9 kB (8886 bytes)
Hash
f87c46f346a5548224ccbe0b6bd75df5
8e8b8bd4ba3e6b6c8557d94a726061fdd62492fd
b6304eb9b754d38d3ad74d0acce42c156536840351368ed3e4895a6b50cd9370

HTTP Headers

GET /vant/icon-demo-1126.png HTTP/1.1
Host: b.yzcdn.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Jun 2024 18:35:43 GMT
content-type: image/png
content-length: 8886
server: openresty
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=2592000
content-disposition: inline; filename="icon-demo-1126.png"; filename*=utf-8''icon-demo-1126.png
content-md5: +HxG80alVIIkzL4La9dd9Q==
content-transfer-encoding: binary
etag: "Fo6Li9S6PmtshVfZSnJgYf3WJJL9"
last-modified: Mon, 26 Nov 2018 11:08:05 GMT
x-reqid: YyIAAAASg9geDiAX
x-svr: IO
x-qiniu-zone: 0
x-log: X-Log
x-ser: BC5_dx-lt-yd-zhejiang-huzhou-3-cache-7, BC165_lt-obgp-fujian-xiamen-33-cache-1, BC132_IT-Lombardia-Milan-1-cache-1, BC46_DE-Frankfurt-Frankfurt-11-cache-4
x-cache: HIT from BC46_DE-Frankfurt-Frankfurt-11-cache-4(cloudsvr)
X-Firefox-Spdy: h2

GET xxmb36ps.cc/getlog

104.21.70.43

200 OK

7.7 kB

URL GET HTTP/3
xxmb36ps.cc/getlog
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type
JSON text data
Size
7.7 kB (7734 bytes)
Hash
d4f6aa10c1d7af7e99a6c416fcce8257
f4a475a54294be507318c7d008855a4f43bc4acb
5d0ad17341bcf6c33d74da4f8e292fc46133d4876887f12e9fc9a1022a61b7b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /getlog HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/enter/register
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 15 Jun 2024 18:35:42 GMT
content-type: application/json; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GRpQYaTqh1pKCl%2BDeXwQd5W8ZHco1PC9Vbz3FW%2Fh0kPMSBWVqzyPt5NO3C5xg4QYCOo%2BMgxZWCpoj%2FMS3juJB6Me7UtPfpvfyvFAtW%2BMsYb0%2B%2BdkPYSg%2B3SGvHU25w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8944a9565fed56bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET xxrt34apx.cc/socket.io/?EIO=3&transport=websocket

104.21.43.28

101 Switching Protocols

0 B

URL GET HTTP/1.1
xxrt34apx.cc/socket.io/?EIO=3&transport=websocket
IP
104.21.43.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxrt34apx.cc
Fingerprint4B:70:30:4C:2C:80:C7:BB:05:97:FF:D2:EC:F1:8E:18:2E:52:F2:96
ValidityFri, 14 Jun 2024 13:38:18 GMT - Thu, 12 Sep 2024 13:38:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: xxrt34apx.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://xxmb36ps.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ak57gDCIIB76aq24juEocA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sat, 15 Jun 2024 18:35:42 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: QDTBGEagVtB49ewIiuOWmJWERoM=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F6p46%2Bbffdt1vHRS5jv5wcNlvQyluu9ZB2sdlnHpdzn%2BLdblBedEbzAZaQfEU%2Fsev8OaQ%2F4%2FnLlBpGwcFjNSonloB5EA%2FWEO5s2cKsqc5v5FWJeWxpPx5SlwW%2F031Zg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8944a956ba8656a4-OSL
alt-svc: h3=":443"; ma=86400

GET cdn.discordapp.com/attachments/1251189970886983843/1251190010523418655/xxu.mp4?ex=666dad00&is=666c5b80&hm=5ab54f3639f8d19cea1098a17b7862886212a4542d0109823a8ee21fcebf7884&

162.159.129.233

404 Not Found

0 B

URL GET HTTP/2
cdn.discordapp.com/attachments/1251189970886983843/1251190010523418655/xxu.mp4?ex=666dad00&is=666c5b80&hm=5ab54f3639f8d19cea1098a17b7862886212a4542d0109823a8ee21fcebf7884&
IP
162.159.129.233:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /attachments/1251189970886983843/1251190010523418655/xxu.mp4?ex=666dad00&is=666c5b80&hm=5ab54f3639f8d19cea1098a17b7862886212a4542d0109823a8ee21fcebf7884& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 15 Jun 2024 18:35:42 GMT
content-type: text/plain;charset=UTF-8
content-length: 36
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ht13IgPe34oIT1bb%2FQNmmip%2BeWjqoE2QLJiYZTnldmyc0P3ZT28tgGwOqsXNYy8srF1IvYiARm%2FJ6Vb9tkF4fvIAz28BWSbysKyeFw1heEJO28Qo3mqZA8jpGf6Cn3LsYl5d5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cf_bm=y_jBlJhKk32l61SvrfCZIJHHc.b8o05iBPO7lwGM_dc-1718476542-1.0.1.1-Ds97VvGiGhGP.88Ri3S3oh91ep2ijhOzpppJDnE4JzIK.m27lvCD07BCG2c7iryPf0quWvt5uiV3zal4pZHruQ; path=/; expires=Sat, 15-Jun-24 19:05:42 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=1hR6wu2Xk6MHJM.OdMY71LfM0MHNnp2CDh8Pvy9E9SQ-1718476542557-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8944a956ed270b06-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET xxmb36ps.cc/img/icons/favicon.svg

104.21.70.43

200 OK

2.7 kB

URL GET HTTP/3
xxmb36ps.cc/img/icons/favicon.svg
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type
HTML document, ASCII text, with very long lines (2886), with no line terminators
Size
2.7 kB (2720 bytes)
Hash
5dde6a28b7e61e5b27e1313b3138ffdf
28b06925800b6efffe8e883d38daa93f2fe1c341
04a0ebdab74a2464521339935fabca64207138924fca4f9b6436081837696697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon.svg HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/invite/i=13615
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Jun 2024 18:35:42 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Sat, 15 Jun 2024 09:58:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VRMAlmwCw4ySmbt5yDXCzl2uszgpD%2BBfqvAtVQUt49woz8JmK3WFYpriPGcYoUygmweiF5W8580TxT9dwcwO2qnaJPxW47kXsOwyVc%2FSZ9f%2FKME0vlRaZv1aymlMSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8944a9580a8556bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET xxmb36ps.cc/invite/i=13615

104.21.70.43

200 OK

2.7 kB

URL User Request GET HTTP/2
xxmb36ps.cc/invite/i=13615
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type
HTML document, ASCII text, with very long lines (2886), with no line terminators
Size
2.7 kB (2720 bytes)
Hash
5dde6a28b7e61e5b27e1313b3138ffdf
28b06925800b6efffe8e883d38daa93f2fe1c341
04a0ebdab74a2464521339935fabca64207138924fca4f9b6436081837696697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /invite/i=13615 HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 15 Jun 2024 18:35:40 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qiYIH%2F%2FFAMki1Tp2i0lG4FvuV4a8SKM0qsW8kyJk20F4LY9wyaWE2IqHWaNpf%2FR6S1%2F7cWVmQKcdiU95gQ%2FQbcajDtHUXVy8uvAe%2BMlUU8bWeVxni1PoH%2Fepj%2BjrbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8944a9491e54b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET xxmb36ps.cc/js/chunk-vendors.ea790e22.js

104.21.70.43

200 OK

949 kB

URL GET HTTP/3
xxmb36ps.cc/js/chunk-vendors.ea790e22.js
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type

Size
949 kB (949174 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.ea790e22.js HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/invite/i=13615
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Jun 2024 18:35:41 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sat, 15 Jun 2024 00:24:46 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8MDf5nB%2FAsT7LWVLhJoRXm4la7Mx%2FzfkiMiJP4RYQqh4c0rA3P7chF2nG7fkd8lBilWyTbAMNWMjpxQzlr1qa47vq3w9sQNuRs8%2BWCnvQOqrLvIU5hwbUvZnBiO5jA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8944a94b9fb656bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET xxmb36ps.cc/js/app.adb2714e.js

104.21.70.43

200 OK

177 kB

URL GET HTTP/3
xxmb36ps.cc/js/app.adb2714e.js
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type

Size
177 kB (177227 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.adb2714e.js HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/invite/i=13615
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Jun 2024 18:35:41 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sat, 15 Jun 2024 00:19:28 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6VX%2FDNbp91oo53kiRYEgbCUxlnz04HJRANIlr0OEEs%2BIyXVUz6HNZ%2F1MzjmI2oBN8Q4s482l1ECPBL3CnC5AB9EekGSqEvEwHym2psgF8Fs%2F7adhmdf08B3TiWDqNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8944a94b9fb956bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET xxmb36ps.cc/css/chunk-vendors.c57533e1.css

104.21.70.43

200 OK

156 kB

URL GET HTTP/3
xxmb36ps.cc/css/chunk-vendors.c57533e1.css
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
156 kB (156544 bytes)
Hash
ebfffebc1f62c3be51082e6595a0a005
e278fbd6fd48150b3f366b50ed388983d934978c
f5ce9e73e1f7cea326eedd4f39d9b2d703ba4ccb31a6078cdc1fb16481298a32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-vendors.c57533e1.css HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/invite/i=13615
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Jun 2024 18:35:40 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 15 Jun 2024 00:09:31 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DAyaNIWfo95cTDVToWE6IRzqWpXsw%2FqqU5wjN88DenRRZXhjKhf3%2FRcrGdz6o85c%2FO%2BTnEHFhQTYGP10t8Vm%2BVuZOZm1QqlUFS%2BIpEtaXm086T%2FwDL0FUgzSp6JrHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8944a94b9fbd56bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET xxmb36ps.cc/css/app.b699e78f.css

104.21.70.43

200 OK

16 kB

URL GET HTTP/3
xxmb36ps.cc/css/app.b699e78f.css
IP
104.21.70.43:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xxmb36ps.cc/invite/i=13615
Certificate
IssuerGoogle Trust Services
Subjectxxmb36ps.cc
Fingerprint29:24:8B:50:4D:F1:37:E5:EC:36:04:20:DB:F4:16:76:6E:7A:9E:2C
ValidityFri, 07 Jun 2024 15:53:10 GMT - Thu, 05 Sep 2024 15:53:09 GMT

File type
ASCII text, with very long lines (15613), with no line terminators
Size
16 kB (15613 bytes)
Hash
35704f75b93c557f9123f3f2e1de9d6b
87ffb92b14aebb048a0f2b4e36acc87bb5c90c7d
430315c362e45029cd040f1dad8546af2bf3805822fb93de9d7bdf5a04020b81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.b699e78f.css HTTP/1.1
Host: xxmb36ps.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xxmb36ps.cc/invite/i=13615
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 15 Jun 2024 18:35:40 GMT
content-type: text/css; charset=utf-8
last-modified: Sat, 15 Jun 2024 00:09:24 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wVtF7sEVv0CBdYtB0pkr%2FXbFXV0uJR34zBzySbB4pts2epSeUP9pezq1c8%2BRNh%2Bj%2BZCTT4o70eJxbmzPLnKCsUeYPkcQc42QLh49mTlhC%2BYhUNCbWNJFiv9tVG90fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8944a94b9fc256bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL POST HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers