GET jetrich.xyz/_next/static/chunks/1408-fe7c3ce70d8392be.js
200 OK 28 kB URL GET jetrich.xyz/_next/static/chunks/1408-fe7c3ce70d8392be.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (27490), with no line terminators
Hash 85bd519acc218d6e690288de70504c40
50e184081942d4d7ca8c4aed2bf234da2ef829e4
ed689f95eef51d58bda9076da575fb8a62d109424be07f5d84b4a3799dd5aeb4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/1408-fe7c3ce70d8392be.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 26 Mar 2025 11:56:47 GMT
etag: W/"6b62-195d24fe818"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 303465
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qgp5NcN1E7YQ8zNgyAl9yBPntlAqyMqfr%2BevniwF4muig7NJu9QPyXzIT94vTmqvDGWyZrLMR%2B%2FEPZaGO8p15iya50ey9xQVjFtvT01BOAbDMj27xSliNPSwWRLxzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a188ff1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=690&recv=48&lost=0&retrans=0&sent_bytes=776107&recv_bytes=13601&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=333&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=%2Fimages%2Fuser-categories%2Fbonuses.png&w=48&q=75
200 OK 1.8 kB URL GET jetrich.xyz/_next/image?url=%2Fimages%2Fuser-categories%2Fbonuses.png&w=48&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image
Hash 9a19e693b33186645b06e2e1d4d79220
eb7a7d060775f05e186fc96ea70cb74c47548530
3b6a30aad44bad2a5baf6564b431583e2e9b22953769e2cf2e8051f18c8ba872
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=%2Fimages%2Fuser-categories%2Fbonuses.png&w=48&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 1838
vary: Accept
cache-control: public, max-age=60, must-revalidate
etag: O2owqtRLrSpbr2VktDFYPi6bIpU3aeLPLoBR8YyLqHI
content-disposition: attachment; filename="bonuses.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: STALE
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qr6ADWIkKxOk5tgG8Sb4Kl4WydCupsitoUOqWTJca8%2Frra6Mx6KauifNSNXE9Op2m5ynX28u1cZbegtCfMf%2BbgBuuHVsaN%2FV2KPHLMA2w8SAoAtmxwws850y4I9tzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5aadf1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2169&min_rtt=891&rtt_var=896&sent=1649&recv=96&lost=0&retrans=0&sent_bytes=1866795&recv_bytes=24636&delivery_rate=7671515&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1002&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fb0e43817a756466aa1d1ee48ba0ff56d.webp&w=384&q=75
200 OK 26 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fb0e43817a756466aa1d1ee48ba0ff56d.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash e29f3fb03a472048f7bb376640cb2dbc
c0b573ee65dcb16f882152a64f4d18cb9a56d1cc
2bf0cb25585cc6f3bf681f5fe92077929be1f4e48bc4943d4273879d844b674b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fb0e43817a756466aa1d1ee48ba0ff56d.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 26380
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: K_DLJVhcxvO_aB9f6SB3kpvh9OSLxJQ9QnOHnYRLZ0s
content-disposition: attachment; filename="b0e43817a756466aa1d1ee48ba0ff56d.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MTIxGFvPPJ6V4%2F2X3MfMT%2FgCkYCraxtN0jaN1QlMmF8YGxx8cBD%2BmVxmxZ05aeTIqgVXnoy2HTOdKUrqugyFxHfaqTEN4mjS3OBRzCxsV1ntoluCYidFiQiuc7XVCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5dafd1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1689&min_rtt=891&rtt_var=526&sent=1787&recv=116&lost=0&retrans=0&sent_bytes=2008628&recv_bytes=30403&delivery_rate=8513308&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1038&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/9517-6823f2ab09284cf7.js
200 OK 8.0 kB URL GET jetrich.xyz/_next/static/chunks/9517-6823f2ab09284cf7.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (8064), with no line terminators
Hash cf283d77a08cb9992a1306bb9bf056b0
0c42c497a085d8791befe2cffd78ec7c0287bf22
04caafe78ec9e3841db131075303c419a6868fafe3028d7f50db4625134fe9b1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/9517-6823f2ab09284cf7.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"1f10-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
age: 328707
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sT8g6Y7sxnb5jyeUa%2FKZtW3XaWvFhT0sEeVY7SnlysQBR4jr%2FoKe6HWA8%2BY4NaKq6tOZeELMenPvuukMu8li90uTJvNtkL8K8c5nQ46eNyk8RqDqI47Gj5Qh0Y7DqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a168ea1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2255&min_rtt=918&rtt_var=1138&sent=645&recv=40&lost=0&retrans=0&sent_bytes=729507&recv_bytes=10474&delivery_rate=45674913&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=312&x=1", cfExtPri, cfHdrFlush;dur=0
GET jtsupport.rox.chat/api/visitor/v1/configs/default?jsonp=true
200 OK 6.2 kB URL GET jtsupport.rox.chat/api/visitor/v1/configs/default?jsonp=true
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type ASCII text, with very long lines (7046), with no line terminators
Hash e1ec1c10379f616b5441f26f24d963d8
254eee32c3a7e9fe0ff65dddb5bb1371f32a23fc
2fac70f57600db28447f084b49e89ca0b6fd42d5ff888969c56e5dc69254b03b
GET /api/visitor/v1/configs/default?jsonp=true HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:40 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 6248
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: ROXCHAT_LOCALE=en; Domain=rox.chat; HttpOnly; Max-Age=86400000; Path=/; Secure
X-Frame-Options: allow-from https://front.jtstage.xyz/ https://jetton.icu/ https://jetton.games/ https://jetton.buzz/ https://jt-front-main-gitlab-prod.vercel.app/ https://jetton.onl/ https://jetton.uno/
OPTIONS content-firebaseappcheck.googleapis.com/v1/projects/jetton-17a71/apps/1:272619236406:web:9086f1f8da8bfaccb2fc97:exchangeRecaptchaEnterpriseToken?key=AIzaSyAqeAbaOXgU4gCSTpvCysERS2X2DVgfzEo
200 OK 0 B URL OPTIONS content-firebaseappcheck.googleapis.com/v1/projects/jetton-17a71/apps/1:272619236406:web:9086f1f8da8bfaccb2fc97:exchangeRecaptchaEnterpriseToken?key=AIzaSyAqeAbaOXgU4gCSTpvCysERS2X2DVgfzEo
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /v1/projects/jetton-17a71/apps/1:272619236406:web:9086f1f8da8bfaccb2fc97:exchangeRecaptchaEnterpriseToken?key=AIzaSyAqeAbaOXgU4gCSTpvCysERS2X2DVgfzEo HTTP/1.1
Host: content-firebaseappcheck.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-firebase-client
Referer: https://jetrich.xyz/
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://jetrich.xyz
vary: origin, referer, x-origin
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-firebase-client
access-control-max-age: 3600
date: Sun, 30 Mar 2025 06:31:43 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ff77d099adebf491f995f0e309518caff.webp&w=384&q=75
200 OK 21 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ff77d099adebf491f995f0e309518caff.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash c8e971fb710289dc5a1ca616affa91f0
8a0c70ddfe999bdea4393c217f7bcfb67bc654be
fea76ad2e05c81300b42455eab681f9d001f39015b3c2827c01999ad3ba74dc9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ff77d099adebf491f995f0e309518caff.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 20562
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: _qdq0uBcgTALQkVeq2gfnQAfOQFbPCgnwBmZrTunTck
content-disposition: attachment; filename="f77d099adebf491f995f0e309518caff.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 928590a5dafc1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/static/chunks/webpack-4b577f50a48aea76.js
200 OK 5.4 kB URL GET jetrich.xyz/_next/static/chunks/webpack-4b577f50a48aea76.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (5521), with no line terminators
Hash 011a5f3cc8d5a229f51896cee8e4a3e7
4f86a3775e5f2114b0fc8f02b1fb3d09871db50a
77d8635f7218d4074cb0cee98325e781973f9e27932efb03cf2f06837b93bc7f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/webpack-4b577f50a48aea76.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Sat, 29 Mar 2025 12:12:55 GMT
etag: W/"1507-195e1d1c158"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 65526
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aV%2F9BBlEl3mr0zw6rZy%2FCGcu4LJGmEcP99dDrZ6GPlzltbZLrbpatbrb1JBCe5lcTO9C5RJL9E7VDMpo7PJjWYD7ZG%2BHBq4Mx7kzXAajJoQAq%2FZqSThfUpDROIFhkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a138bb1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3585&min_rtt=2849&rtt_var=1594&sent=31&recv=19&lost=0&retrans=0&sent_bytes=16358&recv_bytes=4591&delivery_rate=208464&cwnd=12000&unsent_bytes=0&cid=040386cfa809f468&ts=280&x=1", cfExtPri, cfHdrFlush;dur=10
GET jetrich.xyz/_next/static/chunks/48cec039-86d66e4e04698617.js
200 OK 980 kB URL GET jetrich.xyz/_next/static/chunks/48cec039-86d66e4e04698617.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Size 980 kB (980150 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/48cec039-86d66e4e04698617.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 14 Mar 2025 13:56:43 GMT
etag: W/"ef4b6-19594f16578"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1254000
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EBDfmAZ1EVx8ypXTLeWpS95iwOSYOMGxj2ypLzujAkdqG052vnjWt72ELUp51uZu8BvwDorGlWnAxeteSN7%2BUwh2NbzxzWTbgKAPbCQMhDLV8tYEjDBkSa%2FDrmMpzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a138bc1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3585&min_rtt=2849&rtt_var=1594&sent=31&recv=19&lost=0&retrans=0&sent_bytes=16358&recv_bytes=4591&delivery_rate=208464&cwnd=12000&unsent_bytes=0&cid=040386cfa809f468&ts=282&x=1", cfExtPri, cfHdrFlush;dur=8
GET jetrich.xyz/_next/static/chunks/c473e9eb-ed350806da9046fd.js
200 OK 578 kB URL GET jetrich.xyz/_next/static/chunks/c473e9eb-ed350806da9046fd.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Size 578 kB (577775 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/c473e9eb-ed350806da9046fd.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 14 Mar 2025 13:56:43 GMT
etag: W/"8d0ef-19594f16578"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1254000
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KdvQVHngZPwc6GAFvKmMyyu8Pbu2LoEJ7%2BmZWJlD%2F784eqTMI1%2By9JnYfS23O2x4ocKL%2B81JCFzQmMnF4ha1Addoc8fM3n1ZF%2Be0hcr7lG5%2BRojobSv2muJmytFgLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a188fd1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=779&recv=49&lost=0&retrans=0&sent_bytes=877021&recv_bytes=13915&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=335&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/8785-f50755eb8d7d903b.js
200 OK 86 kB URL GET jetrich.xyz/_next/static/chunks/8785-f50755eb8d7d903b.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash a626bfab46faa5957218acd9ad4e73a5
f0d48f7b79b943c06aaf998e5291b7002f25dcc5
bbdf85a0a89866b7ac652e74725ae29c9cc2c31c407eb69d954ebdcb85258eee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/8785-f50755eb8d7d903b.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"14f8a-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 328704
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PvzWUkb46VMORsA4S7qUGAWxlIYOMRH9tV4GpcssWofTh2BxQZ1GwlNOln9ZO1rlv8iN%2F7sLW6WjSQw080bzEKl8v28%2F9%2BKMGDgvPHVKeIJR32F28e3ZBhWtMBo1pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1a9141bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2929&min_rtt=918&rtt_var=1279&sent=1097&recv=58&lost=0&retrans=0&sent_bytes=1249648&recv_bytes=17317&delivery_rate=16144464&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=354&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Faf21c798-9f6e-4a6f-aeaf-cf368fea78f0.png&w=828&q=75
200 OK 37 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Faf21c798-9f6e-4a6f-aeaf-cf368fea78f0.png&w=828&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 828x506, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 4caf9c612f840e127c43d4781d7a44cb
4b6a4a00523eba5da3ae014796348de461c9ac0f
bca830ffcb232615f8ff2ea0e8c4d5fb8abc06c27bd7a8322043280be378bf8c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Faf21c798-9f6e-4a6f-aeaf-cf368fea78f0.png&w=828&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 36694
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: vKgw_8sjJhX4_y6g6MTV-4q8BsJ716gyIEMoC-N4v4w
content-disposition: attachment; filename="af21c798-9f6e-4a6f-aeaf-cf368fea78f0.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dRERTo8GuTk1CZpgnOMIxBNGVkTdIul7JETY4WadN0htDof2%2BJ7oE2pF1XBi58A%2FXMRckpUIwgEBZh%2FxB%2F%2F6dT1%2FFr5qyBbgJ7JRwQLRFohjSVN5SQpNTQKs7mThuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1c9281bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2303&min_rtt=918&rtt_var=953&sent=1379&recv=81&lost=0&retrans=0&sent_bytes=1563656&recv_bytes=21615&delivery_rate=2352646&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=484&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Ff0aa9ef0-a384-4f19-b8a2-8b4b40145627.png&w=384&q=75
200 OK 15 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Ff0aa9ef0-a384-4f19-b8a2-8b4b40145627.png&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 336x328, Scaling: [none]x[none], YUV color, decoders should clamp
Hash cd536519f73c284b64c9be02bfcf1510
271b53919e8f7ae18932fc05c6197776122b19e3
2bdf9361a9815ea898d5595d56b9f05daadb3c63b9257e67fff2f544c484cde7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Ff0aa9ef0-a384-4f19-b8a2-8b4b40145627.png&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 15416
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: K9-TYamBXqiY1VldVrnwXarbPGO5JX5n__L1RMSEzec
content-disposition: attachment; filename="f0aa9ef0-a384-4f19-b8a2-8b4b40145627.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zEOoeBseyglNwNi%2FznxX0m6eECopYciYksoDD6KOF9sf%2Br9PYi%2B%2BEhscc8t2vPUb2qPcbVpfCkzu6CknP6aTep4sDKvo62ab0%2Bx74s%2BGB72VT8YgbhAu6xI3WEGmaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1d9361bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2303&min_rtt=918&rtt_var=953&sent=1392&recv=81&lost=0&retrans=0&sent_bytes=1578105&recv_bytes=21615&delivery_rate=2352646&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=485&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/images/support/support-bg.png
200 OK 146 kB URL GET jetrich.xyz/images/support/support-bg.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type PNG image data, 392 x 328, 8-bit/color RGBA, non-interlaced
Size 146 kB (145507 bytes)
Hash 167942f9b769f972781a9058afafb855
fa0aa1e42df3e94b9aea397a03a0231476bf5e70
bd90079a88ead87110703135be0cf9e1d3ac7b651bebf7bc1ac9a2a410df4fa0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /images/support/support-bg.png HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/_next/static/css/d6b0855f7dd431ab.css
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/png
content-length: 145507
server: cloudflare
cache-control: public, max-age=14400
last-modified: Sun, 09 Mar 2025 18:39:46 GMT
etag: W/"23863-1957c34bd50"
cf-cache-status: EXPIRED
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 928590a4aa6e1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/static/chunks/3023-05abb8512b66cdb4.js
200 OK 61 kB URL GET jetrich.xyz/_next/static/chunks/3023-05abb8512b66cdb4.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (61158), with no line terminators
Hash 1d9998583585b93a12135b89fd226553
f62fb83a3886494378daf861347f72daaa48a01d
79de5e23b6f41a1405b96a2c9fa6ffcdf0d6ea5e4688aa80221fd9f1d43910d0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/3023-05abb8512b66cdb4.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Fri, 28 Mar 2025 16:18:19 GMT
etag: W/"eee6-195dd8c10f8"
vary: Accept-Encoding
content-encoding: gzip
age: 136662
cf-cache-status: HIT
priority: u=3,i=?0
server: cloudflare
cf-ray: 928590a199071bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F698532fd9af4484ca8fcbcdce464718b.webp&w=384&q=75
200 OK 14 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F698532fd9af4484ca8fcbcdce464718b.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash fae8601289103d7788e88dcd2bad8652
890ac09041b42b44e3494a06bdf99c46e2393a2c
7a132bf84446fbe171446bb48f39b8d06bf4a7557bb91abf559b6ead69793c29
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F698532fd9af4484ca8fcbcdce464718b.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 14040
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: ehMr-ERG--FxRGu0jzm40Gv0p1V7uRq_VZturWl5PCk
content-disposition: attachment; filename="698532fd9af4484ca8fcbcdce464718b.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6pyakoxPIPRkWB2aJeKyg6f0dVrXSEPZ7k6KOYnCJSjboyoDUNJI3748U0ZitT3b0YAIL3s7MNBeTuosxDCvktxj0DjZ0udUqOZ7UDG6%2ByLWTX63tGN4ZBJ0z7k%2F5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5eafe1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1804&min_rtt=891&rtt_var=483&sent=1836&recv=119&lost=0&retrans=0&sent_bytes=2062711&recv_bytes=31598&delivery_rate=11776349&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1045&x=1", cfExtPri, cfHdrFlush;dur=0
OPTIONS tournament.cloudfire.app/
204 No Content 0 B URL OPTIONS tournament.cloudfire.app/
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS / HTTP/1.1
Host: tournament.cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type
Referer: https://jetrich.xyz/
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sun, 30 Mar 2025 06:31:38 GMT
vary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: *
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-headers: authorization,content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UHRfwMYx7BmwudExQO32SpMdI90vvPZhT4Ims%2FPug%2BuDP2V32QQYkVjEo928vHfGzZheK4W1n0hbcdLWZMABhtVoKmN9SRc5Gy%2FLtSZDiqhomgvTXOGxUnm3W3lULTd7FEIvkCTKHqqj%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b1ad20b4f9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1427&min_rtt=399&rtt_var=1439&sent=19&recv=18&lost=0&retrans=1&sent_bytes=5166&recv_bytes=1610&delivery_rate=8274285&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=1087&x=0"
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/image?url=%2Fimages%2Fauth%2Fbanner-en.png&w=640&q=75
200 OK 30 kB URL GET jetrich.xyz/_next/image?url=%2Fimages%2Fauth%2Fbanner-en.png&w=640&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image
Hash 211e8a09763b64e7b2a24014117c1223
fb72c6cc696f994a4600b56ebc2f3c310727d4a9
021c3bb853bc9a53f12e19d2a01816f32463b6268f18053178df3fcf4f500fa2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=%2Fimages%2Fauth%2Fbanner-en.png&w=640&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c; can_open_registration_modal=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: image/webp
content-length: 30036
vary: Accept
cache-control: public, max-age=60, must-revalidate
etag: Ahw7uFO8mlPxLhnSoBgW8yRjtiaPGAUxeN8_z09QD6I
content-disposition: attachment; filename="banner-en.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: STALE
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fJLZ5muv3pzMLksQtkpq1hzlzUrsNgAoLGC56sJVffvYSYaqiwe%2BNYHYTwyCtj5Vv0rLPrnKAjJC23UA2tb5IaQ6EZwnyWFreBoJSO0TXs71U2MJqFqyO8poRsf8VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b6da051bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1594&min_rtt=800&rtt_var=456&sent=2340&recv=144&lost=0&retrans=0&sent_bytes=2630514&recv_bytes=35922&delivery_rate=16461&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=3750&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/3111-b95af3c5f8a7187d.js
200 OK 9.9 kB URL GET jetrich.xyz/_next/static/chunks/3111-b95af3c5f8a7187d.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (10027), with no line terminators
Hash 8233d90d4b5e129257f4a44751c09146
ccdf15b80fe5e92fc76f954ddf6b8ee65eae0b55
d39ad4782a4b4ab030471ee64bf58b73ae18bbd1eb6a4579d1ff7fe05dfbf4e6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/3111-b95af3c5f8a7187d.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"26a0-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
age: 328707
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hFdUHqc5C2GYcnByrXNXVJc9aUfdJed90bGnLfZ5729EXPEMV%2B3%2BR2O3t%2BwQOYgdbMe2vmc%2F7KwamljftIKk2yydEdrP6xnQ7jwdWKuZYOO0q%2FVHVpi9%2BKZZodwm6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a178f41bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2255&min_rtt=918&rtt_var=1138&sent=653&recv=40&lost=0&retrans=0&sent_bytes=738328&recv_bytes=10474&delivery_rate=45674913&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=317&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/7680-08b8f38a61ed05de.js
200 OK 8.0 kB URL GET jetrich.xyz/_next/static/chunks/7680-08b8f38a61ed05de.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (8086), with no line terminators
Hash dd2985c1f4405f7fd8c964c914fd2119
ed33c001334b9eb55d545d5c441b7c62f107c431
4e569c32847eabcb20adc239977d52eff7330f515762ee0aadf74cef48a6a00b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/7680-08b8f38a61ed05de.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"1f50-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 700159
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivDEj5mjNUT%2FXkTwLet96URc%2FydIQyFwTY9qmP0WDcjrLipS86L0IPO4w3ESTBY4BjKrLtceBcU8hj0078fYsPkC7ksCjrZN3k5zXkcZBo6lxRRSrCmAtVIxVJu3XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a188fb1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=676&recv=48&lost=0&retrans=0&sent_bytes=760100&recv_bytes=13601&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=332&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/4565-ee42bd718463d93d.js
200 OK 27 kB URL GET jetrich.xyz/_next/static/chunks/4565-ee42bd718463d93d.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (27378), with no line terminators
Hash 6b60ff9b72f8a72bd8e23201553fd774
ab3af3642ff8f8bee1ea1af5f361b58f042f1bff
5ab17a2f55d003c26a642e636c7cba39a1df3ec63120aed6d5d98f88bb1c8939
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/4565-ee42bd718463d93d.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"6af2-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 700158
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IrTw8UuQ6f%2FhsAjwCYkGIXYNcVqU2%2B%2BBx8fgBFeAOaUEK8hnZWkmSBKAE3czjfNQSVuUecDy758hZY1R5%2Fi6PQTxeYOMZr8LNZpTLZUyw%2BX2YwbJfI7g6JMANptSbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1a9131bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2894&min_rtt=918&rtt_var=1029&sent=1145&recv=59&lost=0&retrans=0&sent_bytes=1306182&recv_bytes=17362&delivery_rate=1513647&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=354&x=1", cfExtPri, cfHdrFlush;dur=0
GET tonkeeper.com/assets/tonconnect-icon.png
200 OK 3.8 kB URL GET tonkeeper.com/assets/tonconnect-icon.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjecttonkeeper.com
Fingerprint4A:8F:36:18:B5:6C:CC:EE:6B:81:8E:46:B5:81:ED:7D:1F:8E:33:44
ValiditySun, 02 Mar 2025 00:43:25 GMT - Sat, 31 May 2025 01:43:20 GMT
File type PNG image data, 288 x 288, 8-bit/color RGB, non-interlaced
Hash c5347b0d696ae11f2f5b3f554a22b947
32e634daefdcdb2b4e69a32c76e5a431a64fd42f
7dfcb629bcffa853b06362c4b73d3198888bc01ab6b1b68a84409bde0b5481bd
GET /assets/tonconnect-icon.png HTTP/1.1
Host: tonkeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: image/png
content-length: 3795
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "28430af1f378c22ac4ef6c3762d07739"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9s4%2FbsnbVFaizDLWG8ganqEa4p7hyJgoIVWY%2Fd0OXb6H3QDapvKqEz4K2gnBW7ACTiiR95ikbUXNmmp%2Bww5xK8DJZITvdZQaLax4uRhBOo5SmkWGLh1worfRvrk8kbmg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5480
accept-ranges: bytes
server: cloudflare
cf-ray: 928590b7784d56c4-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=2029&min_rtt=435&rtt_var=2862&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3188&recv_bytes=1088&delivery_rate=7109656&cwnd=254&unsent_bytes=0&cid=8d5aae674ef71abd&ts=49&x=0"
X-Firefox-Spdy: h2
GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
200 OK 562 kB URL GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
Size 562 kB (561652 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 221651
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 30 Mar 2025 06:12:55 GMT
expires: Mon, 30 Mar 2026 06:12:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 24 Mar 2025 02:01:29 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 1125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/chunks/6741-b45b3bac41b7ac27.js
200 OK 24 kB URL GET jetrich.xyz/_next/static/chunks/6741-b45b3bac41b7ac27.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (23462), with no line terminators
Hash 0a97382b71dcfda23e36664b6a1976e1
3b9923b3cab2c9ec06cca1bd4f15f892c182566c
519fa048bddbeb898b39069f4dae12c564e7d8ecc7b99845c2712419c82adb9b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/6741-b45b3bac41b7ac27.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"5ba6-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 328709
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AsNQ%2BqKbLkX%2FZ%2FynA0ynrzVcgqFquGo0UZj0pu72d0a3hB7a8SmK0hi33PZr1JO4l%2FopqlK8hduDioB49F1rzd2QvXL5XTJjDcoLwpEhRi%2FDPyVxLFRrVSonDXiU4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a148d01bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2983&min_rtt=1155&rtt_var=1780&sent=202&recv=31&lost=0&retrans=0&sent_bytes=213050&recv_bytes=8400&delivery_rate=21046311&cwnd=96000&unsent_bytes=0&cid=040386cfa809f468&ts=298&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/9868-f5fb19543fd78061.js
200 OK 8.6 kB URL GET jetrich.xyz/_next/static/chunks/9868-f5fb19543fd78061.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (8702), with no line terminators
Hash bc9266d7d5c25e9140b374400bdc6f07
a4e099ffb40c1722f0bfb9b9973d63c12e72fdf5
4db3480e326831daa2b0a29e37b0f4672ff2df7936f1277478c71a48c84e814e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/9868-f5fb19543fd78061.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"2192-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
age: 328708
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=luGoVTT64NN6lJ8GN3wWpIAX8vyFaR%2Ff5Jl6TuZuqjPl68bYQzwW48CWbX6rG%2Bb1zjk2P4M7nJDIJAhSRh2r%2F3byb1MqfIBHClecWSQuBcRG1uN5uoDwWMfu2M0kVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a158d61bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2725&min_rtt=918&rtt_var=1851&sent=223&recv=33&lost=0&retrans=0&sent_bytes=237076&recv_bytes=8790&delivery_rate=30551608&cwnd=108000&unsent_bytes=0&cid=040386cfa809f468&ts=299&x=1", cfExtPri, cfHdrFlush;dur=3
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fd050d235-6142-4293-84d2-73e525affd7c.png&w=384&q=75
200 OK 15 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fd050d235-6142-4293-84d2-73e525affd7c.png&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image
Hash 1b8e3268965abb0b419a72d2873e175e
74feb0ebd2c0b2cb860de02733ee31a45702cfe8
519bc287262d3ec5d06f4b22313d2d599c911381e514a91e5922e68d231f6ccf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fd050d235-6142-4293-84d2-73e525affd7c.png&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 14768
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: UZvChyYtPsXQb0siMT0tWZyRE4HlFKkeWSLmjSMfbM8
content-disposition: attachment; filename="d050d235-6142-4293-84d2-73e525affd7c.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 928590a1c9291bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fed76225e-77c9-4e1e-81ae-623f20e89590.webp&w=384&q=75
200 OK 15 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fed76225e-77c9-4e1e-81ae-623f20e89590.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 7e443f0d4ccff0db7257da41228d68cc
ac523f01faf4b0f90fd53c643454b350af1e1321
6c6bc22a75d2221c81de0ba1f90235980a2a00a50927a716d243049b2f5d843f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fed76225e-77c9-4e1e-81ae-623f20e89590.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 14864
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: bGvCKnXSIhyB3guh-QI1mAoqAKUJJ6cW0kMEmy9dhD8
content-disposition: attachment; filename="ed76225e-77c9-4e1e-81ae-623f20e89590.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2BUFjokBsskNuaZsDWPh00fFiWVzCu2Gyy7JtY059dNS%2FqYUkIjau%2Fyh4FJkxF5DifqG0%2F9f4HK7dFknIOy2rGzkWWCc%2BYxSj0VIgZGq0oG4%2BENIzELMMjDhZJodRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5fb1a1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1902&min_rtt=800&rtt_var=1102&sent=1913&recv=125&lost=0&retrans=0&sent_bytes=2144831&recv_bytes=32914&delivery_rate=7587&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1057&x=1", cfExtPri, cfHdrFlush;dur=0
GET www.google.com/recaptcha/enterprise.js
200 OK 1.0 kB URL GET www.google.com/recaptcha/enterprise.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint2F:CC:05:C5:14:C4:CD:A4:26:05:31:F9:67:40:7C:D3:39:74:34:0C
ValidityMon, 10 Mar 2025 08:37:46 GMT - Mon, 02 Jun 2025 08:37:45 GMT
File type JavaScript source, ASCII text, with very long lines (1001), with no line terminators
Hash 398f5cf7a7b955adbe9a3faf11cf2e82
2fcc7f6469e83200277545f73cfbe2167b161507
b66899375a1e2c9cc27d26f0de82719f4df7219e360a47e016608e558518d1b7
GET /recaptcha/enterprise.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sun, 30 Mar 2025 06:31:38 GMT
date: Sun, 30 Mar 2025 06:31:38 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET cloudfire.app/api/v1/languages?mode=1
302 Found 2.0 kB URL GET cloudfire.app/api/v1/languages?mode=1
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/languages?mode=1 HTTP/1.1
Host: cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Type: application/json
Authorization:
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sun, 30 Mar 2025 06:31:38 GMT
content-length: 0
location: /api/v1/languages/cached?mode=0
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qqKhntCw74iLC6ztUyHMOv%2FYup%2F%2FchAyTbGlQZafbaXTTA0k4eiz303fbYvRoSteqwNmTpgbyZGCU4Qix7g1pNEGYtIFAqgLl0nXkvZ2E433MtoNOwpkct3cuwnTR4w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590b1cd2fb4f9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1512&min_rtt=399&rtt_var=1249&sent=20&recv=19&lost=0&retrans=1&sent_bytes=5689&recv_bytes=1689&delivery_rate=8274285&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=1103&x=0"
X-Firefox-Spdy: h2
GET jtsupport.rox.chat/v/images/upload.png
200 OK 5.6 kB URL GET jtsupport.rox.chat/v/images/upload.png
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type PNG image data, 252 x 192, 8-bit/color RGBA, non-interlaced
Hash 7b5802fbdfcaff9ccd0826fa008c38ba
bec3747315222740af2524067fdb193ba5cd3dd4
455f8ff96a7775e51c6766e041b6d94f324729236e4f11cee602d5374d4c70e6
GET /v/images/upload.png HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:40 GMT
Content-Type: image/png
Content-Length: 5607
Last-Modified: Wed, 05 Mar 2025 02:36:26 GMT
Connection: keep-alive
ETag: "67c7b8aa-15e7"
X-Frame-Options: allow-from https://front.jtstage.xyz/ https://jetton.icu/ https://jetton.games/ https://jetton.buzz/ https://jt-front-main-gitlab-prod.vercel.app/ https://jetton.onl/ https://jetton.uno/
Accept-Ranges: bytes
GET fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL GET fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
Requested by https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Mar 2025 09:18:45 GMT
expires: Fri, 27 Mar 2026 09:18:45 GMT
cache-control: public, max-age=31536000
age: 249176
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/chunks/4bd1b696-8b5d3368d8cca717.js
200 OK 167 kB URL GET jetrich.xyz/_next/static/chunks/4bd1b696-8b5d3368d8cca717.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 167 kB (167438 bytes)
Hash 3aeabc280bdb82f90ae6db94d2b15afe
84ec808283b575acbec7c4d0c3dbc0061faaa6f0
3060b45da6c6cdcb6c448bba2669abd7407f490774c5bc4ea034789dfe90ee61
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/4bd1b696-8b5d3368d8cca717.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"28e0e-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703754
priority: u=3,i=?0
cf-ray: 928590a138bf1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/(main)/layout-420d0e905bd83efd.js
200 OK 130 kB URL GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/(main)/layout-420d0e905bd83efd.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Size 130 kB (130317 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/app/%5Blocale%5D/(main)/layout-420d0e905bd83efd.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Sat, 29 Mar 2025 10:28:28 GMT
etag: W/"1fd0d-195e17220e0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 70688
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bi7vup9buyA6kIxXoe1jRh%2B8YLfqD1urxJH8AmU57WNpRYLPnppWMn4RT2XRp7%2BEf23tCPeBJTBp4GRZnQKLAWHqQTPzJ2u86DJdH4PixmaTiSqbl0CfZFCG%2F0y2%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1a9101bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2929&min_rtt=918&rtt_var=1279&sent=1107&recv=58&lost=0&retrans=0&sent_bytes=1261648&recv_bytes=17317&delivery_rate=16144464&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=354&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fd720d723-0259-4e6f-912e-cf58784a56e1.png&w=828&q=75
200 OK 32 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fd720d723-0259-4e6f-912e-cf58784a56e1.png&w=828&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image
Hash 74e7bf2c7b504f996aea9002994fec48
080da4d4bf5689d6faf123cbde150ca266f6317f
8541e29c5e52c6c94bfbeb155d9b933886fb47eb6969e98aba2587e6d29bbe8a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fd720d723-0259-4e6f-912e-cf58784a56e1.png&w=828&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: image/webp
content-length: 32236
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: hUHinF5SxslL--sVXZuTOIb7R-tpaemKuiWH5tKbvoo
content-disposition: attachment; filename="d720d723-0259-4e6f-912e-cf58784a56e1.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JP9vOJi4T5meVw6K63KvdoHorqG%2BO1VF4RvQffLjUWGLzxC83kOjTaKwZpYe3yc87XqxlvXpbOFXsK2eePM5UnBBA%2F%2FK%2F%2FlbWJRtfs9e71JuqSgGXF8nbpcpMuNcGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1c9241bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3061&min_rtt=918&rtt_var=592&sent=1224&recv=73&lost=0&retrans=0&sent_bytes=1386695&recv_bytes=21250&delivery_rate=1177715&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=392&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F8d464130-9e0d-4025-a371-55d42417a391.webp&w=384&q=75
200 OK 15 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F8d464130-9e0d-4025-a371-55d42417a391.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash ef484abf7328cdd62f4f9958ac34b1ef
9f5a2d8ecf77c9cabbb6642b3a4afa93972d5c32
863750314546a502368fb5424e6f0309e97b2e4be835065b3a1c814434b57eb9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F8d464130-9e0d-4025-a371-55d42417a391.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 15070
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: hjdQMUVGpQI2j7VCTm8DCel7LkvoNQZbOhyBRDS1frk
content-disposition: attachment; filename="8d464130-9e0d-4025-a371-55d42417a391.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kr5bnGZ6z46Hx4uMRdGxgw%2B9eFDOSVoaiD82lk8OwF4cNY%2FybdSrlh5Ee29anWdw0jgZUlNXvwECfz3M4VD%2FPvJsjL8GXf94ejjRYJW5BQ2%2Fs%2B%2BJ8apQ7Z1I0y8rjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5fb151bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1741&min_rtt=800&rtt_var=906&sent=2040&recv=127&lost=0&retrans=0&sent_bytes=2290058&recv_bytes=33006&delivery_rate=14112353&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1066&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/favicon/android-chrome-512x512.png
200 OK 183 kB URL GET jetrich.xyz/favicon/android-chrome-512x512.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size 183 kB (182723 bytes)
Hash 2045e1561fdd8e8efbe3668e5f370145
3b11fcc89cbbb8a75d6c19e5daa9b019a7c9a0d1
3d4219ecbddf8df2866691e2fc191945bf97293eef193181b331a239b8ba5577
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon/android-chrome-512x512.png HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/png
content-length: 182723
cache-control: public, max-age=14400
last-modified: Tue, 25 Feb 2025 14:20:45 GMT
etag: W/"2c9c3-1953d7b4a48"
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4xsu5uMokVDTb8mvgsfiTghE%2B2eKI5Y8p8dbN%2F3CxDzEpR8H9S%2B8K8RNZZtaRHxzlGjezCqHaieIqq1eX5kKFeaEIvF%2FUh2Wem64f%2B%2FOMffcBfGx48ADNk3QGV3RoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590a6bb661bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1485&min_rtt=800&rtt_var=483&sent=2133&recv=136&lost=0&retrans=0&sent_bytes=2390918&recv_bytes=33999&delivery_rate=758340&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1209&x=1", cfExtPri, cfHdrFlush;dur=0
GET jtsupport.rox.chat/v/images/file.svg
200 OK 9.3 kB URL GET jtsupport.rox.chat/v/images/file.svg
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type SVG Scalable Vector Graphics image
Hash 4908c83c195f30626bc90351b6d3dcfe
8c401122c1a9a72614f7bf74ecf535f6e1cc64ea
c80dbaacb91db35659e6d79de470a37e9703c203f397cd85a662545ad83a6819
GET /v/images/file.svg HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:40 GMT
Content-Type: image/svg+xml
Content-Length: 9286
Last-Modified: Wed, 05 Mar 2025 02:36:26 GMT
Connection: keep-alive
ETag: "67c7b8aa-2446"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
200 OK 0 B URL POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subject*.google.com
FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Length: 1596
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/binary
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
date: Sun, 30 Mar 2025 06:31:43 GMT
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F38d44a6f-f5f4-4f79-9531-4ec2d8c7b130.webp&w=384&q=75
200 OK 24 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F38d44a6f-f5f4-4f79-9531-4ec2d8c7b130.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash faee8872eade2837672b5566c267c3a5
f0635e1b7a885add39478551ecfe0fe0ab8a3fe7
67532a47160f4e25131741ff8fc639b2366659aeee4dacdbc61c1a0a744e2ffd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F38d44a6f-f5f4-4f79-9531-4ec2d8c7b130.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 24504
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: Z1MqRxYPTiUTF0H_j8Y5sjZmWa7uTazbxhwaCnROL_0
content-disposition: attachment; filename="38d44a6f-f5f4-4f79-9531-4ec2d8c7b130.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XnMty5cMIBrqXxc%2FgryEMT%2FdJR70PevCvY93nM0EMu%2FlXB%2FyXryutB8HGP7UkofeKsbx%2BWuVvPR8ajVeNQfuB1eHxTPtqL4wL4yr0L%2BsdLGQUOs3KFzsqRp6%2FF7%2BNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5dafb1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1689&min_rtt=891&rtt_var=526&sent=1750&recv=116&lost=0&retrans=0&sent_bytes=1966744&recv_bytes=30403&delivery_rate=8513308&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1036&x=1", cfExtPri, cfHdrFlush;dur=0
GET cloudfire.app/api/v1/me/geo
200 OK 4 B URL GET cloudfire.app/api/v1/me/geo
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 5657ed29c12b83d04aa2428999d82ee6
608e6a98317eb7908403910cfe578404d0525d4a
eb8576cc8b4ddec21be393b2e69d98c5ea32df4040b02d626aab0b6c5bfb2e25
GET /api/v1/me/geo HTTP/1.1
Host: cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Type: application/json
Authorization:
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:37 GMT
content-type: application/json
content-length: 4
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L3tOT%2FoG3zhLwj5LBtj4Psois8Ug8fAAyfe8B1bpOpTuKEIsVCakbzTd7CZgEm0YmvolnaU5cTf71fseYXHXXMvuJEjkzo%2BDN%2FBb02N78kqkKocXKAajHJ85GNkfAzg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590aba940b4f9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=924&min_rtt=399&rtt_var=800&sent=12&recv=13&lost=0&retrans=1&sent_bytes=4116&recv_bytes=1324&delivery_rate=8274285&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=110&x=0"
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/chunks/3907-92089368746ea951.js
200 OK 68 kB URL GET jetrich.xyz/_next/static/chunks/3907-92089368746ea951.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/3907-92089368746ea951.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Thu, 20 Mar 2025 14:56:34 GMT
etag: W/"108c1-195b40e58d0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 821679
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ee0MME%2FrisyrC5NHEAxx%2BVDbeLWd6JZEHy9cp84RUfIIAySrWw93LhbTetbMS%2BOZ8ZWLaAuf%2B0Pe4IJ9TomKdB3L1QDUBFzOCrk76zl7P%2FN9oa1Vr69MuhFEoohVPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a148ce1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3244&min_rtt=1262&rtt_var=1677&sent=131&recv=30&lost=0&retrans=0&sent_bytes=129050&recv_bytes=8355&delivery_rate=2035717&cwnd=96000&unsent_bytes=0&cid=040386cfa809f468&ts=298&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/5666-8c55f8607075a5be.js
200 OK 16 kB URL GET jetrich.xyz/_next/static/chunks/5666-8c55f8607075a5be.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (15795), with no line terminators
Hash a39e40cf687dadea324d897403be2625
2568e9ad2478fd7b7e2bafa14e49a6eabb3961f4
e93defd4849cfc1fcf10f1b1da9c273106118354f242dbaa93805b8b4980c460
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/5666-8c55f8607075a5be.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"3db3-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703753
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aF%2FYC4RdMrpIg4FLUOelVEb0SasFET16ZripfU9CMdq51VoTJotGgZ6%2FJvXap3r%2FHp8cLMlTknC0FN3BShBodvqncCeypFelgqauRFUwvsTLy1%2BnU3YWKdnfQgj3ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a148cd1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3527&min_rtt=2147&rtt_var=1480&sent=121&recv=29&lost=0&retrans=0&sent_bytes=117050&recv_bytes=8310&delivery_rate=963632&cwnd=96000&unsent_bytes=0&cid=040386cfa809f468&ts=297&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/(main)/(with-footer)/page-018dcdad711f5017.js
200 OK 54 kB URL GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/(main)/(with-footer)/page-018dcdad711f5017.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (54266), with no line terminators
Hash 54ef5bd019ea9b20c257cebe409b6937
8da452be0fb876e78f01a09b0a9e2c2605c5ce82
11e50d02532d1a887cef6a395c1c0b150be8c5e0319147afa9f2abc4b455501c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/app/%5Blocale%5D/(main)/(with-footer)/page-018dcdad711f5017.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 28 Mar 2025 16:18:19 GMT
etag: W/"d3fa-195dd8c10f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 136665
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ni82Vu6lx2hhuxhYYzPLQNvEaWcW%2B9wteKG5DsSaj%2FLQpu%2BmVenGylWYAqGflI%2Fq2DtwohazbH9ai8UgI76JVg%2BmEaGHCdwZnEhUcQ8oLK9SC5%2B59GxrJ57eOMvORw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a188fc1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=680&recv=48&lost=0&retrans=0&sent_bytes=764107&recv_bytes=13601&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=332&x=1", cfExtPri, cfHdrFlush;dur=0
GET s.pvcliping.com/web/public_image/SafePal_x288.png
200 OK 735 B URL GET s.pvcliping.com/web/public_image/SafePal_x288.png
IP
ASN #139057 LEGEND DYNASTY PTE. LTD.
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerTrustAsia Technologies, Inc.
Subjects.pvcliping.com
Fingerprint8E:1A:B5:6E:AD:3E:9F:71:8C:7A:4F:2C:6E:E2:6C:B3:D8:E1:F9:0D
ValiditySat, 18 Jan 2025 00:00:00 GMT - Fri, 18 Apr 2025 23:59:59 GMT
File type PNG image data, 288 x 288, 4-bit colormap, non-interlaced
Hash 0538634f954d877d5ed633b704fc475d
97cf8e669eafa065d964a577c7f58af15d7555ac
2173dbf44e5b986d15cb52b206af9e85e2dcc4808aebd6f7f29fdb5949f5fa4a
GET /web/public_image/SafePal_x288.png HTTP/1.1
Host: s.pvcliping.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:40 GMT
content-type: image/png
content-length: 735
server: openresty
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=31536000
content-disposition: inline; filename="SafePal_x288.png"; filename*=utf-8''SafePal_x288.png
content-md5: 0538634f954d877d5ed633b704fc475d
content-transfer-encoding: binary
etag: "FpfPjmaer6Bl2WSld8f1ivFddVWs"
last-modified: Thu, 15 Dec 2022 09:28:55 GMT
x-log: X-Log
x-m-log: QNM:dal51;QNM3
x-m-reqid: 3YwAABr97KBEStoX
x-qiniu-zone: na0
x-qnm-cache: Hit
x-reqid: pAQAAACX5OFDStoX
x-svr: IO
x-ser: i8923_c7628, i58866_c11118, i1940279_c22417
x-cache: HIT from i1940279_c22417(cloudsvr)
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/media/a34f9d1faa5f3315-s.p.woff2
200 OK 49 kB URL GET jetrich.xyz/_next/static/media/a34f9d1faa5f3315-s.p.woff2
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type Web Open Font Format (Version 2), TrueType, length 48556, version 1.0
Hash d4fe31e6a2aebc06b8d6e558c9141119
bcdc4f0b431d4c8065a83bb736c56ff6494d0091
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/media/a34f9d1faa5f3315-s.p.woff2 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
DNT: 1
Connection: keep-alive
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: font/woff2
content-length: 48556
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 26 Mar 2025 11:56:47 GMT
etag: W/"bdac-195d24fe818"
cf-cache-status: HIT
age: 234321
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xxfoCjNXvHIobW349SHzQjgFwceprw1f9dqppL1IG6U0MLaNafwz5M6Qn0uRXhpI0vkkPgD8FMzoC4waxPnHuKk4WmaXDEOvBqw8mTSnIVXiyzQjuT27ldWuml47%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590a76bab1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1518&min_rtt=800&rtt_var=487&sent=2293&recv=139&lost=0&retrans=0&sent_bytes=2579134&recv_bytes=34453&delivery_rate=17255729&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1277&x=1", cfExtPri, cfHdrFlush;dur=0
GET static.mytonwallet.io/icon-256.png
200 OK 10 kB URL GET static.mytonwallet.io/icon-256.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectstatic.mytonwallet.io
Fingerprint30:7A:FC:AA:99:06:AC:1C:75:44:E9:99:F3:45:3E:C4:ED:D1:28:47
ValidityMon, 17 Feb 2025 16:30:18 GMT - Sun, 18 May 2025 17:30:10 GMT
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Hash 334885d1da24902ecde573e485cfa332
33485ebda5ec0311d85836cc718a6c636b63917c
c118a1052afbf6ba48c68608d60199bf9584d69274bbce32737f93956034b673
GET /icon-256.png HTTP/1.1
Host: static.mytonwallet.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: image/png
content-length: 9992
cf-cache-status: REVALIDATED
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "cfbe71e8be178cc37f934b1e256505d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KPXUhbiR%2Bts5QfPFXKDVg1Jv7G9Cf1epkcOLqlybg1TYV3%2F5nzQGHTEi4zxeW%2BM0s0uywTuXaywmuz8WtHDCN74ThuT6bceYI2McnNou5zMQ62LLZNhnniRLTmkXusVR3He4hynhKOM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-ray: 928590b7bd9fb503-OSL
X-Firefox-Spdy: h2
GET raw.githubusercontent.com/bitgetwallet/download/refs/heads/main/logo/png/bitget_wallet_logo_288_mini.png
200 OK 37 kB URL GET raw.githubusercontent.com/bitgetwallet/download/refs/heads/main/logo/png/bitget_wallet_logo_288_mini.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash 6bb353a8c37f0a61af11454904e2d0f4
f227b2035ecceb1edd8192e2df67d9e1a48fa75b
6b210b9cfb7afe1e3459c46970fcc2609ed5cab1fff8444b6fe26d7232c10f79
GET /bitgetwallet/download/refs/heads/main/logo/png/bitget_wallet_logo_288_mini.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"824255cdaf277aad1aebc23d45947c3d631207d437e31e4c8fca3b8a94d8a52e"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 4970:1C4B36:24DE651:29E504D:67D8D4A2
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 57
x-timer: S1743316300.537355,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 507df6571749fb51bb85cb3e72167b5a9875c499
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 225
content-length: 37318
X-Firefox-Spdy: h2
GET jtsupport.rox.chat/images/jtsupport_site_logo.png?1738855340489359
200 OK 12 kB URL GET jtsupport.rox.chat/images/jtsupport_site_logo.png?1738855340489359
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Hash cf891ebe7083b16b40ed73ef1e589b9a
cf9040a14ed176d2444cc8b9c4c063f569bc837b
e9b39620c8b10963222598889b4a15041d72a6661fbf52490cd8c6a4265ca27e
GET /images/jtsupport_site_logo.png?1738855340489359 HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:40 GMT
Content-Type: image/png
Content-Length: 12383
Connection: keep-alive
Last-Modified: Wed, 05 Mar 2025 02:36:26 GMT
X-Cache: HIT
POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
200 OK 0 B URL POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subject*.google.com
FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Length: 1596
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/binary
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
date: Sun, 30 Mar 2025 06:31:43 GMT
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET jetrich.xyz/_next/static/chunks/8173-a9ed6bb5562b7e45.js
200 OK 10 kB URL GET jetrich.xyz/_next/static/chunks/8173-a9ed6bb5562b7e45.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (10146), with no line terminators
Hash ced2d61c728875a58af9151e6dcd7add
ab8c3f4648f608cc19faed2b4e598b5708aeeedd
ba1efa2b4f46d86aad5670db86db001e511db249deb2743438e0a92b5670eef3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/8173-a9ed6bb5562b7e45.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"27a2-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703753
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwyaA%2Bvi6UUn7A4l7ntWJDKiZAyrs0%2BAB7Lv0kiyOj2VOiGdw%2Bni5ekZcmujWwshtv32ssHWYmMFByezQXQaEcdupPopjXSAB69qWYNG6hJuOvizo%2Buy1%2FnJLoRkFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a138c31bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3925&min_rtt=2849&rtt_var=1876&sent=53&recv=20&lost=0&retrans=0&sent_bytes=40358&recv_bytes=4635&delivery_rate=45522&cwnd=24000&unsent_bytes=0&cid=040386cfa809f468&ts=286&x=1", cfExtPri, cfHdrFlush;dur=8
GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/not-found-47644d1096687968.js
200 OK 10 kB URL GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/not-found-47644d1096687968.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (10245), with no line terminators
Hash d2550915baa69a3a734e5ce3bb3a79b8
ba120266d7e8fd0a0c3574994c8dd0e53de1bab4
fedc6952b5aae99ea4c0a8846d4d6d629fafe8ac3beb41034300556cf01e8dd0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/app/%5Blocale%5D/not-found-47644d1096687968.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"2805-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 328703
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6YvZF%2BDJ%2Ftbe1IvlZmSRtVGIDGZKNimoUmX9a3UMhs%2FlgMiYyD%2FIFeyKZTl3igt0gq42HB%2F7UihxB%2BtjjyyhZrjBg%2B8ultVY0jiJimaN4ZYxTUDP4BDF5i6%2BHz%2FV%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1a9171bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2839&min_rtt=918&rtt_var=881&sent=1177&recv=61&lost=0&retrans=0&sent_bytes=1341124&recv_bytes=17813&delivery_rate=3591507&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=356&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc1b33d72-555d-4c0f-948f-6bab90ac498a.webp&w=384&q=75
200 OK 15 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc1b33d72-555d-4c0f-948f-6bab90ac498a.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash e28c8546b6cfa415138a19df9a3ac93c
8005e6d3afdd989b43ae8e7c211445d41058da56
b0e3b035cc8c0576c804002376a69ce0e942b5a0fe376a57fc3d18d5f9780d62
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc1b33d72-555d-4c0f-948f-6bab90ac498a.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 15118
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: sOOwNcyMBXbIBAAjdqac4OlCtaD-N2pX_D0Y1fl4DWI
content-disposition: attachment; filename="c1b33d72-555d-4c0f-948f-6bab90ac498a.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NQ8ab98tFPaKkYrAv7naZgcLPirlAmeRGlcthswMQTXYE9tzpWj0UgCMahta5ZIsPCZjoD2Q8rmN%2FJRJ98HbSnKmLGH7DmhWP0Muj7AECXr6PuAbxe8X%2FcjM5Sx7Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5eb091bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1830&min_rtt=800&rtt_var=971&sent=1955&recv=126&lost=0&retrans=0&sent_bytes=2191475&recv_bytes=32960&delivery_rate=3821785&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1059&x=1", cfExtPri, cfHdrFlush;dur=0
GET www.google.com/recaptcha/enterprise.js
200 OK 1.0 kB URL GET www.google.com/recaptcha/enterprise.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint2F:CC:05:C5:14:C4:CD:A4:26:05:31:F9:67:40:7C:D3:39:74:34:0C
ValidityMon, 10 Mar 2025 08:37:46 GMT - Mon, 02 Jun 2025 08:37:45 GMT
File type JavaScript source, ASCII text, with very long lines (1001), with no line terminators
Hash 398f5cf7a7b955adbe9a3faf11cf2e82
2fcc7f6469e83200277545f73cfbe2167b161507
b66899375a1e2c9cc27d26f0de82719f4df7219e360a47e016608e558518d1b7
GET /recaptcha/enterprise.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sun, 30 Mar 2025 06:31:38 GMT
date: Sun, 30 Mar 2025 06:31:38 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET jetrich.xyz/api/v1/ton_manifest
200 OK 147 B URL GET jetrich.xyz/api/v1/ton_manifest
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash dae77436c98482e2485934e96984408c
8245f9a2f24ea14fe143be397ab61bddfb2dcc2f
5c909586125ca477ffa2e045798a685cb4f25b035f91448907a18a5cc8e2402f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /api/v1/ton_manifest HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Content-Type: application/json
DNT: 1
Connection: keep-alive
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c; can_open_registration_modal=false
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:38 GMT
content-type: application/json
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qXz%2F2UvAWitDpvV%2Bpu18mnUAeiZcvsShqk1W5qhkkD1MWiImxdjgVdKyN%2FQy7RpUj04%2FJG2uZvLVtV3rJOZ0LULxBlvqWDsFxJOkw22l0iEE4wukz%2Frni9QmTZXwGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b358ab1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1509&min_rtt=800&rtt_var=382&sent=2337&recv=141&lost=0&retrans=0&sent_bytes=2629697&recv_bytes=34829&delivery_rate=4248708&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=3202&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/css/d6b0855f7dd431ab.css
200 OK 71 kB URL GET jetrich.xyz/_next/static/css/d6b0855f7dd431ab.css
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4a6189d6d3c20da6956c9e7fd3b374c3
dd1ff6404539e5d73585097bd993169c42597d55
224914f6b39782ebd9c7188f4294417e640039ecb8238cf771423a95bfd645ec
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/css/d6b0855f7dd431ab.css HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Sat, 29 Mar 2025 12:12:55 GMT
etag: W/"1150a-195e1d1c158"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 65526
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bh1NUM7EcxvJGI1m76b0o8onotblwHqaV8emR8VWi6D7uz%2FEo3lJmv9aXr9lSgEOyCMm7aereoAE4%2FuDP98OICELnf92ZJbGCfjU1FzSKCCrkmwO%2BkZkOFemvnt3Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a138b81bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3585&min_rtt=2849&rtt_var=1594&sent=20&recv=18&lost=0&retrans=0&sent_bytes=4332&recv_bytes=4278&delivery_rate=208464&cwnd=12000&unsent_bytes=0&cid=040386cfa809f468&ts=278&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/8365-c712c6df5a7bae8c.js
200 OK 13 kB URL GET jetrich.xyz/_next/static/chunks/8365-c712c6df5a7bae8c.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (13231), with no line terminators
Hash 212e27ca27ec97e8f47fdf1f910e72da
e55e1a5f24dbba03f3e2e01b528e46c026009fe7
84202cf76a02de93167abb0d0ecc009a147557b72b11a18a16617336c523c386
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/8365-c712c6df5a7bae8c.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Thu, 20 Mar 2025 14:56:34 GMT
etag: W/"33af-195b40e58d0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 821680
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3NUcetM%2BwGI7FageS3%2F9oV6QXDJTVkhD785EZ78ebPFocoFc3tXlafjHJZVdYNIOvVqWRVFZMUZ2NtU778F6EDyL5dLPNsreEPmwgFiJ8WAMMUF14qRu3icIzhfuaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a158de1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2405&min_rtt=918&rtt_var=1599&sent=293&recv=37&lost=0&retrans=0&sent_bytes=321076&recv_bytes=9793&delivery_rate=16822084&cwnd=216000&unsent_bytes=0&cid=040386cfa809f468&ts=304&x=1", cfExtPri, cfHdrFlush;dur=0
OPTIONS cloudfire.app/api/v1/me/geo
200 OK 2 B URL OPTIONS cloudfire.app/api/v1/me/geo
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /api/v1/me/geo HTTP/1.1
Host: cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type
Referer: https://jetrich.xyz/
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:37 GMT
content-type: text/plain; charset=utf-8
content-length: 2
vary: Origin
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://jetrich.xyz
access-control-allow-headers: authorization,content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ngxYXYzGaFOJ4kfdfrzUlMvsnjxCcxyY9WPQph2zNtiqNicnhECR%2BAwFmlTzBhafBgKhk0XgaOPTNkyAZlRipmVasMqqAhgFQe9PO0%2FVw%2F9AI7TDs0k7ssTKNxFxJ7E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590ab48f8b4f9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=837&min_rtt=399&rtt_var=835&sent=9&recv=11&lost=0&retrans=1&sent_bytes=3294&recv_bytes=1211&delivery_rate=8274285&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=81&x=0"
X-Firefox-Spdy: h2
GET pub.tomo.inc/logo.png
200 OK 32 kB IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerAmazon
Subjecttomo.inc
Fingerprint3C:77:A4:A9:32:AD:F8:06:1A:23:25:1D:AF:C0:5D:A3:E6:96:9D:8B
ValidityTue, 11 Feb 2025 00:00:00 GMT - Thu, 12 Mar 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash 919e9d56d1057f74ed5a9fd39ac13e52
f884859bb49147a9837a9b61209b6774497d0a59
4baddae8be2cf233cf8f3fcd6d15ad5bae93a6b0283cdf2b37ad68d77c4b54a3
GET /logo.png HTTP/1.1
Host: pub.tomo.inc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 31552
last-modified: Fri, 06 Sep 2024 05:43:42 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sun, 30 Mar 2025 06:30:42 GMT
etag: "919e9d56d1057f74ed5a9fd39ac13e52"
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qVUAxsJIIxSkCj-3Snpf9s2-aK2KTEUCncvU-Q_xWuVdl9lxLHKAeQ==
age: 59
vary: accept-encoding, Origin
X-Firefox-Spdy: h2
GET jtsupport.rox.chat/v/images/files.svg
200 OK 12 kB URL GET jtsupport.rox.chat/v/images/files.svg
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type SVG Scalable Vector Graphics image
Hash a05b040566ca5377535a07f94adb66ac
fd3d544bf14f3c9ad33f6c9d17a861371d7b684d
e85418c502fc12e921c30c21ab3c5ab58dd063e19b73fa231bd0d7bec2a605a7
GET /v/images/files.svg HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:40 GMT
Content-Type: image/svg+xml
Content-Length: 11762
Last-Modified: Wed, 05 Mar 2025 02:36:26 GMT
Connection: keep-alive
ETag: "67c7b8aa-2df2"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
200 OK 562 kB URL GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
Size 562 kB (561652 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 221651
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 30 Mar 2025 06:12:55 GMT
expires: Mon, 30 Mar 2026 06:12:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 24 Mar 2025 02:01:29 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 1125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F9ec84bad-5e79-498b-a71f-ce7ae85cc916.webp&w=384&q=75
200 OK 22 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F9ec84bad-5e79-498b-a71f-ce7ae85cc916.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash c3fb2e7a406f8324a8eef068f45e737a
a4854ca7211b18aab26ac3a42abbdb1b38ee455d
ce3cadb2110a9e3006dff7952f5bbbba6b3c66731b226d4002d07e73cdf05775
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F9ec84bad-5e79-498b-a71f-ce7ae85cc916.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 21992
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: zjytshEKnjAG3_eVL1u7ums8ZnMbIm1AAtB-c83wV3U
content-disposition: attachment; filename="9ec84bad-5e79-498b-a71f-ce7ae85cc916.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ewpmFOlZeJH5w%2B%2BGBUHI%2F7u4u9PqlmdDIoa79C1oAj9biCf1H3FzrYlhGq8ftiOGOB69rUGvOloVfXYKXr65%2FXtrJtvcvrUeQ0zpPxVD18fT0zCxnc5I%2FQg9ugv%2B6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a60b241bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1741&min_rtt=800&rtt_var=906&sent=1969&recv=127&lost=0&retrans=0&sent_bytes=2206735&recv_bytes=33006&delivery_rate=14112353&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1065&x=1", cfExtPri, cfHdrFlush;dur=0
GET tonhub.com/tonconnect_logo.png
200 OK 69 kB URL GET tonhub.com/tonconnect_logo.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjecttonhub.com
Fingerprint67:1C:96:87:A1:84:4A:53:27:75:4E:51:91:6D:18:F6:E3:4E:64:CA
ValidityWed, 19 Feb 2025 03:44:52 GMT - Tue, 20 May 2025 04:44:48 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash aafd05d9de4af75985d1b39589517d53
4a55ca19e919bee7bc4a3fd4240c47b8a75f0a9b
6781d3a7cdd5d44f7083892ec03d04058bca8214da9e7f27300e9a68e5b6aff3
GET /tonconnect_logo.png HTTP/1.1
Host: tonhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: image/png
content-length: 69267
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
content-disposition: inline; filename="tonconnect_logo.png"
etag: "aafd05d9de4af75985d1b39589517d53"
last-modified: Thu, 13 Mar 2025 00:25:49 GMT
strict-transport-security: max-age=63072000
x-matched-path: /tonconnect_logo.png
x-vercel-cache: HIT
x-vercel-id: cdg1::8jc7p-1742257366356-38d396e26db2
cf-cache-status: HIT
age: 190930
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L0owXnIL73HWc%2B9qu5Zv5Umv3%2Fm6HzLU1wMNPi%2FOs9dob6ETxOxtgsdSdvWNb8JYKwpnbC3vjH9MSw7Y5QXbJMPzjGxjsuAvuA1J52stT13HK7yd7VNEIT%2BOf1U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590b7fa4ab51e-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1939&min_rtt=466&rtt_var=2960&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3270&recv_bytes=1204&delivery_rate=7489655&cwnd=254&unsent_bytes=0&cid=2154dbf8db2b1717&ts=99&x=0"
X-Firefox-Spdy: h2
GET img.gatedataimg.com/prd-ordinal-imgs/036f07bb8730716e/gateio-0925.png
200 OK 8.0 kB URL GET img.gatedataimg.com/prd-ordinal-imgs/036f07bb8730716e/gateio-0925.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerAmazon
Subject*.gatedataimg.com
FingerprintAB:91:5C:72:CA:87:6F:97:B4:CF:F1:84:02:48:35:8A:A6:83:BD:18
ValidityThu, 20 Feb 2025 00:00:00 GMT - Sat, 21 Mar 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash f97807ae7ba8f30ccf818e0a427a0f3c
f27822f62c669f0cc0c8ce0dc75936bb59d72c64
8c2e6fc90600c3ab7c3d1c974a33113b08715852ec04de8d244a35a884a1261d
GET /prd-ordinal-imgs/036f07bb8730716e/gateio-0925.png HTTP/1.1
Host: img.gatedataimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 8030
last-modified: Wed, 25 Sep 2024 03:59:03 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sun, 30 Mar 2025 00:52:45 GMT
etag: "f97807ae7ba8f30ccf818e0a427a0f3c"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4CPJ_1bfmpW90wS-eD2ptmsMQVjsI9lYLlz73YUMfE8eNx4QOXYQrg==
age: 20348
X-Firefox-Spdy: h2
GET wallet.ton.org/assets/ui/qr-logo.png
200 OK 5.4 kB URL GET wallet.ton.org/assets/ui/qr-logo.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectton.org
Fingerprint82:CD:F7:E0:D1:63:F0:41:B7:07:12:DB:39:61:33:B5:0B:5C:01:FB
ValidityThu, 13 Mar 2025 20:04:10 GMT - Wed, 11 Jun 2025 21:03:47 GMT
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Hash bd4264d4c32c16d646517faf4462e5be
df6493d70355759579c8941728747814ac5f081d
6da4766fae3c3ba2cb931c8b3485461fddc96d6244cdc45fdb800e70e0e1a0ec
GET /assets/ui/qr-logo.png HTTP/1.1
Host: wallet.ton.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: image/png
content-length: 5386
permissions-policy: interest-cohort=()
last-modified: Fri, 21 Mar 2025 10:11:29 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: "67dd3b51-150a"
expires: Fri, 21 Mar 2025 10:24:32 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 192E:4EBD4:10072A:1023C6:67DD3C08
via: 1.1 varnish
x-served-by: cache-fra-etou8220071-FRA
x-cache: HIT
x-cache-hits: 1
x-timer: S1743174951.867281,VS0,VE2
vary: Accept-Encoding
x-fastly-request-id: 29b290dbe5a78dc576fc17b39a0065c4558ee1c7
cf-cache-status: HIT
age: 580
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H5P5oh1XqAcpZO3HYomkpoW1tBunOlw6pvwAEUV6H7YB8D36xS5%2FyflTvdwy1YzCa%2Ft36FASYSS%2BesDnsC8uanAW7VXB8kiiwesDJCzjbePueLc25TPD2Fq5nwqE5g9a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b8cbc45694-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1310&min_rtt=419&rtt_var=1711&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3265&recv_bytes=1213&delivery_rate=7729537&cwnd=254&unsent_bytes=0&cid=4f074d16e929988e&ts=118&x=0"
X-Firefox-Spdy: h2
GET jtsupport.rox.chat/images/cursor.png
200 OK 591 B URL GET jtsupport.rox.chat/images/cursor.png
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type PNG image data, 17 x 27, 8-bit/color RGBA, non-interlaced
Hash 4fa7bdcd138f8aee5178f0d4f926595b
6d3a5103766e97395bebbd2ffe811b2e7ad3c7c0
a1fb1b429d644ad011e6bd98701d1951138d3f973bda19ce3411e1c1d65ef35e
GET /images/cursor.png HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:40 GMT
Content-Type: image/png
Content-Length: 591
Last-Modified: Wed, 05 Mar 2025 02:36:26 GMT
Connection: keep-alive
ETag: "67c7b8aa-24f"
X-Frame-Options: allow-from https://front.jtstage.xyz/ https://jetton.icu/ https://jetton.games/ https://jetton.buzz/ https://jt-front-main-gitlab-prod.vercel.app/ https://jetton.onl/ https://jetton.uno/
Accept-Ranges: bytes
GET jtsupport.rox.chat/v/images/default-department-logo.png
200 OK 16 kB URL GET jtsupport.rox.chat/v/images/default-department-logo.png
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Hash 53a142e29b647ceba5a2adf6cc69b919
37fc7f6523e5f4d9e01157c70acc74069bfff416
a5b367cc08f01ae61da2109c04047ee7e218df860be597c35d4ca7e064fea63a
GET /v/images/default-department-logo.png HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:40 GMT
Content-Type: image/png
Content-Length: 15479
Last-Modified: Wed, 05 Mar 2025 02:36:26 GMT
Connection: keep-alive
ETag: "67c7b8aa-3c77"
X-Frame-Options: allow-from https://front.jtstage.xyz/ https://jetton.icu/ https://jetton.games/ https://jetton.buzz/ https://jt-front-main-gitlab-prod.vercel.app/ https://jetton.onl/ https://jetton.uno/
Accept-Ranges: bytes
GET public.bnbstatic.com/static/binance-w3w/ton-provider/binancew3w.png
200 OK 3.3 kB URL GET public.bnbstatic.com/static/binance-w3w/ton-provider/binancew3w.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerAmazon
Subject*.bnbstatic.com
FingerprintB6:1B:54:95:24:D9:6E:82:4D:80:FE:48:0E:E5:03:C5:E6:B1:37:36
ValidityWed, 25 Sep 2024 00:00:00 GMT - Thu, 23 Oct 2025 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash 5a11a30728446ef34ac8014d50ec00f7
1db62c52214cbc93f970d9555d83e4efdb8830c5
807e8174dace81c78fc32dbfcf20bba9317bb6502a47c6697245abeb5edc13b9
GET /static/binance-w3w/ton-provider/binancew3w.png HTTP/1.1
Host: public.bnbstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3327
last-modified: Tue, 24 Sep 2024 17:31:20 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 27 Mar 2025 03:15:27 GMT
cache-control: public, max-age=604800
etag: "5a11a30728446ef34ac8014d50ec00f7"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 8LeYhjctHgC8D6rHVQLDk8MA1HoA3PCdKbyFt24AB0bFgMkFm_Y2-A==
age: 270973
X-Firefox-Spdy: h2
GET static.okx.com/cdn/assets/imgs/247/58E63FEA47A2B7D7.png
200 OK 1.5 kB URL GET static.okx.com/cdn/assets/imgs/247/58E63FEA47A2B7D7.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerDigiCert Inc
Subject*.okx.com
FingerprintC4:18:3B:E2:78:D1:6C:7B:5D:22:7A:D7:70:FE:B9:CE:F0:FC:D5:B6
ValidityMon, 04 Nov 2024 00:00:00 GMT - Tue, 02 Dec 2025 23:59:59 GMT
File type PNG image data, 270 x 270, 8-bit colormap, non-interlaced
Hash c72d04242c776739dc65b00dbdcaffd1
63100f059745133569fae6f2d882c27aba01b524
18f089d08eec3be12ebbfaf98d8e3706141d1a0ced66e01d81f9ea053d643b3b
GET /cdn/assets/imgs/247/58E63FEA47A2B7D7.png HTTP/1.1
Host: static.okx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 1481
server: Tengine
x-oss-server-side-encryption: AES256
x-oss-cdn-auth: success
date: Fri, 20 Dec 2024 15:01:23 GMT
x-oss-request-id: 676586C360F7333638FE1B41
x-oss-storage-class: Standard
x-oss-object-type: Normal
x-oss-server-time: 25
content-md5: xy0EJCx3ZzncZbANvcr/0Q==
accept-ranges: bytes
via: cache28.l2fr1[1251,1250,304-0,H], cache9.l2fr1[1252,0], ens-cache10.de5[1272,1272,200-0,H], ens-cache3.de5[1276,0], 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-oss-hash-crc64ecma: 2315367713013820641
etag: "C72D04242C776739DC65B00DBDCAFFD1"
last-modified: Mon, 08 Jul 2024 09:10:25 GMT
ali-swift-global-savetime: 1734706883
x-swift-savetime: Fri, 20 Dec 2024 15:01:23 GMT
x-swift-cachetime: 3600
cache-control: public,max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b55c9717347068822375403e
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _-8jO6vS_Pygq_vcfkjf5__a6Ww-FcwanY1na6ZN0uFyPIivwcAnsw==
age: 8609416
X-Firefox-Spdy: h2
GET raw.githubusercontent.com/hot-dao/media/main/logo.png
200 OK 55 kB URL GET raw.githubusercontent.com/hot-dao/media/main/logo.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash a127d8a6a542f1a60214ad74673a47a9
5979dfa3ced667400d5269b14962f316d9783353
102a1096653e51db8911e8bc6250d50871e237429d977267cb265870332c99f9
GET /hot-dao/media/main/logo.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"1de198e102f5ad105bd6b35fdbcc11433afb16c250a55372b26bd0d56ee7d629"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: B616:28DB48:4AD4EA:55562A:67D8C78E
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 20
x-timer: S1743316300.598535,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 83d717573c5543afb490b0190e5b67065b9001c4
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 87
content-length: 54702
X-Firefox-Spdy: h2
GET jtsupport.rox.chat/v/ui-resources.php?location=default&mode=desktop&lang=ru&75c2989e&callback=getRoxChatUIResourcesCallback
200 OK 643 kB URL GET jtsupport.rox.chat/v/ui-resources.php?location=default&mode=desktop&lang=ru&75c2989e&callback=getRoxChatUIResourcesCallback
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Size 643 kB (642620 bytes)
Hash a91b8a00d931671a515142f485c33188
87c93a5ba6711e66b76cee9ca366edb6b68a1f83
b80baeeb19c6cd20566681398993876d5ff033670e91dd72983d860b2c979bef
GET /v/ui-resources.php?location=default&mode=desktop&lang=ru&75c2989e&callback=getRoxChatUIResourcesCallback HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:40 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 05 Mar 2025 02:36:26 GMT
X-Cache: HIT
Content-Encoding: gzip
POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
200 OK 0 B URL POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subject*.google.com
FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Length: 1596
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/binary
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
date: Sun, 30 Mar 2025 06:31:43 GMT
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET jetrich.xyz/_next/static/chunks/main-app-b97781eb21fc3dc3.js
200 OK 1.1 kB URL GET jetrich.xyz/_next/static/chunks/main-app-b97781eb21fc3dc3.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type ASCII text, with very long lines (1079), with no line terminators
Hash 770fb7562d088df622a6c94e1c7a7aae
e100d8f49fde31df15177fad0f0d5e47fc860e89
b99d501f1c389166fc3eb03e2ce53fe8b9cec522077e5f595d37309b5bb89209
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/main-app-b97781eb21fc3dc3.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Sat, 29 Mar 2025 12:12:55 GMT
etag: W/"425-195e1d1c158"
vary: Accept-Encoding
content-encoding: gzip
age: 65526
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AnCtNeRcsp04naQP4zdlIGvHKGuC2taAMOaWpKCAXNr8jxWBTcMxKArzBD08Uig9FswtJq9T%2FuPD0%2FPk9ruU4BeY109B7iG3n8u%2F3kCLywdy9Aj4ZEskolZ1oT%2FHRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a138c21bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3910&min_rtt=2849&rtt_var=1437&sent=56&recv=23&lost=0&retrans=0&sent_bytes=42270&recv_bytes=6686&delivery_rate=4646032&cwnd=48000&unsent_bytes=0&cid=040386cfa809f468&ts=290&x=1", cfExtPri, cfHdrFlush;dur=4
GET jetrich.xyz/_next/static/chunks/9895-12e4f60aba78ba10.js
200 OK 27 kB URL GET jetrich.xyz/_next/static/chunks/9895-12e4f60aba78ba10.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (27027), with no line terminators
Hash b3332552612cb0d59cb596dedd4ccf43
4801631220b855e9a241b8c36386e23645a7f78d
65f461a470d469ddba1f704864a861d9997ddf4b048b20471617aa999ddea31c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/9895-12e4f60aba78ba10.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 17 Mar 2025 09:52:31 GMT
etag: W/"6993-195a384e718"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1110965
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q9p%2Fb7hBT8arYH5KLxZbvIZkd8SG8JeAfG0%2BSk2JC%2Bboqk9GY5xuoEQspS2EeYralkTfg78H9B3R9hYDKz00t4LqkFKOVwXGt96Bw%2BBex51EkqEBC77cCF47Y2Kc%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a158d31bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2725&min_rtt=918&rtt_var=1851&sent=223&recv=33&lost=0&retrans=0&sent_bytes=237076&recv_bytes=8790&delivery_rate=30551608&cwnd=108000&unsent_bytes=0&cid=040386cfa809f468&ts=300&x=1", cfExtPri, cfHdrFlush;dur=2
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ffdf1aa54ee8d4d1db611d4761b65663c.webp&w=384&q=75
200 OK 23 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ffdf1aa54ee8d4d1db611d4761b65663c.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 29de502e48000d79fbe53a5d6c1c1142
4624ce7c4b39fafa3244d560561819cfc52cae38
f25dd83ee665744d3d9263647fa014efc4e97871505a240904e2106d3f3d7b7b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ffdf1aa54ee8d4d1db611d4761b65663c.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 23144
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: 8l3YPuZldE09kmNkf6AU78TpeHFQWiQJBOIQbT89e3s
content-disposition: attachment; filename="fdf1aa54ee8d4d1db611d4761b65663c.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wjKBfdjZ%2F4zF7y0do9YRZZT6MoajroLh5m9Ln2n3E6wT1G4et%2FaqG%2FA6u7rx5NkyHUGUJbh%2B5FAsV4whdJSBkuWCw%2F94XP9F%2FXVvapWQ01G9ejlRJ86MVCWqkTo4jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5bae41bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2035&min_rtt=891&rtt_var=940&sent=1652&recv=97&lost=0&retrans=0&sent_bytes=1869492&recv_bytes=24682&delivery_rate=128202&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1010&x=1", cfExtPri, cfHdrFlush;dur=0
GET www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb
200 OK 102 B URL GET www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb
IP
Requested by https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Certificate IssuerGoogle Trust Services
Subject*.google.com
FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File type ASCII text, with no line terminators
Hash e8fea68fc4f3bad81518a42ff35f72a9
2c32b99f6c1675cc7f0ed5c0c323c5192726d558
b67733509d82d3aa189d99fa0fa466b48b82265b9a701cb150410cbf35f55aab
GET /recaptcha/enterprise/webworker.js?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/javascript; charset=utf-8
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}, {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
expires: Sun, 30 Mar 2025 06:31:41 GMT
date: Sun, 30 Mar 2025 06:31:41 GMT
cache-control: private, max-age=300
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: same-site
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST www.google.com/recaptcha/enterprise/reload?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
200 OK 39 kB URL POST www.google.com/recaptcha/enterprise/reload?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
IP
Requested by https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Certificate IssuerGoogle Trust Services
Subject*.google.com
FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File type ASCII text, with very long lines (38571)
Hash caf437b838ffa7a8aaecefd5d8bfa6f2
31b5e2cc6c99c080330f91036409dd623fa10c72
3c3ff7bb97c093daf8d3ada9e145aabb8fde33b7cd03d1818df7d2e00dec225f
POST /recaptcha/enterprise/reload?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 10582
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: same-site
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
content-encoding: gzip
date: Sun, 30 Mar 2025 06:31:43 GMT
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: _GRECAPTCHA=09ALcxeyofSzJIe4vMHL4sHXo8SxpB4r9hQYISfSGjpFVXS5gce7TRTdKsjEcHQGS2wZvQLT07q8rlk136HSgXv0k; Expires=Fri, 26-Sep-2025 06:31:43 GMT; Path=/recaptcha; Secure; HttpOnly; Priority=HIGH; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 30 Mar 2025 06:31:43 GMT
cache-control: private
GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/(services)/layout-a8e9a0458d98110b.js
200 OK 11 kB URL GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/(services)/layout-a8e9a0458d98110b.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (10857), with no line terminators
Hash 143edce844f7f7a38e67185202e37212
10d5c889d09975dfa331e48e8b8b232fa30454af
7fea9a9c2b99001952736fe599e56dcf6b7502dd31f7f3dbe97fbcc91503db91
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/app/%5Blocale%5D/(services)/layout-a8e9a0458d98110b.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 28 Mar 2025 16:18:19 GMT
etag: W/"2a69-195dd8c10f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 136662
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YZnFFmJhVN%2F06efSBG%2F0K4ooWKd0CCqZtBioWlFln9V6%2BVB28Nm%2FydwHGr7k5vpMe1HE0PNJJOf0aouQtA2QrkTNta9o4awhiX286gs%2Bxw74QVK5HD7ptnyF2Qa3WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1a9111bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2894&min_rtt=918&rtt_var=1029&sent=1154&recv=59&lost=0&retrans=0&sent_bytes=1316149&recv_bytes=17362&delivery_rate=1513647&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=354&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F0ba63086-cfe3-418c-a521-a14c466d7194.png&w=828&q=75
200 OK 32 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F0ba63086-cfe3-418c-a521-a14c466d7194.png&w=828&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 828x506, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 1e177c25fb4ddd0bb5a15a215c5a2e64
ae0ed0e8f39de9ec769706342e421bdd248148e6
17df3ca2078cd3fb4475b1e9ae82dc4e1ec85407b798f1345e9856158e3674b1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F0ba63086-cfe3-418c-a521-a14c466d7194.png&w=828&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: image/webp
content-length: 31750
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: F988ogeM0_tEdbHproLcTh7IVAe3mPE0XphWFY42dLE
content-disposition: attachment; filename="0ba63086-cfe3-418c-a521-a14c466d7194.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 928590a1b91b1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/favicon/favicon-16x16.png
200 OK 864 B URL GET jetrich.xyz/favicon/favicon-16x16.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Hash 2f4abbc19c0000b96873cbfd66650ed1
d333ce408b825b2531c3ace8aec216c368044cb8
bf6ed6e2e89184c8f15788b90d28dde80bc1742b965d5e94281929c76c2fb337
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon/favicon-16x16.png HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/png
content-length: 864
cache-control: public, max-age=14400
last-modified: Tue, 25 Feb 2025 14:20:45 GMT
etag: W/"360-1953d7b4a48"
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n8etgw0XdTxr6LtYqs9XM6p1iFiJVUnC3840G5a%2Bvj7CGNJPKKwnIVRKqa63ZwkGqin6hOIQgtjLum55PnYEr9%2BK%2BX03qJhl%2FacD7JR2zmY5PV39nnaFeNgWaLaZ8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590a6bb691bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1524&min_rtt=800&rtt_var=540&sent=2131&recv=135&lost=0&retrans=0&sent_bytes=2389313&recv_bytes=33953&delivery_rate=1344&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1191&x=1", cfExtPri, cfHdrFlush;dur=0
GET raw.githubusercontent.com/fintopio/ton-pub/refs/heads/main/logos/tonconnect-icon.png
200 OK 13 kB URL GET raw.githubusercontent.com/fintopio/ton-pub/refs/heads/main/logos/tonconnect-icon.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit colormap, non-interlaced
Hash 7b5b2a322763dbd6fe3cae23d88e2306
ada4ed9029fa462c2f1291fa9f6374ddb8020963
598ea1fe09894a1ecff19972afa9575db9f9d7aef18979d9ac854edd4b0dbf3d
GET /fintopio/ton-pub/refs/heads/main/logos/tonconnect-icon.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"030e9edd5dac791c7e1326f18d256d0a71cd27c15795badf3f6472c446e84a3f"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 0C02:11BDFE:23B7985:288847C:67D83F6C
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 24
x-timer: S1743316300.537110,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: bec249b5e1f7b0d5c0ca1e50f4669934b4a212ef
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 101
content-length: 13425
X-Firefox-Spdy: h2
GET cdn.mirailabs.co/miraihub/miraiapp-tg-icon-288.png
200 OK 18 kB URL GET cdn.mirailabs.co/miraihub/miraiapp-tg-icon-288.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectmirailabs.co
FingerprintDE:E0:DA:AB:A5:BC:A4:15:C9:42:F2:CE:E4:FE:17:34:F4:E7:CE:90
ValidityThu, 13 Mar 2025 18:49:14 GMT - Wed, 11 Jun 2025 19:48:30 GMT
File type PNG image data, 288 x 288, 8-bit/color RGB, non-interlaced
Hash 57d12d587c1d29716d84971f6500edfa
8248c38e246c8c4e0bd277a24fca08ad99d13aea
58e318aaefa8826211e50baf8bc3fa9bb0f94742f40d52ea4ef720c44505f0d7
GET /miraihub/miraiapp-tg-icon-288.png HTTP/1.1
Host: cdn.mirailabs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: application/octet-stream
content-length: 18311
last-modified: Mon, 18 Nov 2024 07:12:54 GMT
x-rgw-object-type: Normal
etag: "57d12d587c1d29716d84971f6500edfa"
cache-control: max-age=31536000
x-amz-request-id: tx0000047ffcb99352175ac-0067db9e60-47e02752-sgp1b
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: 1e147e39-c276-4096-8337-87342aa39bc9
age: 735496
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gVzV%2F1a0pti%2BXswAlWG3Q%2FF4nWxLmPpKRz6gf7MrkFlrZ2wSxh6KwzjDxioU4Ofnu%2BWNSJkczZEsFr6gUklKfowZp5W%2BwiJcAK%2FuUodMC3Fv0fMmZZxGZClD%2F8WGTfeAvpo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b8ecc30b31-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1575&min_rtt=386&rtt_var=2107&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3272&recv_bytes=1224&delivery_rate=7086460&cwnd=254&unsent_bytes=0&cid=b6510eb674229984&ts=79&x=0"
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/chunks/9795-c2da902b25e2eb2c.js
200 OK 20 kB URL GET jetrich.xyz/_next/static/chunks/9795-c2da902b25e2eb2c.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (20114), with no line terminators
Hash 3cfb5548b01af258d7d0379386ee1693
51cdb57b68ce840950cf37b68aa9f48f445779c9
ea162590052bc0ec8c2ccd9529eed490d56f57ce59f0352e70804a5c0014d76a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/9795-c2da902b25e2eb2c.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 14 Mar 2025 13:56:43 GMT
etag: W/"4e92-19594f16578"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1254000
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUUU68jQ%2B3TP8D189kwHSKTv7OxkxCOxr8sUFzNmqJ19GfSesu0KSxFEKzfLWVspDZrwC2GJFLdIIlJfhvDCiuA2xH0023hzRCJI6Fy42e7pSDRQUCuXxBdOM80Z1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a148cc1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3244&min_rtt=1262&rtt_var=1677&sent=131&recv=30&lost=0&retrans=0&sent_bytes=129050&recv_bytes=8355&delivery_rate=2035717&cwnd=96000&unsent_bytes=0&cid=040386cfa809f468&ts=298&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/8459-7cd2117a4d0b0480.js
200 OK 12 kB URL GET jetrich.xyz/_next/static/chunks/8459-7cd2117a4d0b0480.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (11567), with no line terminators
Hash 0f61f8160a1f20bf7a285222331804a4
21a1cb2e592f63d2d59ef2bb4a7bac084193123f
ff0c177c63a5cd241b7d72222b5b342cc059061df93a73f692ad4e45364dc191
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/8459-7cd2117a4d0b0480.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"2d2f-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 328708
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bC%2Btj544EK1omf2zhGTdAtySq%2FypDIJ9L8aDG7Cz%2B%2FHrfsZWBvhK7%2FgIeXRir4LIRDXIjHVUwyf8OtZRUYHEAjd4qqWEdTjHAvhSSDUqbS1AW0GKPsiKR7Gi5BIcww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a158e21bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2251&min_rtt=918&rtt_var=1506&sent=435&recv=38&lost=0&retrans=0&sent_bytes=489076&recv_bytes=9838&delivery_rate=25233126&cwnd=216000&unsent_bytes=0&cid=040386cfa809f468&ts=305&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/9279-1170552d7d346ec4.js
200 OK 487 kB URL GET jetrich.xyz/_next/static/chunks/9279-1170552d7d346ec4.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 487 kB (487392 bytes)
Hash 2dfa5a3d1c2431d5d9034582f079c941
e6d98f380f82723d695b86465c111dfc5a4a52bd
42378cc24c4fa926ef1ecccbbbb11026cb3f5e69359efb6e72f6af7fc192b3cd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/9279-1170552d7d346ec4.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"76fe0-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703752
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ABG9dqGEJWsWFSXCDuVhl%2BAsTQbTCH5GsugUJriO6mEc6aAw0fzhCf%2B%2Fut7IQCnkIYkxkchxv0eM2l2QlK%2Bu886qmlwvCJCJIJvSziKVc1uQVH0Tv7QG5%2FktY0k08w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a189051bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=929&recv=49&lost=0&retrans=0&sent_bytes=1055346&recv_bytes=13915&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=337&x=1", cfExtPri, cfHdrFlush;dur=0
GET jtsupport.rox.chat/js/button.js
200 OK 900 kB URL GET jtsupport.rox.chat/js/button.js
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
Size 900 kB (900040 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/button.js HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:38 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 05 Mar 2025 02:36:26 GMT
Cache-Control: no-cache
Content-Encoding: gzip
OPTIONS cloudfire.app/api/v1/languages/cached?mode=0
200 OK 2 B URL OPTIONS cloudfire.app/api/v1/languages/cached?mode=0
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /api/v1/languages/cached?mode=0 HTTP/1.1
Host: cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type
Referer: https://jetrich.xyz/
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: text/plain; charset=utf-8
content-length: 2
vary: Origin
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://jetrich.xyz
access-control-allow-headers: authorization,content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Ks1gVm7PJqj%2F2DcVk%2F0CIkF73kgyq4zbwantAN%2BNyr5h%2FHjo35QcpzMAdEaxFUhB8Y2gPBKiO%2B9R7lEtQLVyPAECKIcAtRwNzIPIn35hTtK8sXUjgCNuSlX0DnIpEg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b6f8deb4f9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1120&min_rtt=399&rtt_var=1265&sent=39&recv=34&lost=0&retrans=2&sent_bytes=24704&recv_bytes=1788&delivery_rate=12591304&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=1928&x=0"
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/media/26a46d62cd723877-s.p.woff2
200 OK 19 kB URL GET jetrich.xyz/_next/static/media/26a46d62cd723877-s.p.woff2
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type Web Open Font Format (Version 2), TrueType, length 18820, version 1.0
Hash befd9c0fdfa3d8a645d5f95717ed6420
c8b43436ab1659f32cc05625389f63e8047f90a8
94e5c823e72e71cc20f4bfa29b0434f2260040965d9d066c0e7cb5dc99ffd6c3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/media/26a46d62cd723877-s.p.woff2 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
DNT: 1
Connection: keep-alive
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: font/woff2
content-length: 18820
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 26 Mar 2025 11:56:47 GMT
etag: W/"4984-195d24fe818"
cf-cache-status: HIT
age: 234320
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FIj9jsvOlI7FofUazt8O06utxWrmiPpDtsrLNzqnKkGR82%2Bsbs0%2BCUhMIiIuc9NzE19aSa5ZpdhCV5mu96l9xrojgBUlRwt0deb65U74Hx21lmBGzMzokWf83JoMgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590a128b51bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3585&min_rtt=2849&rtt_var=1594&sent=20&recv=18&lost=0&retrans=0&sent_bytes=4332&recv_bytes=4278&delivery_rate=208464&cwnd=12000&unsent_bytes=0&cid=040386cfa809f468&ts=278&x=1", cfExtPri, cfHdrFlush;dur=7
GET jetrich.xyz/_next/static/chunks/275-3bed3bf71ca6160c.js
200 OK 10 kB URL GET jetrich.xyz/_next/static/chunks/275-3bed3bf71ca6160c.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (10093), with no line terminators
Hash bde33be3032c4f8628dd233d011b741b
3bc4d85ef46c20733253ffe36d51d1aff43ffd9d
515386df9d94369fe90d767a771a9930ade4dedd523e76ca0f9f255cc863e367
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/275-3bed3bf71ca6160c.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 17 Mar 2025 09:52:31 GMT
etag: W/"276d-195a384e718"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1110965
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2c55uUTPZkLnO0MwXm69Ml%2BBlMLuut%2BLmCLXllZM%2BorAr8a0sXc1BGprVSIHmLQX21bWZEOIFChZJMT8Ht%2F6lFpa3X6vylD6bHdTjeejZVMP%2BULeqyNy%2BxDPcSpFEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a168e91bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2255&min_rtt=918&rtt_var=1138&sent=649&recv=40&lost=0&retrans=0&sent_bytes=733791&recv_bytes=10474&delivery_rate=45674913&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=313&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/6809c4f0-47e94f68694a7903.js
200 OK 213 kB URL GET jetrich.xyz/_next/static/chunks/6809c4f0-47e94f68694a7903.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Size 213 kB (213257 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/6809c4f0-47e94f68694a7903.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"34109-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
age: 328706
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mgdH6EjCpciV5D9NOnXKcIEPEI0rkwbeL7sxI5%2FhVLXWIRaPSxRMU%2BtlIYU8BL83ord1ErwGFZOLROIgBimLxOg2EgHkw6ePqYuTdCSCRG4zZKOeBd7dNaf45HmIQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a188fe1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=680&recv=48&lost=0&retrans=0&sent_bytes=764107&recv_bytes=13601&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=332&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fa7b04e0ad3ed40fcb0774bdae3a745c0.webp&w=384&q=75
200 OK 26 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fa7b04e0ad3ed40fcb0774bdae3a745c0.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash c3c27057cb4f65b3c6f7a6df3c15aa3a
3075926cfd0054fbe4f858f39ef7cc95cd371223
2f988e1bc07c1da55c95e79d256b9755d56491655d74e854964169415cf22750
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fa7b04e0ad3ed40fcb0774bdae3a745c0.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 26138
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: L5iOG8B8HaVcleedJWuXVdVkkWVddOhUlkFpQVzyJ1A
content-disposition: attachment; filename="a7b04e0ad3ed40fcb0774bdae3a745c0.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fyZMry%2BoXYxjXDRWdqAg%2BAOeVpvE3s2yqsdB7xptMQ%2BtSc82viHg5Drtdk03RDh8rase9p47E8Hi6cf02jTOtOBOnslDpkOP4L6B71PFjEntnuDFkoD2nTI2kPeHBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5daf81bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1729&min_rtt=891&rtt_var=681&sent=1734&recv=111&lost=0&retrans=0&sent_bytes=1952216&recv_bytes=28781&delivery_rate=5185546&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1031&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/bonuses?_rsc=zm6h7
307 Temporary Redirect 182 B URL GET jetrich.xyz/bonuses?_rsc=zm6h7
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bonuses?_rsc=zm6h7 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
RSC: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%5B%22locale%22%2C%22en%22%2C%22d%22%5D%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22(with-footer)%22%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22click%5C%22%3A%5C%22cePCrHlZ8tc_ceWzoPglc6c%5C%22%7D%22%2C%7B%7D%2C%22%2F%3Fclick%3DcePCrHlZ8tc_ceWzoPglc6c%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D
Next-Router-Prefetch: 1
Next-Url: /en
DNT: 1
Connection: keep-alive
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c; can_open_registration_modal=false
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 307 Temporary Redirect
date: Sun, 30 Mar 2025 06:31:39 GMT
location: /
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U9XbOtA4EzGHpeIQFgrCEopRdl1IK7EGSEKq4pv5K6xg0OPLOVHvQf2NsiGWEDhamz710ViCBUji3ndX97NMcwBgRc7XU2m4SK4S5olew9zFjQH8nO0N6HkbCCqQsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b6da091bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1539&min_rtt=800&rtt_var=425&sent=2368&recv=146&lost=0&retrans=0&sent_bytes=2662141&recv_bytes=36014&delivery_rate=7751021&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=3781&x=1", cfExtPri, cfHdrFlush;dur=0
GET raw.githubusercontent.com/bybit-web3/bybit-web3.github.io/main/docs/images/bybit-logo.png
200 OK 8.2 kB URL GET raw.githubusercontent.com/bybit-web3/bybit-web3.github.io/main/docs/images/bybit-logo.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash 5e0935c6eab1c5511a9e7feb27fe30db
fe638d9a82f782f9b59151ce2f26680af422f1c4
8033687342c3375ab3b21208a4af4ff5f272ad9fef15c9d8d79cbb3c8c147724
GET /bybit-web3/bybit-web3.github.io/main/docs/images/bybit-logo.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"fc957d79a09dde604efa1186e885a97f7669a52fb3c2aba4aa522c6e91518c42"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 9D70:1BAFD5:443431:4E0F92:67E20AF7
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 58
x-timer: S1743316300.593250,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: ab8a4fa5d5a15bca1e6699ac51c6d006f18d02b4
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 253
content-length: 8225
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fbaf93b59-fe84-44fd-b3ba-f371cc652045.png&w=384&q=75
200 OK 20 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fbaf93b59-fe84-44fd-b3ba-f371cc652045.png&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x476, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 710fa1631afe168dbbc0776f20bff10a
cdc2052c15f0d79641ec5ba06b466278b1e98430
055dff9731f47c8d284ba6fe46c6d5268fdea4c4d1d236254ae60226cf4db9ed
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fbaf93b59-fe84-44fd-b3ba-f371cc652045.png&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 19896
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: BV3_lzH0fI0oS6b-RsbVJo_epMTR0jYlSuYCJs9Nue0
content-disposition: attachment; filename="baf93b59-fe84-44fd-b3ba-f371cc652045.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jtd6I0y%2B3gBdw8funRBUd3XcMz1xFJ3ljB8h3C%2FlA91FhhXF%2B6funnad55CxQnmS0Zwa7Z1oT6Hrda9VsWcMk4S38b8Do13gBEKg3dpc3vjEoebIm2%2F%2F0Yhs1HlLXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1d9331bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2546&min_rtt=918&rtt_var=939&sent=1305&recv=76&lost=0&retrans=0&sent_bytes=1479212&recv_bytes=21386&delivery_rate=13256694&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=402&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/css/29b8c8630f8fa455.css
200 OK 3.9 kB URL GET jetrich.xyz/_next/static/css/29b8c8630f8fa455.css
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type ASCII text, with very long lines (3946), with no line terminators
Hash 8951b3327aa997eec04980c87ded1185
ec489d0f282845da7965a359ff5e7723252b9c08
d88c024f5744c2b9ac2d7ae1ab2a7d1db902556f64016b14aa2b8199a2935597
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/css/29b8c8630f8fa455.css HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: text/css; charset=UTF-8
server: cloudflare
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 14 Mar 2025 13:56:43 GMT
etag: W/"f48-19594f16578"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1254000
priority: u=2,i=?0
cf-ray: 928590a138ba1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/static/chunks/5948-2a15ef731b865267.js
200 OK 319 kB URL GET jetrich.xyz/_next/static/chunks/5948-2a15ef731b865267.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 319 kB (318686 bytes)
Hash 6ed58795738421badc3022f64661053d
c26358e189b6aeb6578b7ffa5a544f6c23c494c2
f2ab78f53cb22121ac1012dd6b165a58815454677bdeaf7a7ed1099f94008abd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/5948-2a15ef731b865267.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"4dcde-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 328708
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Cv28x%2FnZ9Gl8kzPh0kDvu24stG%2FeA%2BzNiEiYQaUlhnhZ0%2F6T%2F%2FyYt2d0AejAC9JTEJgpyAR8gLa00ssWK45FdMakwE5LAK%2Bvd%2FQyWwpvMhSKodTBgfxvsTtt0lUTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a158e11bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2559&min_rtt=918&rtt_var=1719&sent=253&recv=35&lost=0&retrans=0&sent_bytes=273076&recv_bytes=9434&delivery_rate=31027358&cwnd=216000&unsent_bytes=0&cid=040386cfa809f468&ts=303&x=1", cfExtPri, cfHdrFlush;dur=0
GET hatscripts.github.io/circle-flags/flags/language/en.svg
200 OK 817 B URL GET hatscripts.github.io/circle-flags/flags/language/en.svg
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 95317a1a9308ad664420cb1110833a5b
1615952da03e776753b63540168356b6ddc4e521
2cbe22b11b238eebf4a93532b76b7b6949c220ac517d3f233a4ded6269a45b93
GET /circle-flags/flags/language/en.svg HTTP/1.1
Host: hatscripts.github.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: GitHub.com
content-type: image/svg+xml
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Mon, 09 Dec 2024 07:43:10 GMT
access-control-allow-origin: *
etag: W/"67569f8e-331"
expires: Fri, 28 Mar 2025 02:07:50 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 3F25:260F68:263BA89:268F3C5:67E6021E
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
age: 123
x-served-by: cache-hel1410032-HEL
x-cache: HIT
x-cache-hits: 1
x-timer: S1743316300.744571,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 7b0b2ed137d237177560f228a65be703a2f37df5
content-length: 451
X-Firefox-Spdy: h2
GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
200 OK 562 kB URL GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
IP
Requested by https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
Size 562 kB (561652 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 221651
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 30 Mar 2025 06:12:55 GMT
expires: Mon, 30 Mar 2026 06:12:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 24 Mar 2025 02:01:29 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 1126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET jetrich.xyz/_next/static/chunks/16bf9003-1cdd21da8317c304.js
200 OK 96 kB URL GET jetrich.xyz/_next/static/chunks/16bf9003-1cdd21da8317c304.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 3edf0c06313e87d363f44b55f3d7199d
4b4d2039681b40c67f8b2830f8fa09f8cb537926
4b96445efd5baa3fa583ac7dde582c053a7d19ce9d90e37c99a78532b106f83a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/16bf9003-1cdd21da8317c304.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 25 Mar 2025 17:13:47 GMT
etag: W/"1781a-195ce4bc4f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 328705
priority: u=3,i=?0
cf-ray: 928590a1a9121bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F91a5455c-2b54-47e6-bf5d-c4e452961dc6.png&w=828&q=75
200 OK 34 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F91a5455c-2b54-47e6-bf5d-c4e452961dc6.png&w=828&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 828x506, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 0da9ae344fbe7a903d796cf8e1e34ed6
907d22aa1a9df6e8039879f9e3972d9ee470b140
c6b9c9a6118e5be67e8d8fad6bc6c9ba18ba63851a34a13a8bfee398ae14a34b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F91a5455c-2b54-47e6-bf5d-c4e452961dc6.png&w=828&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 33828
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: xrnJphGOW-Z-jY-ta8bJuhi6Y4UaNKE6i_7jmK4Uo0s
content-disposition: attachment; filename="91a5455c-2b54-47e6-bf5d-c4e452961dc6.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 928590a1b91e1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F1193834e88b149f59d5bd15a060bf5a4.webp&w=384&q=75
200 OK 26 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F1193834e88b149f59d5bd15a060bf5a4.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash fdedbc8744b68adf9dddf294d66aeef9
9250b13d9885a857ac5c7c33b5f70cd3c45a332c
adca7c44eb0a8fefe6cefa02867bad42dcaaaf981cecdf670a2018aaa2b92b03
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F1193834e88b149f59d5bd15a060bf5a4.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 26102
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: rcp8ROsKj-_mzvoChnutQtyqr5gc7N9nCiAYqqK5KwM
content-disposition: attachment; filename="1193834e88b149f59d5bd15a060bf5a4.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HwQbzFrsOBEjAafIKgWsDrZUmjBjwkFp22sV6JuXcJgAT629g3mGqJEo0rxktXxT7%2BKTAkO0NYBB%2FyhcDROyXKIkd5Ye2dHCNAs6JlvhgDQotCgSuLgawen2VvjXSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5bae91bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1729&min_rtt=891&rtt_var=681&sent=1721&recv=111&lost=0&retrans=0&sent_bytes=1937772&recv_bytes=28781&delivery_rate=5185546&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1028&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fcf5632e6b52c48a194f991f6722bc825.webp&w=384&q=75
200 OK 28 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fcf5632e6b52c48a194f991f6722bc825.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 52b05b158a0c8949db1a95f911ebc692
b791e762800c35738c2715377839440372d98910
a0ec4049e3420b2b73c11db5e25fba8d7bb3080d673e3362d54a6f9f2629f432
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fcf5632e6b52c48a194f991f6722bc825.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 27952
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: oOxASeNCCytzwR214l-6jXuzCA1nPjNi1UpvnyYp9DI
content-disposition: attachment; filename="cf5632e6b52c48a194f991f6722bc825.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNKksuFtSLMQDRpMGqTWP7mBS72MrSG9532iOnMmD%2BGE3rcSha%2F4eT0rGjErT%2BfjqL7wqSLIfQLGXlGx5DvKiWInNV%2BE70McXe1iTmSqkgw5qvrGFn8VD%2FplQZVnRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5baed1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1916&min_rtt=891&rtt_var=943&sent=1666&recv=99&lost=0&retrans=0&sent_bytes=1883969&recv_bytes=25118&delivery_rate=8983305&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1013&x=1", cfExtPri, cfHdrFlush;dur=0
GET raw.githubusercontent.com/ton-blockchain/wallets-list/main/wallets-v2.json
200 OK 14 kB URL GET raw.githubusercontent.com/ton-blockchain/wallets-list/main/wallets-v2.json
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ton-blockchain/wallets-list/main/wallets-v2.json HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: W/"9642f958f7ce19f14296234fcce13d62c4e203d8bc58f3f060826014440873c5"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: B7CF:18C4E9:365BE62:3DB73A1:67E8E54A
content-encoding: gzip
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410028-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1743316299.157530,VS0,VE117
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 3eb5c2949e9b59117d64a8e517554953e3b23885
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 0
content-length: 2023
X-Firefox-Spdy: h2
GET www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
200 OK 73 kB URL GET www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subject*.google.com
FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
File type HTML document, ASCII text, with very long lines (56618)
Hash 38d839a4a7a7280f4f0221c31d7ed2a3
88e1249cdbecde865cc496e237b970cdc17f25b5
8d1e70ee77e3953ab58d7c2c084de620b78708cdf74e367dd7eccf91b5741536
GET /recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}, {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 30 Mar 2025 06:31:41 GMT
content-security-policy: script-src 'nonce-1Eqoch1jRCsYpU6E7CmiWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
200 OK 0 B URL POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
IP
Requested by https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Certificate IssuerGoogle Trust Services
Subject*.google.com
FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuf
Content-Length: 1579
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Cookie: _GRECAPTCHA=09ALcxeyofSzJIe4vMHL4sHXo8SxpB4r9hQYISfSGjpFVXS5gce7TRTdKsjEcHQGS2wZvQLT07q8rlk136HSgXv0k
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/binary
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
date: Sun, 30 Mar 2025 06:31:43 GMT
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/layout-199b575887ad1677.js
200 OK 55 kB URL GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/layout-199b575887ad1677.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/app/%5Blocale%5D/layout-199b575887ad1677.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Sat, 29 Mar 2025 12:12:55 GMT
etag: W/"d653-195e1d1c158"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 65526
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUjbEjfaSIYH23Js4feg%2BNqMLMsqR3fQhxKSV%2FxJWTWKuqXZUrLEt%2B6%2FLbRXMOH6S9GumLSHwH9J1RwCACaB1ow2Sx1y7t4FijA9h09BSzKcE9reEddYTNmD%2Fpzimw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1a9151bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2929&min_rtt=918&rtt_var=1279&sent=1127&recv=58&lost=0&retrans=0&sent_bytes=1285648&recv_bytes=17317&delivery_rate=16144464&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=354&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F5aa901eab4d94c6b949fcddbba02d4a0.webp&w=384&q=75
200 OK 15 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F5aa901eab4d94c6b949fcddbba02d4a0.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 62db43a34159d811c91c80a0beb4162d
6c95d3505522d3028ab5538078187e94850fc155
49142e06398c3ebb8e11c6138bfda8379d61cfe115e4b1548daf6983ac29be37
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F5aa901eab4d94c6b949fcddbba02d4a0.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 14928
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: SRQuBjmMPruOEcYTi_2oN51hz-EV5LFUja9pg6wpvjc
content-disposition: attachment; filename="5aa901eab4d94c6b949fcddbba02d4a0.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e4I6wCf4pS%2B%2BiHClct086nqgk5BT6VwFgX73VZv3sRvdDSg0LUV9rrrpSqFR8t%2BLmumkbeOqvdReoXo54Ql8VDowBS51nL8Y0bJxZ7v9CahV893hVXOXjo4OfViyvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5fb131bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1902&min_rtt=800&rtt_var=1102&sent=1927&recv=125&lost=0&retrans=0&sent_bytes=2160888&recv_bytes=32914&delivery_rate=7587&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1058&x=1", cfExtPri, cfHdrFlush;dur=0
GET raw.githubusercontent.com/Architec-Ton/wallet-tma/refs/heads/dev/public/images/arcwallet_logo.png
200 OK 18 kB URL GET raw.githubusercontent.com/Architec-Ton/wallet-tma/refs/heads/dev/public/images/arcwallet_logo.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type PNG image data, 228 x 228, 8-bit/color RGBA, non-interlaced
Hash d72b78543d6501845b509dff37c2b146
68c7e24c9c5da907c1d725a37cbfe1773aaf69d7
22b79bc31a89740924e0e990083ce503cded006ec85a9878f925efbbd3d23c3e
GET /Architec-Ton/wallet-tma/refs/heads/dev/public/images/arcwallet_logo.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"053f99db38879d603a0fe0d0c56357478c08b346b9117fc4162eb45be1581936"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 95EB:253FDF:32D1884:3A02E27:67D8F186
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 14
x-timer: S1743316300.537439,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: fe16806c90c1d37076d6913d8976c7581079d058
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 54
content-length: 17680
X-Firefox-Spdy: h2
GET www.gstatic.com/recaptcha/api2/logo_48.png
200 OK 2.2 kB URL GET www.gstatic.com/recaptcha/api2/logo_48.png
IP
Requested by https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Hash ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Mar 2025 09:12:16 GMT
expires: Thu, 03 Apr 2025 09:12:16 GMT
cache-control: public, max-age=604800
age: 249565
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET jetrich.xyz/_next/static/chunks/7266-8daccf9530b2fd11.js
200 OK 55 kB URL GET jetrich.xyz/_next/static/chunks/7266-8daccf9530b2fd11.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/7266-8daccf9530b2fd11.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"d663-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703753
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qGwOZaqHtA61LnIEpxAqMioah%2FSEkvCG4Hf%2BNJw2jnrY5Ox4h8rILm57r8zPBomKfzm7fIUU1%2BaJj1QLqWYh3DwBUToWpi12%2BqgvXX9YZ2%2FRJjtj%2BV9TgGD7zvD6lA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a148ca1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3527&min_rtt=2147&rtt_var=1480&sent=101&recv=29&lost=0&retrans=0&sent_bytes=93050&recv_bytes=8310&delivery_rate=963632&cwnd=96000&unsent_bytes=0&cid=040386cfa809f468&ts=296&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F174751542f2e4d03b6c8b3a2523f4f49.webp&w=384&q=75
200 OK 21 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F174751542f2e4d03b6c8b3a2523f4f49.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash c39cd2e8dcd2596dcd91d445eeba1fcf
f77027e6aa45ed6c413e3c166ab102ac05f082be
4b645fcb0dc76381e024fd30ab63a8714c7e037920dd36f3c8dbc1f7b4706875
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F174751542f2e4d03b6c8b3a2523f4f49.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 20782
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: S2Rfyw3HY4HgJP0wq2OocUx-A3kg3TbzyNvB97RwaHU
content-disposition: attachment; filename="174751542f2e4d03b6c8b3a2523f4f49.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eueRuRTYy3Vkbmun4ViI%2Fn0NMmwWOw%2BL86yq1BWK3YtnzT7jUXsCjicS2ITDxGroJ88Mq4O7vGW3rCSkuvW4wPm9JLKkMzs7zio4mi6VLE010tTFZsPS5J5mOgYUdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5eb001bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1804&min_rtt=891&rtt_var=483&sent=1836&recv=119&lost=0&retrans=0&sent_bytes=2062711&recv_bytes=31598&delivery_rate=11776349&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1045&x=1", cfExtPri, cfHdrFlush;dur=0
GET cloudfire.app/api/v1/languages/cached?mode=0
200 OK 2.0 kB URL GET cloudfire.app/api/v1/languages/cached?mode=0
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
File type Unicode text, UTF-8 text, with very long lines (2147), with no line terminators
Hash 383e0d42bb817b553231ab196551b3e8
5f4d339a38f431063300863363f2d8f7ce312998
ee4e00004a14ac8eccad7c6e8ed2f674d3baff98f0e23cc2fa7b73771f590478
GET /api/v1/languages/cached?mode=0 HTTP/1.1
Host: cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jetrich.xyz
Content-Type: application/json
Referer: https://jetrich.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vKjTXIpulJzlgO7C%2F1oes74L6ON%2FDkEZMQCWrkJuyKP53TlIQFuFIH8Ah1kI5%2FN4QPE5nfNp7fP36Hhjdq5j0TyVBS31I5Tjr1xPtealfJNiN2JZg5XiKjjarmFU6OQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b7490bb4f9-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=914&min_rtt=399&rtt_var=848&sent=42&recv=38&lost=0&retrans=2&sent_bytes=25478&recv_bytes=1886&delivery_rate=12591304&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=1973&x=0"
X-Firefox-Spdy: h2
GET jetrich.xyz/favicon/favicon-16x16.png
200 OK 864 B URL GET jetrich.xyz/favicon/favicon-16x16.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Hash 2f4abbc19c0000b96873cbfd66650ed1
d333ce408b825b2531c3ace8aec216c368044cb8
bf6ed6e2e89184c8f15788b90d28dde80bc1742b965d5e94281929c76c2fb337
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon/favicon-16x16.png HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c; can_open_registration_modal=false; NEXT_LOCALE=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:40 GMT
content-type: image/png
content-length: 864
cache-control: public, max-age=14400
last-modified: Tue, 25 Feb 2025 14:20:45 GMT
etag: W/"360-1953d7b4a48"
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sdndby2Y4B04M37GIsemZ0Z1fYca1Ot8P3gg07kllZp7tsdvhENDNjYcaXRSsdoXHKty1JEG4ciJ4NX3mBnuZDPpI0hoZHgAiyIcdDOaXYZ2RhN6OZ9RT4roJQVlZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590bcdcbb1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6263&min_rtt=800&rtt_var=8676&sent=2374&recv=152&lost=0&retrans=1&sent_bytes=2665170&recv_bytes=37548&delivery_rate=32828&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=4712&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
200 OK 780 kB URL User Request GET jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
IP
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Size 780 kB (780056 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?click=cePCrHlZ8tc_ceWzoPglc6c HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: text/html; charset=utf-8
link: </_next/static/media/26a46d62cd723877-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/css/d6b0855f7dd431ab.css>; rel=preload; as="style", </_next/static/css/29b8c8630f8fa455.css>; rel=preload; as="style"
set-cookie: promo=cePCrHlZ8tc_ceWzoPglc6c; Path=/
x-middleware-rewrite: /en?click=cePCrHlZ8tc_ceWzoPglc6c
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch, Accept-Encoding
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jKY9lQMAtqbCJM26k%2FZq0ycQLNbeU0RXULelnmCDJZ2JdJdKxneH0DJyepqNXqsql8vT9MmEI%2Bspp48DtmgnVvMIlqGDQgrvX5y0U361Vcv%2FwY4CZxWmU9kTIvVjMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9285909ec806712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6450&min_rtt=510&rtt_var=11603&sent=10&recv=12&lost=0&retrans=1&sent_bytes=3289&recv_bytes=1320&delivery_rate=6277456&cwnd=256&unsent_bytes=0&cid=08ac4341eadda874&ts=136&x=0"
cf-h2-pushed: </_next/static/css/d6b0855f7dd431ab.css>,</_next/static/css/29b8c8630f8fa455.css>
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/chunks/9847-221ad5c1399b7ec4.js
200 OK 31 kB URL GET jetrich.xyz/_next/static/chunks/9847-221ad5c1399b7ec4.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (30611), with no line terminators
Hash 6a65b9214eba68b19361ee7abf71f705
77fd8d08903e606426adf5f53c0a7a7db36c17bb
436642a2c478a6dfe8a3291a1c111005d8203edd262636d541f09f0f110d745a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/9847-221ad5c1399b7ec4.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 17 Mar 2025 09:52:31 GMT
etag: W/"7793-195a384e718"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1110983
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=raWxusqzgHY46PvMi9Rbin%2B1HkDUJyfGMdJKVAZ%2BH6RAJOiqPV8u4P22PdAmMoBwwZPGduvuop8Y6wTR1U3EVhKjdAwAiUclteijxXt%2F5s%2Fd8sWhUHceV%2BHFtu%2FzNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a189001bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=695&recv=48&lost=0&retrans=0&sent_bytes=780949&recv_bytes=13601&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=333&x=1", cfExtPri, cfHdrFlush;dur=0
GET tournament.cloudfire.app/
200 OK 66 kB URL GET tournament.cloudfire.app/
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: tournament.cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Type: application/json
Authorization:
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:38 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-request-id: 055c8d35-162a-47d6-8b3a-47233edbc0d6
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MpDWh7ivIICl1QETTx9BEJjGv4iqXIVcOLR9wcdUcefXKBYNt8eui03v0Nb1R8QKnbVoUwlSLuJMTaWB%2BR3RmgYVP33g6OyjSUBQJhmgeQAtQNsJcUOqbA6sDj1klMJXDjztjOyrIY1GEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b1ed46b4f9-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1512&min_rtt=399&rtt_var=1249&sent=21&recv=19&lost=0&retrans=1&sent_bytes=6164&recv_bytes=1689&delivery_rate=8274285&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=1114&x=0"
X-Firefox-Spdy: h2
GET cloudfire.app/api/v1/auth/ton_connect/payload
200 OK 34 B URL GET cloudfire.app/api/v1/auth/ton_connect/payload
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 5a1040aca675e9b73b47a0f4029701b1
4b7950c64dbdc36e25a3fae1b0062646b0f46b78
57e98dea4f852acdbabec703f33074ec795bae2b4523df9798088b7db5dc3cfd
GET /api/v1/auth/ton_connect/payload HTTP/1.1
Host: cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Type: application/json
Authorization:
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: application/json
content-length: 34
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zvzhf5gGir8nglyxDg4X%2BKTmft5U5R%2Bqve4MUiH0aVNS7yUU1vXRrtVglp1pxN3wlye%2FMzIpoY1UAmTp236sT74Fg1AV%2B1k6hjJM2VCL%2BqihwYW6fxULcaVdF%2FPrHNU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b7f994b4f9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=2016&min_rtt=399&rtt_var=2556&sent=49&recv=42&lost=0&retrans=3&sent_bytes=26902&recv_bytes=2086&delivery_rate=12591304&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=2081&x=0"
X-Firefox-Spdy: h2
GET jetrich.xyz/
200 OK 182 B IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type ASCII text, with no line terminators
Hash 3247d9bc61efacfc31ea704c1a48fc6d
e0f0680a55d1940f5be0e7b3dfd539210cbed3f8
71ac5ceed81836732225a6d312dd80dd2316ab655b8d4c9b629853c53e64b641
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
RSC: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%5B%22locale%22%2C%22en%22%2C%22d%22%5D%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22(with-footer)%22%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22click%5C%22%3A%5C%22cePCrHlZ8tc_ceWzoPglc6c%5C%22%7D%22%2C%7B%7D%2C%22%2F%3Fclick%3DcePCrHlZ8tc_ceWzoPglc6c%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D
Next-Router-Prefetch: 1
Next-Url: /en
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
DNT: 1
Connection: keep-alive
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c; can_open_registration_modal=false
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: text/x-component
link: <http://jetrich.xyz/>; rel="alternate"; hreflang="en", <http://jetrich.xyz/ru>; rel="alternate"; hreflang="ru", <http://jetrich.xyz/>; rel="alternate"; hreflang="x-default"
set-cookie: NEXT_LOCALE=en; Path=/; Expires=Mon, 30 Mar 2026 06:31:39 GMT; Max-Age=31536000; SameSite=lax
x-middleware-rewrite: /en
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch, Accept-Encoding
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YmJMwKOzxEmIY0CJjoyV%2Bd8h9GmePnFlxaCmSX9dnGYxQO1mVTRs%2FJVDxW1woEjhYKO8jpVLiJF3jQnmx0pQwX13nrrbmIlNdDCmdwOTDbCSWa0ilTjTM8ki8%2FdzFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b84a941bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1474&min_rtt=800&rtt_var=449&sent=2371&recv=148&lost=0&retrans=0&sent_bytes=2662833&recv_bytes=36708&delivery_rate=285696&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=3992&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/app/global-error-dee13002ff4574cf.js
200 OK 12 kB URL GET jetrich.xyz/_next/static/chunks/app/global-error-dee13002ff4574cf.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/app/global-error-dee13002ff4574cf.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 28 Mar 2025 16:18:19 GMT
etag: W/"2ef0-195dd8c10f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 136665
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPtTAeD%2Fye6pFF%2FY4SHzLXXZqJoX1W6qrnQ4F4TdRqeOWBb1L%2FDwfZ96Lmr5HmTPB%2Bud9rFG%2FIAwM4c6GZRBU9jtlZztBY9FgPaEHAYANiwFPd%2BGYfKiVcTw91vaOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a168e81bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2255&min_rtt=918&rtt_var=1138&sent=640&recv=40&lost=0&retrans=0&sent_bytes=724124&recv_bytes=10474&delivery_rate=45674913&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=312&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F085e7d53905d47ae92e987187f1e6892.webp&w=384&q=75
200 OK 20 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F085e7d53905d47ae92e987187f1e6892.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 4ffb5b29282044a7c4055d9dda90020c
71ae3a9a225489f4563c783411bf1b863d3bb495
875c39749575a191e1995d9f263d2200dbc3ba9ba3e0f13114d2c3a583e97b4d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F085e7d53905d47ae92e987187f1e6892.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 19970
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: h1w5dJV1oZHhmV2fJj0iANvDupuj4PExFNLDpYPpe00
content-disposition: attachment; filename="085e7d53905d47ae92e987187f1e6892.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9qw9XsMiJKj54CpnCHChf314V0wH6EuLVlHGo1nlrwTzb%2FdCTjeANKnwA33rkH5HF%2BI%2BKTeWwYuW69nAi%2ByEDV%2FhkLEnuGI30gg7B2WrYDpT6F6BOr1fD%2Bn0NKzkiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5eb0a1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1830&min_rtt=800&rtt_var=971&sent=1942&recv=126&lost=0&retrans=0&sent_bytes=2177027&recv_bytes=32960&delivery_rate=3821785&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1058&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fb1db22ab0f66408ea960c094ddaa4b8b.webp&w=384&q=75
200 OK 13 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fb1db22ab0f66408ea960c094ddaa4b8b.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash f40253d1bbf2255227afb1f506ec9f97
5e8c7a452e76ea4481f22f92c677c74a709014c2
ed90a4e9dd598db20721aa4168c085520117e9df96374ae6917a3789bb567568
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fb1db22ab0f66408ea960c094ddaa4b8b.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 13228
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: 7ZCk6d1ZjbIHIapBaMCFUgEX6d-WN0rmkXo3ibtWdWg
content-disposition: attachment; filename="b1db22ab0f66408ea960c094ddaa4b8b.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WOYcWmohGkDc%2B69Ma5K76%2FESWr4sEi6D15DgJV7e13e%2BaTQblkCWAgLXMLVBGF5JvCD7TYByzmbytjXay4MFFLzYmCt4TimTGuwy6QhKGGn%2FzdT80I6TPVTD6iU%2B3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5fb171bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1741&min_rtt=800&rtt_var=906&sent=2028&recv=127&lost=0&retrans=0&sent_bytes=2275695&recv_bytes=33006&delivery_rate=14112353&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1066&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc2dd51506d7b4600869181b80af34ab1.webp&w=384&q=75
200 OK 22 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc2dd51506d7b4600869181b80af34ab1.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash f049d7b387bfd446ee615772db17b1fb
feb522dc6e3ca5c377532c72a627acd6c51be34c
a76b87214989d22699f246bde66704f8be4c5911ab113da3528e076037b23d94
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc2dd51506d7b4600869181b80af34ab1.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 21560
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: p2uHIUmJ0iaZ8ka95mcE-L5MWRGrET2jUo4HYDeyPZQ
content-disposition: attachment; filename="c2dd51506d7b4600869181b80af34ab1.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdwOaqxRfS77kp9hvZ0B5rwWvCo5lwxuZdXQB08EGTrsilhtg9BBeijJ83j%2FfZCUJn3xoplE8qO3vNUH7cgCRnIjjFaQuEb4QEHGnEkq4yZJl%2BzFyxQZvONGGcsmIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a60b2c1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1741&min_rtt=800&rtt_var=906&sent=2063&recv=127&lost=0&retrans=0&sent_bytes=2316508&recv_bytes=33006&delivery_rate=14112353&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1068&x=1", cfExtPri, cfHdrFlush;dur=0
GET img.bitgetimg.com/image/third/1731638059795.png
200 OK 2.2 kB URL GET img.bitgetimg.com/image/third/1731638059795.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerAmazon
Subject*.bitgetimg.com
FingerprintF4:B3:2C:E3:B6:9E:92:1B:D7:8E:19:22:0E:08:E3:8F:FB:47:5A:FD
ValidityFri, 17 Jan 2025 00:00:00 GMT - Sun, 15 Feb 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash 66f9465dab82cfa9e91c008cbbd83649
1b5637ff897b66c739fe9988075114d834924582
ac6d46035cd7a544ecf1978702511542f56d35ca51c729551ba0da5bfc5a9176
GET /image/third/1731638059795.png HTTP/1.1
Host: img.bitgetimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 2176
date: Sat, 29 Mar 2025 07:43:19 GMT
last-modified: Fri, 15 Nov 2024 02:34:20 GMT
etag: "66f9465dab82cfa9e91c008cbbd83649"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000;
x-amz-version-id: kTM.fRny3dTfee6kRzxAx9r5poaeak4k
accept-ranges: bytes
server: AmazonS3
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
age: 82101
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: S1NjvXTKqcqz3maHfFg1BbtPjk3ab81TyhflODYfiI6wcL5anedBQg==
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/media/a34f9d1faa5f3315-s.p.woff2
200 OK 49 kB URL GET jetrich.xyz/_next/static/media/a34f9d1faa5f3315-s.p.woff2
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type Web Open Font Format (Version 2), TrueType, length 48556, version 1.0
Hash d4fe31e6a2aebc06b8d6e558c9141119
bcdc4f0b431d4c8065a83bb736c56ff6494d0091
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/media/a34f9d1faa5f3315-s.p.woff2 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
DNT: 1
Connection: keep-alive
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: font/woff2
content-length: 48556
server: cloudflare
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 26 Mar 2025 11:56:47 GMT
etag: W/"bdac-195d24fe818"
cf-cache-status: HIT
age: 234320
priority: u=3,i=?0
accept-ranges: bytes
cf-ray: 928590a128b71bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/static/chunks/241-20e0ff4093f96344.js
200 OK 16 kB URL GET jetrich.xyz/_next/static/chunks/241-20e0ff4093f96344.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (15885), with no line terminators
Hash d741b3d143e104757dea2c2961c96b4f
6e50b5bff4928ed3483defe16f3048ddbb6271b0
95a2ff8a17c1b50771531bfd5017633c6b3a9b9abce59384bf662ec954527933
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/241-20e0ff4093f96344.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"3e0d-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703753
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZLRZrr9uNd7mj8VAG6RS5zqffEH6phQeAm%2BGFSZBGmslgkeIkYUHCN%2FhX9GQvGSWjYHGWSd27JMkmkE%2FapTI4qSPCQyzibxF4ZCTjhup%2F0HUdL%2FV96appB3Yhubmuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a148cb1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3527&min_rtt=2147&rtt_var=1480&sent=101&recv=29&lost=0&retrans=0&sent_bytes=93050&recv_bytes=8310&delivery_rate=963632&cwnd=96000&unsent_bytes=0&cid=040386cfa809f468&ts=296&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/870-8b2b5e8bb48383a6.js
200 OK 33 kB URL GET jetrich.xyz/_next/static/chunks/870-8b2b5e8bb48383a6.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (33202), with no line terminators
Hash 421458d008e27caca4cdf7f6847da0be
e388814882c8488e15767fa9d82fee16dbab6fad
fe750e2e092f08fa55e68dde8a0505b4b70b48ed64245744c43c4a2463a6ffcf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/870-8b2b5e8bb48383a6.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 17 Mar 2025 09:52:31 GMT
etag: W/"81b2-195a384e718"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1110965
priority: u=3,i=?0
cf-ray: 928590a188fa1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fe601c652-07cb-40db-8fd7-6ccc11947277.png&w=828&q=75
200 OK 31 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fe601c652-07cb-40db-8fd7-6ccc11947277.png&w=828&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 828x509, Scaling: [none]x[none], YUV color, decoders should clamp
Hash a626cfc241c278df1b675d44bc3c9970
8af1b8f0744b0e2c4e2bc0b176b31a0fda9a06d9
8c428c4bc93b9cd0232c11f7917bd2cc58b215c18d68684153d0ddadd694bd08
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2Fe601c652-07cb-40db-8fd7-6ccc11947277.png&w=828&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: image/webp
content-length: 30620
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: jEKMS8k7nNAjLBH3kXvSzFiyFcGNaGhBU9DdrdaUvQg
content-disposition: attachment; filename="e601c652-07cb-40db-8fd7-6ccc11947277.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJkd0CrYQZjo3M8BAWfAzbOF%2BR%2FnCnXwlODlcGFrbqIV3aHF2FIJ64eO2THsV%2BZzD%2Bk%2BB21alQjuGuvMpKYZTrKbIKn%2FJyKiAkWl2JHlBLif451I1ghcLKrBslR3Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1b91a1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3105&min_rtt=918&rtt_var=903&sent=1200&recv=71&lost=0&retrans=0&sent_bytes=1359767&recv_bytes=21160&delivery_rate=12025495&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=383&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fcecd73fc-d2ba-4b18-9a97-180aabb9bf07.webp&w=384&q=75
200 OK 26 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fcecd73fc-d2ba-4b18-9a97-180aabb9bf07.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 38fbd1f8d2fb9d868a9e582ece3e2bc0
f2202c9e51c37a8ee8189a73893ddc22815745e8
2f51a5ff884061afa80037238b3b3793a1865089b1fe618d942ed90c4e3e8f60
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fcecd73fc-d2ba-4b18-9a97-180aabb9bf07.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 26404
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: L1Gl_4hAYa-oADcjizs3k6GGUImx_mGNlC7ZDE4-j2A
content-disposition: attachment; filename="cecd73fc-d2ba-4b18-9a97-180aabb9bf07.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 928590a5caef1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET raw.githubusercontent.com/OpenProduct/openmask-extension/main/public/openmask-logo-288.png
200 OK 6.9 kB URL GET raw.githubusercontent.com/OpenProduct/openmask-extension/main/public/openmask-logo-288.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash 01781f31a294a7f938b3465853c3c415
1bd08a5089fea9a6fb60fdecd76d6442167d9830
25ef6e0912f90e0adea8597b19554aa1518521e6cf0a88cfaec303808cf4d4b8
GET /OpenProduct/openmask-extension/main/public/openmask-logo-288.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"3bd3143ce8353aa8b9d4296ec4a937b1000cf8fc46a68e40afc9cb03a4030555"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: ACD6:1B1630:554F8D:628F50:67E22C0A
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 44
x-timer: S1743316300.648930,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 3e74dbd1363d9bcca13172702d128615d092d9d1
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 163
content-length: 6912
X-Firefox-Spdy: h2
GET raw.githubusercontent.com/bitgetwallet/download/refs/heads/main/logo/png/bitget_wallet_lite_logo_288.png
200 OK 38 kB URL GET raw.githubusercontent.com/bitgetwallet/download/refs/heads/main/logo/png/bitget_wallet_lite_logo_288.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit/color RGBA, non-interlaced
Hash b2ac84f64fb5e6a7347a68b2c5839e24
df6f5c7e5b5d50e69035f232831b9a07a74d4eac
d24def78b159d9d1d6365463e702389003a1554b566b28d4b1f63c7ec648af9c
GET /bitgetwallet/download/refs/heads/main/logo/png/bitget_wallet_lite_logo_288.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"76bc11205770460d4bdbcc675fb7d6cad1eccaed86236e9291ea37898fde672c"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 9603:1A6CB0:1A9959A:1E2DF1C:67D8F188
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 11
x-timer: S1743316300.537252,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 71f8e92a324a27e310f469f255bdfa0a50956114
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 40
content-length: 37669
X-Firefox-Spdy: h2
GET jetrich.xyz/favicon/android-chrome-512x512.png
200 OK 183 kB URL GET jetrich.xyz/favicon/android-chrome-512x512.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size 183 kB (182723 bytes)
Hash 2045e1561fdd8e8efbe3668e5f370145
3b11fcc89cbbb8a75d6c19e5daa9b019a7c9a0d1
3d4219ecbddf8df2866691e2fc191945bf97293eef193181b331a239b8ba5577
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon/android-chrome-512x512.png HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c; can_open_registration_modal=false; NEXT_LOCALE=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:40 GMT
content-type: image/png
content-length: 182723
cache-control: public, max-age=14400
last-modified: Tue, 25 Feb 2025 14:20:45 GMT
etag: W/"2c9c3-1953d7b4a48"
cf-cache-status: EXPIRED
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Umhre%2FjKdhjsbKEAYPGTyzLMD7KVTP338tjuShNuZVs7jrOUUHSictl4GFblSViD%2BICnqrqcFzhaaR7aGNq8ejOpSJu4yX%2BAvXH8sDiUD7zT8Ykpc0Dkvi9wU6cb3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590bcdcba1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6077&min_rtt=800&rtt_var=6878&sent=2376&recv=153&lost=0&retrans=1&sent_bytes=2666770&recv_bytes=37594&delivery_rate=60475&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=4733&x=1", cfExtPri, cfHdrFlush;dur=0
GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
200 OK 562 kB URL GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js
IP
Requested by https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
Size 562 kB (561652 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 221651
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 30 Mar 2025 06:12:55 GMT
expires: Mon, 30 Mar 2026 06:12:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 24 Mar 2025 02:01:29 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 1126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST content-firebaseappcheck.googleapis.com/v1/projects/jetton-17a71/apps/1:272619236406:web:9086f1f8da8bfaccb2fc97:exchangeRecaptchaEnterpriseToken?key=AIzaSyAqeAbaOXgU4gCSTpvCysERS2X2DVgfzEo
403 Forbidden 114 B URL POST content-firebaseappcheck.googleapis.com/v1/projects/jetton-17a71/apps/1:272619236406:web:9086f1f8da8bfaccb2fc97:exchangeRecaptchaEnterpriseToken?key=AIzaSyAqeAbaOXgU4gCSTpvCysERS2X2DVgfzEo
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint69:99:38:F9:7C:82:8E:AC:7D:DA:EA:3E:1C:E4:7F:52:1B:36:41:AA
ValidityMon, 10 Mar 2025 08:37:02 GMT - Mon, 02 Jun 2025 08:37:01 GMT
File type ASCII text, with no line terminators
Hash b11f4c8c129ec50af77ce17d89d83297
9c9c0affe7457d72ce3b2c0ecc75fe9bbae6d306
2bbd5bac2b7999417a953e149c09862d15fdfd8fc5663a84a895d7d18f8596b9
POST /v1/projects/jetton-17a71/apps/1:272619236406:web:9086f1f8da8bfaccb2fc97:exchangeRecaptchaEnterpriseToken?key=AIzaSyAqeAbaOXgU4gCSTpvCysERS2X2DVgfzEo HTTP/1.1
Host: content-firebaseappcheck.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Type: application/json
X-Firebase-Client: eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjEwLjE4IGZpcmUtY29yZS1lc20yMDE3LzAuMTAuMTggZmlyZS1qcy8gZmlyZS1qcy1hbGwtYXBwLzExLjIuMCBmaXJlLWFwcC1jaGVjay8wLjguMTEgZmlyZS1hdXRoLzEuOC4yIGZpcmUtYXV0aC1lc20yMDE3LzEuOC4yIiwiZGF0ZXMiOlsiMjAyNS0wMy0zMCJdfV19
Content-Length: 2074
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Sun, 30 Mar 2025 06:31:43 GMT
server: ESF
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://jetrich.xyz
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/chunks/3197-a148140559d7e434.js
200 OK 9.3 kB URL GET jetrich.xyz/_next/static/chunks/3197-a148140559d7e434.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (9393), with no line terminators
Hash c89f989831290b74e0aa5da23503cc59
a2037e3ede6992dedfc28158a381889c971a6062
f263dcbf4f7ca828df93f8c3081443840a3eeac75a23c35960491afa999274e8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/3197-a148140559d7e434.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"243f-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 700160
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sU4SjfFgKj5yIQt7jqCFw279nripIo%2Ftz948NPjOv1s2Y67SPK3oDBmdxmBqu2TOQaZcT5F0Nazcfhp%2Brf4%2FntFaPdSy3OalYjU1QQWJoFrJKNSdCW96U7%2FADy%2FIgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a178f11bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2255&min_rtt=918&rtt_var=1138&sent=658&recv=40&lost=0&retrans=0&sent_bytes=742836&recv_bytes=10474&delivery_rate=45674913&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=317&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F36d9206fa70845519638aba01bafcc35.webp&w=384&q=75
200 OK 12 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F36d9206fa70845519638aba01bafcc35.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 7936be4f9fbb4ab9f185ec3c7504c4cb
748c38c5839196ef2985e8e03ebbb0f7bd99f63e
9ee8c7dac0b3f23aeb924ea435b80825aa274e1d663dadad146776d450eaec6d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F36d9206fa70845519638aba01bafcc35.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 12118
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: nujH2sCz8jrrkk6kNbgIJaonTh1mPa2tFGd21FDq7G0
content-disposition: attachment; filename="36d9206fa70845519638aba01bafcc35.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SDqu0KCfW%2FWsUShLi%2Fp7aYQT05nXAfx09q%2BN8zz9Wdr8GO%2FcE7n496swbkLq0Jc7z%2Ffgack6KYNLC8gOG97rlMk%2B5yOUTvK7784F1ZFcqqvOylYTlI%2FPROPkNPYCWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5eb011bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1774&min_rtt=891&rtt_var=566&sent=1822&recv=117&lost=0&retrans=0&sent_bytes=2049402&recv_bytes=30449&delivery_rate=7099336&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1043&x=1", cfExtPri, cfHdrFlush;dur=0
OPTIONS cloudfire.app/api/v1/languages?mode=1
200 OK 2 B URL OPTIONS cloudfire.app/api/v1/languages?mode=1
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /api/v1/languages?mode=1 HTTP/1.1
Host: cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type
Referer: https://jetrich.xyz/
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:38 GMT
content-type: text/plain; charset=utf-8
content-length: 2
vary: Origin
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://jetrich.xyz
access-control-allow-headers: authorization,content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w8yWrkNUF2gg6joWfKceY%2F2ttecIxEHkhDnu%2FRaQK6%2BddbqCL3GiuATTI1JBLbCtR6v04TqIYuBUd0rEhM%2F2PdFv5uzHmUH4gYcZX09Rjd5Qe%2F0fgVGFoKYrM9X%2BTLE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b18d0fb4f9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=959&min_rtt=399&rtt_var=670&sent=16&recv=16&lost=0&retrans=1&sent_bytes=4633&recv_bytes=1514&delivery_rate=8274285&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=1055&x=0"
X-Firefox-Spdy: h2
GET xtonwallet.com/assets/img/icon-256-back.png
200 OK 7.7 kB URL GET xtonwallet.com/assets/img/icon-256-back.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectxtonwallet.com
FingerprintF3:E2:76:94:02:06:E0:F8:E1:DB:06:99:1A:5F:C5:85:73:D7:0C:3D
ValidityThu, 06 Mar 2025 06:35:20 GMT - Wed, 04 Jun 2025 07:32:51 GMT
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Hash 0983df3ca4f09d3d163cc00073d732da
eae458b0b90c8b7c54fa7ee30a19262b4f6d322b
ace8dd194c4e421b91d44669bab890974dc28265a1196dd41c48c70abe8debc0
GET /assets/img/icon-256-back.png HTTP/1.1
Host: xtonwallet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: image/png
content-length: 7747
last-modified: Fri, 07 Apr 2023 15:34:09 GMT
access-control-allow-origin: *
etag: "643037f1-1e43"
expires: Tue, 04 Mar 2025 04:39:27 GMT
cache-control: max-age=14400
x-proxy-cache: MISS
x-github-request-id: 240B:2740C3:65F50:7F329:67A31D7B
accept-ranges: bytes
via: 1.1 varnish
age: 496
x-served-by: cache-bma1683-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1740426857.860374,VS0,VE2
vary: Accept-Encoding
x-fastly-request-id: bf5a6af753080eadb5f43e775abc88ebdeb9d90a
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bj1ivrChd0IkRFWUOKWY4V1DUolZFfKsuByGvg1m6PadgweSDZPITwKZalQktYkC2QqiFR6qPjnJQSwxSwtGgUGS8MA%2FPHPUA4SdYohXpC0%2BlIWc0%2BjPgR47FXioMx1Pcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b89f11b518-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=484&min_rtt=430&rtt_var=153&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3206&recv_bytes=1060&delivery_rate=6995169&cwnd=253&unsent_bytes=0&cid=70144ff94cf2983d&ts=133&x=0"
X-Firefox-Spdy: h2
OPTIONS cloudfire.app/api/v1/auth/ton_connect/payload
200 OK 2 B URL OPTIONS cloudfire.app/api/v1/auth/ton_connect/payload
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectcloudfire.app
FingerprintC2:0E:9B:75:E2:F5:4D:D3:0D:65:D5:42:4D:78:96:51:FD:F7:03:E2
ValiditySun, 02 Feb 2025 21:59:36 GMT - Sat, 03 May 2025 22:59:29 GMT
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /api/v1/auth/ton_connect/payload HTTP/1.1
Host: cloudfire.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type
Referer: https://jetrich.xyz/
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 30 Mar 2025 06:31:39 GMT
content-type: text/plain; charset=utf-8
content-length: 2
vary: Origin
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://jetrich.xyz
access-control-allow-headers: authorization,content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4NZd34T6G4K8FR4hds62Cw8LFdhaboVYOOGAD7wfH449hRYs4zXfE%2FLWWqC%2FEwZ%2Fuf6uk5iTe6VT6WyPkSyskGQ06EzTgEA%2FSTHtefCFySJV8nNMWHS4PQlfwL4k1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590b79950b4f9-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1161&min_rtt=399&rtt_var=1129&sent=45&recv=40&lost=0&retrans=2&sent_bytes=26353&recv_bytes=1985&delivery_rate=12591304&cwnd=256&unsent_bytes=0&cid=ba45ca1384a41d90&ts=2023&x=0"
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/error-f045c9b969a69351.js
200 OK 12 kB URL GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/error-f045c9b969a69351.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (12350), with no line terminators
Hash 3ea7e341cd01db6dacb0442830728509
732e36fd57c187393dfd3a82f8e8ae186afa49ff
29aaed66b93ea5eb48127d73eaa58cc671b15421a7939bc4c459aa3164b0fb91
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/app/%5Blocale%5D/error-f045c9b969a69351.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 28 Mar 2025 16:18:19 GMT
etag: W/"303e-195dd8c10f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 136660
priority: u=3,i=?0
cf-ray: 928590a1a9161bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET static.okx.com/cdn/assets/imgs/2411/8BE1A4A434D8F58A.png
200 OK 9.9 kB URL GET static.okx.com/cdn/assets/imgs/2411/8BE1A4A434D8F58A.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerDigiCert Inc
Subject*.okx.com
FingerprintC4:18:3B:E2:78:D1:6C:7B:5D:22:7A:D7:70:FE:B9:CE:F0:FC:D5:B6
ValidityMon, 04 Nov 2024 00:00:00 GMT - Tue, 02 Dec 2025 23:59:59 GMT
File type PNG image data, 288 x 288, 8-bit colormap, non-interlaced
Hash e9591fdf0a345b0f941b3b7539f93029
e02d4eaf76c848f97015b5ad68cfc3bd8d933d81
25cf7ad2b8096da84a50cc694883fb1ba05803607fbb4f38d0fa2b78c3562244
GET /cdn/assets/imgs/2411/8BE1A4A434D8F58A.png HTTP/1.1
Host: static.okx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 9949
server: Tengine
x-oss-server-side-encryption: AES256
x-oss-cdn-auth: success
date: Fri, 07 Mar 2025 02:18:02 GMT
x-oss-request-id: 67CA575A337D793332A0FD15
x-oss-storage-class: Standard
x-oss-object-type: Normal
access-control-allow-methods: GET, POST, PUT
access-control-expose-headers: etag, x-oss-request-id
access-control-allow-origin: *
access-control-max-age: 3600
x-oss-hash-crc64ecma: 12924123756059949631
etag: "E9591FDF0A345B0F941B3B7539F93029"
x-oss-server-time: 4
content-md5: 6Vkf3wo0Ww+UGzt1OfkwKQ==
last-modified: Tue, 05 Nov 2024 14:25:18 GMT
accept-ranges: bytes
via: cache19.l2sg5[62,62,200-0,H], cache35.l2sg5[63,0], ens-cache12.de5[240,239,200-0,M], ens-cache8.de5[240,0], 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
ali-swift-global-savetime: 1741313882
x-swift-savetime: Fri, 07 Mar 2025 02:18:03 GMT
x-swift-cachetime: 3600
cache-control: public,max-age=31536000
timing-allow-origin: *
eagleid: a3b55c9c17413138828048960e
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Cu1-SGvg-NJ8BjE9-TVnj9GR3rq-nB5HWyZmea7sh1q6iBwlw1KgVA==
age: 2002416
X-Firefox-Spdy: h2
GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/styles__ltr.css
200 OK 79 kB URL GET www.gstatic.com/recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/styles__ltr.css
IP
Requested by https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash ada37a51f2c5a7fc2d0a7e8e01ee2089
74095bb0eaa20a9b7636fd4e9361fb41115a5cbc
cc4b8a3c3cbb7f77dbc336386223eb1e26dc401a9d754e8630ee0989846261a4
GET /recaptcha/releases/hbAq-YhJxOnlU-7cpgBoAJHb/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 42057
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Mar 2025 10:03:30 GMT
expires: Sat, 28 Mar 2026 10:03:30 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 24 Mar 2025 02:01:29 GMT
content-type: text/css
vary: Accept-Encoding
age: 160091
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
200 OK 0 B URL POST www.google.com/recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subject*.google.com
FingerprintB5:4D:C5:27:B4:49:22:F3:21:DF:88:3D:E6:05:D6:A1:02:98:C7:E2
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recaptcha/enterprise/clr?k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jetrich.xyz/
Content-Length: 1596
Origin: https://jetrich.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/binary
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Sun, 30 Mar 2025 06:31:43 GMT
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET jetrich.xyz/_next/static/chunks/8866-07bd19ac1058815c.js
200 OK 201 kB URL GET jetrich.xyz/_next/static/chunks/8866-07bd19ac1058815c.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 201 kB (201061 bytes)
Hash fe2bc8064c1172dfa4f25f3957d5da22
b1b4bffa574f2eec2e89898161c6894cd57146b2
172145c5c29526323c582a7800ce921e392428cd0cc453caa9770aea01963fcb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/8866-07bd19ac1058815c.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
cache-control: public, max-age=31536000, immutable
last-modified: Mon, 17 Mar 2025 09:52:31 GMT
etag: W/"31165-195a384e718"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 1110965
priority: u=3,i=?0
cf-ray: 928590a138c11bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/(main)/(with-footer)/layout-29a8588b1f837fa5.js
200 OK 28 kB URL GET jetrich.xyz/_next/static/chunks/app/%5Blocale%5D/(main)/(with-footer)/layout-29a8588b1f837fa5.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (27991), with no line terminators
Hash eb9a6f494856f92fe94135156b03b68f
82d6ef8d4a89be163cc87e05f2c0d203f279d5f7
ab95f04910961c0f8655f8d61ad8d564f6696c7b565c82a3f65a78b4ea7dba78
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/app/%5Blocale%5D/(main)/(with-footer)/layout-29a8588b1f837fa5.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 28 Mar 2025 16:18:19 GMT
etag: W/"6d57-195dd8c10f8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 136666
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4klPAAizbEa79Hu0tP4T1SUjkol59Xg3bC43FDqiXnu9WHf9O5ndXRSiz7Hf1vGZLtDaf%2BXN7LTv1wxNpXPuc%2FISmLM2lXrAZQtvRZTd6gAWls6s5B7bHDe8TEVXsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a168e71bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2251&min_rtt=918&rtt_var=1506&sent=435&recv=38&lost=0&retrans=0&sent_bytes=489076&recv_bytes=9838&delivery_rate=25233126&cwnd=216000&unsent_bytes=0&cid=040386cfa809f468&ts=307&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/media/a34f9d1faa5f3315-s.p.woff2
200 OK 49 kB URL GET jetrich.xyz/_next/static/media/a34f9d1faa5f3315-s.p.woff2
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type Web Open Font Format (Version 2), TrueType, length 48556, version 1.0
Hash d4fe31e6a2aebc06b8d6e558c9141119
bcdc4f0b431d4c8065a83bb736c56ff6494d0091
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/media/a34f9d1faa5f3315-s.p.woff2 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/_next/static/css/29b8c8630f8fa455.css
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: font/woff2
content-length: 48556
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 26 Mar 2025 11:56:47 GMT
etag: W/"bdac-195d24fe818"
cf-cache-status: HIT
age: 234321
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zujflHc99B1OqbPfnwxVjRFhqr4e%2B%2BIULB9OHWgQ%2FDGU0KtxyTGm4Wi1E8bUhIXXbfNPuibkZnvYZCOgMYuLwSX1wtY9IeSmUN7EFn0PiyQWUCNT0HQFEaSwn4dTdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 928590a4ba701bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1954&min_rtt=891&rtt_var=537&sent=1474&recv=89&lost=0&retrans=0&sent_bytes=1666583&recv_bytes=22613&delivery_rate=16832085&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=839&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ff6fdcb00-1d4c-4bb9-a563-00b05a9acf9f.webp&w=384&q=75
200 OK 20 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ff6fdcb00-1d4c-4bb9-a563-00b05a9acf9f.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 4b50b890c25a7d91bcdf9e0224a59502
9c04cb7452679c4c4ae3c00f5634b4282224138d
a2b852620f1c2e8749c9a30135ecc778b786adc483a22fa79ab4adae8f54269a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Ff6fdcb00-1d4c-4bb9-a563-00b05a9acf9f.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 19462
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: orhSYg8cLodJyaMBNezHeLeGrcSDoi-nmrStro9UJpo
content-disposition: attachment; filename="f6fdcb00-1d4c-4bb9-a563-00b05a9acf9f.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9IYAhzCB9VtirANzMVAFKzN1y2B8u66ME5h8onjqWFFD0Oer36XSpXECkpfxwNw4kwX51l8brzJM6AHcFLqPHrE%2BBkR8JCAJhJ1AfGjW2t0GvGFlYveT12Ph8dcdkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a60b261bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1741&min_rtt=800&rtt_var=906&sent=1968&recv=127&lost=0&retrans=0&sent_bytes=2205918&recv_bytes=33006&delivery_rate=14112353&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1065&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc1e6cc29110f4307b3521af214618fbe.webp&w=384&q=75
200 OK 23 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc1e6cc29110f4307b3521af214618fbe.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash cc1119e993070ea1be871c5fa52fc52e
54186d10c32fdf4b03276a51553089b6db62a7bb
e49a3b958b2358e3790b5d8454c35406bf9d879b33c536cfeaf214770fe5d0d8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Fc1e6cc29110f4307b3521af214618fbe.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 23304
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: 5Jo7lYsjWON5C12EVMNUBr-dh5szxTbP6vIUdw_l0Ng
content-disposition: attachment; filename="c1e6cc29110f4307b3521af214618fbe.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SHS2eWjKupTd9WZY40BxdUkEKjcIm4GHR9e48hgmPc9vvoYF5Su1PHEHcEC%2BcLt%2BGMA%2B6ZNSGDH4ZkqNoDbx6tE5owPYqf%2BWiYkaXSvLd1TSCqhGwy4zwNSBYKbgaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a60b291bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1741&min_rtt=800&rtt_var=906&sent=2053&recv=127&lost=0&retrans=0&sent_bytes=2304508&recv_bytes=33006&delivery_rate=14112353&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1068&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/2047-fef3d4ee14faf3b7.js
200 OK 13 kB URL GET jetrich.xyz/_next/static/chunks/2047-fef3d4ee14faf3b7.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (13416), with no line terminators
Hash cd92f4440b62b39afb2adb53bce7101e
60188f884fdeacf2d85c46390584fa98e3e21cf7
59c46e1c5136b82fb878a3e7835fc0003f11091eef280a0f6fc133531fc0a0de
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/2047-fef3d4ee14faf3b7.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"3468-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 703753
priority: u=3,i=?0
cf-ray: 928590a148cf1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Feaae629494e14bb5ae4f32ab6416b299.webp&w=384&q=75
200 OK 11 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Feaae629494e14bb5ae4f32ab6416b299.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 676f63c231a120be451374235a918ba9
a11423aba888b4d8f0594ec56f2aa12fc8c0c7c6
51976675691ecb24851766e9178f48f0da8f6fe7d897101f2faf14682dc90e7c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2Feaae629494e14bb5ae4f32ab6416b299.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 11104
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: UZdmdWkeyySFF2bpF49I8NqPb-fYlxAfL68UaC3JDnw
content-disposition: attachment; filename="eaae629494e14bb5ae4f32ab6416b299.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f5X6KBJjZNLwGlr%2FSPJDbaDL5V7%2FpsKtlgUmhvkxzZ%2BWsvGasXY05iNhhoo50tZfLXKnbXpLeTJaRwVyZlmfJkA4AVyKLouI7RZHRt7aOYaKJ8VzR9xGo8azrYIV2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a5eb071bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1902&min_rtt=800&rtt_var=1102&sent=1902&recv=125&lost=0&retrans=0&sent_bytes=2132624&recv_bytes=32914&delivery_rate=7587&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1056&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/7970-fc8590a62af6ef29.js
200 OK 14 kB URL GET jetrich.xyz/_next/static/chunks/7970-fc8590a62af6ef29.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (13923), with no line terminators
Hash c9a8018a13772d147d3254985dbdc2e3
90c1ebcaaa12e1907b715e30f3b51910a48e7b47
4bed2c53b5bc25ff2343b40ba80b1681c916f669779eb7b864d5c21b84789c0f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/7970-fc8590a62af6ef29.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Thu, 20 Mar 2025 14:56:34 GMT
etag: W/"3663-195b40e58d0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 821680
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6e1XA3OM4DSSmm%2F86qwDRhRHsuphU4PtN8ZNIR%2Ftinu%2Ft%2FSnustJIpCMNzx4n%2FXSVMB0qaLdmtdjJ0Z1s%2B98zNMZF%2BvSYvH5UYPxtxDfam6nIdocDkCaCgpHesK07A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a138c41bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3925&min_rtt=2849&rtt_var=1876&sent=53&recv=20&lost=0&retrans=0&sent_bytes=40358&recv_bytes=4635&delivery_rate=45522&cwnd=24000&unsent_bytes=0&cid=040386cfa809f468&ts=287&x=1", cfExtPri, cfHdrFlush;dur=7
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F6f6a45d1-a1ab-4e47-9b07-032b95d2dcc1.png&w=828&q=75
200 OK 38 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F6f6a45d1-a1ab-4e47-9b07-032b95d2dcc1.png&w=828&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 828x506, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 9de0918fa2bc3b681d83ff017f44c43c
976d65c74bad31f7f777e455c327b8b06d3ceab0
40787985ac64f472463925add760562010e1cd74e69646df2ffdb0740970bbdd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F6f6a45d1-a1ab-4e47-9b07-032b95d2dcc1.png&w=828&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 37660
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: QHh5haxk9HJGOSWt12BWIBDhzXTmlkbfL_2wdAlwu90
content-disposition: attachment; filename="6f6a45d1-a1ab-4e47-9b07-032b95d2dcc1.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 928590a1c9261bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F371c8407885c4aab9397494c931a9f8d.webp&w=384&q=75
200 OK 24 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F371c8407885c4aab9397494c931a9f8d.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash bf6e2aed1cf422371238f6a65245d2f5
69ac6d1b733d0615dd2f467c020db3616e264c4b
db72823bb437ae92b817beabdfc069fc6889b78455dcb52a46ebcfc825fc8771
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F371c8407885c4aab9397494c931a9f8d.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 24208
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: 23KCO7Q3rpK4F76r38Bp_GiJt4RV3LUqRuvPyCX8h3E
content-disposition: attachment; filename="371c8407885c4aab9397494c931a9f8d.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6p4PlUJkGtABWVf2dRn9VnOuKVfPUt2dPNNUPTz4KqL86UUDT1BETRPgpA%2FGod8%2BAwHrONhxso7SKTD1%2FH0OMEEji3Ld7cZwYDYFBLs0hrsETNoX%2F1%2Btgiof7%2BZkNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a60b281bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1741&min_rtt=800&rtt_var=906&sent=2006&recv=127&lost=0&retrans=0&sent_bytes=2250053&recv_bytes=33006&delivery_rate=14112353&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1066&x=1", cfExtPri, cfHdrFlush;dur=0
GET raw.githubusercontent.com/delab-team/manifests-images/main/WalletAvatar.png
200 OK 125 kB URL GET raw.githubusercontent.com/delab-team/manifests-images/main/WalletAvatar.png
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type PNG image data, 500 x 500, 8-bit grayscale, non-interlaced
Size 125 kB (125350 bytes)
Hash 76785cabe454661186dde236a5e887be
037a3fdb5a329176006e067a17047146157568cf
3f7399ef75d19d2278cfe2b9a7bc1fb8d396de9f28806f60e730f1734a2fa015
GET /delab-team/manifests-images/main/WalletAvatar.png HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: image/png
etag: W/"8dbb8cf969074110c12c47e9e303ff0e0ce7e7f65699b681d502c8cb9ec6f330"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 2030:16E74A:5A788F:6658C1:67DE0E13
accept-ranges: bytes
date: Sun, 30 Mar 2025 06:31:39 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 61
x-timer: S1743316300.598627,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 84e3ce50865986629ace97d0d004d745be29bab1
expires: Sun, 30 Mar 2025 06:36:39 GMT
source-age: 236
content-length: 125350
X-Firefox-Spdy: h2
GET jetrich.xyz/_next/static/chunks/3688-a4053f235abaa589.js
200 OK 168 kB URL GET jetrich.xyz/_next/static/chunks/3688-a4053f235abaa589.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
Size 168 kB (168529 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/3688-a4053f235abaa589.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Fri, 21 Mar 2025 20:24:54 GMT
etag: W/"29251-195ba614df0"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 700159
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C7UxOoXoyCp%2BzEHmSqjcPgJlP5dZ3PDegU2NQJeSMD5czwXM5e0t5woRVh%2BuHigJNPP37UvNsMe3R0ShFC6Wsjk8dWmY%2BOjL4u%2FjGYhzNOGHHN5%2BEQI6pnKntuJtig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a189011bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=779&recv=49&lost=0&retrans=0&sent_bytes=877021&recv_bytes=13915&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=335&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/static/chunks/1085-af830896873e67d0.js
200 OK 33 kB URL GET jetrich.xyz/_next/static/chunks/1085-af830896873e67d0.js
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type JavaScript source, ASCII text, with very long lines (32934), with no line terminators
Hash 31bb15785a0e839f7b661d197d77afe0
85f8d61a85866b5367532989f0fa9bf966754473
8d8a0086f0f049c8b07c5092e923d2baed2f8b14347fe8c99784f73dcf64b365
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/static/chunks/1085-af830896873e67d0.js HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 26 Mar 2025 11:56:47 GMT
etag: W/"80a6-195d24fe818"
vary: Accept-Encoding
content-encoding: gzip
age: 303462
cf-cache-status: HIT
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fn6NL0ebZ25uc9q2u6qntr2xfubRxjLnqdgyruJ%2FXWjbKnjUiT1zTDtKW2bs63UGJhz10FhQmDRRhBRsUHrLN94arSoMiVnA9%2B%2BGEFaxXrFqi9%2B29LLUgJeLwKAZgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a189021bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2356&min_rtt=918&rtt_var=1140&sent=769&recv=49&lost=0&retrans=0&sent_bytes=865982&recv_bytes=13915&delivery_rate=2211972&cwnd=432000&unsent_bytes=0&cid=040386cfa809f468&ts=334&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F543dda16-55ba-477a-a836-ca2e2415f7b4.png&w=828&q=75
200 OK 44 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F543dda16-55ba-477a-a836-ca2e2415f7b4.png&w=828&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image
Hash f920e677e3a372eb7476ad6c1daa1acf
c3e8575d70733a5e8ffbb46f3ae9116548219835
5b24ff7f70dfafa2ad23e477071f84632421ecdd2a0a61026fe380a0a491dc62
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F543dda16-55ba-477a-a836-ca2e2415f7b4.png&w=828&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:35 GMT
content-type: image/webp
content-length: 44070
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: WyT_f3Dfr6KtI-R3Bx-EYyQh7N0qCmECb-OAoKSR3GI
content-disposition: attachment; filename="543dda16-55ba-477a-a836-ca2e2415f7b4.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 928590a1c9271bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F569fd3e0-0d12-4f8e-b601-bb85a7fbe0f6.png&w=384&q=75
200 OK 9.0 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F569fd3e0-0d12-4f8e-b601-bb85a7fbe0f6.png&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 336x328, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 21a9319a7fe7628c9adbfd43d0e1c5fd
501086ede378cf71a3f6dde714af95798a278b64
9440ad829be3fba3894318b5a86fb39cbb33104435cadb27d170134867d4b807
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames.cloudfire.app%2Fimages%2Ftournaments%2F569fd3e0-0d12-4f8e-b601-bb85a7fbe0f6.png&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 9034
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: lECtgpvj-6OJQxi1qG-znLszEEQ1ytsn0XATSGfUuAc
content-disposition: attachment; filename="569fd3e0-0d12-4f8e-b601-bb85a7fbe0f6.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GmR7YgYN4NiamHl1y3PGMQ1Krwszepa0oqSGf6qw3BYfrhr47wGL19hIlY3ztX62f%2BUAsnN75xlRRJtubiroX2FrCXoOF7S4l6bUBxX1d5w%2BE5XFlAGG%2BXD3%2Bd2Kaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a1c92e1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2546&min_rtt=918&rtt_var=939&sent=1270&recv=76&lost=0&retrans=0&sent_bytes=1439384&recv_bytes=21386&delivery_rate=13256694&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=400&x=1", cfExtPri, cfHdrFlush;dur=0
GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F426de23515354096a8a0a90d2253ecbe.webp&w=384&q=75
200 OK 25 kB URL GET jetrich.xyz/_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F426de23515354096a8a0a90d2253ecbe.webp&w=384&q=75
IP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerGoogle Trust Services
Subjectjetrich.xyz
Fingerprint5A:6E:00:72:A0:2F:41:37:01:C9:60:96:CB:3C:80:CA:AC:DB:EC:9B
ValidityThu, 13 Feb 2025 10:28:07 GMT - Wed, 14 May 2025 11:24:15 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 384x516, Scaling: [none]x[none], YUV color, decoders should clamp
Hash 2c80d868a69635f176a4eccea0bd5bed
d106c816550a125c8bb512cebcf9d8a8ac70425b
5d0d593ea4749ab6a54e9ae818ec69a481d2b2d0ddfb3c7fd5abbfbe3085a634
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /_next/image?url=https%3A%2F%2Fgames-evo.cloudfire.app%2F426de23515354096a8a0a90d2253ecbe.webp&w=384&q=75 HTTP/1.1
Host: jetrich.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Cookie: promo=cePCrHlZ8tc_ceWzoPglc6c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 30 Mar 2025 06:31:36 GMT
content-type: image/webp
content-length: 24990
vary: Accept
cache-control: public, max-age=14400, must-revalidate
etag: XQ1ZPqR0mralTproGOxppIHSstDd-zx_1au_vjCFpjQ
content-disposition: attachment; filename="426de23515354096a8a0a90d2253ecbe.webp"
content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
x-nextjs-cache: HIT
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kNrSZ5J%2BwXKcFTToxPrX8fmR8G0HL5A6yUBfOs%2BVyIfpXJHAtU%2FxFwd1MkAcZNRCRmqFWG%2BVGQG9JWccpNdxNRNSjTNuhsIHj06u4wv%2Bo7GnS1I3t3blaa7zB7D87w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 928590a60b2b1bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1562&min_rtt=800&rtt_var=647&sent=2105&recv=130&lost=0&retrans=0&sent_bytes=2362774&recv_bytes=33144&delivery_rate=870002&cwnd=727200&unsent_bytes=0&cid=040386cfa809f468&ts=1096&x=1", cfExtPri, cfHdrFlush;dur=0
GET jtsupport.rox.chat/l/v/get-online-status?callback=roxchatApplyOnlineStatusResponse
200 OK 129 B URL GET jtsupport.rox.chat/l/v/get-online-status?callback=roxchatApplyOnlineStatusResponse
IP
ASN #48716 PS Internet Company LLP
Requested by https://jetrich.xyz/?click=cePCrHlZ8tc_ceWzoPglc6c
Certificate IssuerLet's Encrypt
Subjectrox.chat
FingerprintDC:37:C2:DF:6C:C9:B5:8D:B0:7A:1C:48:0E:40:47:E8:92:7E:AF:BE
ValidityFri, 07 Mar 2025 13:05:52 GMT - Thu, 05 Jun 2025 13:05:51 GMT
File type ASCII text, with no line terminators
Hash 039972039b68cd7f850bf2243c92c637
43519b4fc9e5389542f5c1f7a1b80dd963aae3a0
c90a4b52a167933f885c96df2500d74754e40b5f7f4cc3f8f94db07a620c23ef
GET /l/v/get-online-status?callback=roxchatApplyOnlineStatusResponse HTTP/1.1
Host: jtsupport.rox.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jetrich.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 30 Mar 2025 06:31:41 GMT
Content-Type: application/x-javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Roxchat-Version: 2025.1.1
Etag: W/"cd188d71996d09cac75352a4843f0765d4811b8b"
X-Frame-Options: allow-from https://front.jtstage.xyz/ https://jetton.icu/ https://jetton.games/ https://jetton.buzz/ https://jt-front-main-gitlab-prod.vercel.app/ https://jetton.onl/ https://jetton.uno/
Content-Encoding: gzip
GET fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL GET fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
Requested by https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LekTG8qAAAAANcm4s6U9bgIWnIK3z-HE6mBL9XH&co=aHR0cHM6Ly9qZXRyaWNoLnh5ejo0NDM.&hl=en&v=hbAq-YhJxOnlU-7cpgBoAJHb&size=invisible&cb=96jpaonjdmn5
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Mar 2025 09:35:39 GMT
expires: Fri, 27 Mar 2026 09:35:39 GMT
cache-control: public, max-age=31536000
age: 248162
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
172.67.212.157
154.85.67.11
185.199.111.153
185.102.74.235