Report - chemicalssmuglyuntying.com/r/dir?abvar=0&afid=5743342501296640&bb=0&cd=24&cha=x86&chb=64&chbr="Google+Chrome";v="131",+"Chromium";v="131",+"Not_A+Brand";v="24"&chf="Google+Chrome";v="131.0.6778.265",+"Chromium";v="131.0.6778.265",+"Not_A+Brand";v="24.0.0.0"&chm=false&chmd=&chp=Windows&chv=10.0.0&cnvs=1&cti=0&de=0&dl=10&eclog=0&es=14&fdl=1&febuild=1.0.451&fn=3&ge=2&im=1&ix=0&lang=de-DE&ls=1&md=0&nojs=0&os=-60&pb=a4a5bc6705d0d427296af3e1dffb0e721737113019&pbc=jCoFVHrQhYu7PYpn&pbu=FCl6n9wThMG7PYpn&pf=Win32&pload=297&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&psp=iJBEtBAhY6mBcxeeXmXLL1lCO_37-uu7U6EgV7D7yUqLvoxuikavR4Cr7t06w2cjWJqKDn7NGLqiiUEj-H9ukzizwnnls-sIcdbEfLQk_Qadjqia5pnMn9z34fXXgfWDrBH_q-SgdxkLdMwmARPnsfX9II0MmwFIq9MsQN1yH51vAKZ-p9xRi9-JFh0-Fg5kmdnxEVW5A0G5_XeduXzGf2s-Eod4Fb-LOYaUxcpeuBiGyCo0uk05ymvboACebJ2sPJRzNf_71Eu8SzXZs13qMetIMCTgT5UYbzAzE323Ieosy04AjUUMK9HneBFsJcGA&psr=0LAD4vZaHR0cHM6Ly9jbG91ZHdpc2gueHl6Lw&psu=qQGW0nsaHR0cHM6Ly9jaGVtaWNhbHNzbXVnbHl1bnR5aW5nLmNvbS8yMDI4MjQ0Lw&rlp=[0,0,103.2999999821186,101.7999999821186,17.600000023841858,305.5,166.10000002384186,171.2000000178814]&rtt=50&ss=1&t=0&th=Ii3&tz=Europe/Berlin&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&vcv=Google+Inc.+(NVIDIA)&vp=0&wcks=1&wgl=1&x=1920&y=953&zoneid=2028244

Report Overview

Visited public
2025-01-17 09:24:29
Tags
Submit Tags
URL
chemicalssmuglyuntying.com/r/dir?abvar=0&afid=5743342501296640&bb=0&cd=24&cha=x86&chb=64&chbr="Google+Chrome";v="131",+"Chromium";v="131",+"Not_A+Brand";v="24"&chf="Google+Chrome";v="131.0.6778.265",+"Chromium";v="131.0.6778.265",+"Not_A+Brand";v="24.0.0.0"&chm=false&chmd=&chp=Windows&chv=10.0.0&cnvs=1&cti=0&de=0&dl=10&eclog=0&es=14&fdl=1&febuild=1.0.451&fn=3&ge=2&im=1&ix=0&lang=de-DE&ls=1&md=0&nojs=0&os=-60&pb=a4a5bc6705d0d427296af3e1dffb0e721737113019&pbc=jCoFVHrQhYu7PYpn&pbu=FCl6n9wThMG7PYpn&pf=Win32&pload=297&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&psp=iJBEtBAhY6mBcxeeXmXLL1lCO_37-uu7U6EgV7D7yUqLvoxuikavR4Cr7t06w2cjWJqKDn7NGLqiiUEj-H9ukzizwnnls-sIcdbEfLQk_Qadjqia5pnMn9z34fXXgfWDrBH_q-SgdxkLdMwmARPnsfX9II0MmwFIq9MsQN1yH51vAKZ-p9xRi9-JFh0-Fg5kmdnxEVW5A0G5_XeduXzGf2s-Eod4Fb-LOYaUxcpeuBiGyCo0uk05ymvboACebJ2sPJRzNf_71Eu8SzXZs13qMetIMCTgT5UYbzAzE323Ieosy04AjUUMK9HneBFsJcGA&psr=0LAD4vZaHR0cHM6Ly9jbG91ZHdpc2gueHl6Lw&psu=qQGW0nsaHR0cHM6Ly9jaGVtaWNhbHNzbXVnbHl1bnR5aW5nLmNvbS8yMDI4MjQ0Lw&rlp=[0,0,103.2999999821186,101.7999999821186,17.600000023841858,305.5,166.10000002384186,171.2000000178814]&rtt=50&ss=1&t=0&th=Ii3&tz=Europe/Berlin&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&vcv=Google+Inc.+(NVIDIA)&vp=0&wcks=1&wgl=1&x=1920&y=953&zoneid=2028244
Finishing URL
interestingsomething.com/?di={debug_id}&dt=1&dp=1
IP / ASN
94.242.247.22
#7979 SERVERS-COM
Title
Piupiu Starship

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
chemicalssmuglyuntying.com	unknown	2024-12-13	2025-01-06	2025-01-10	1.8 kB	702 B	94.242.247.22
interestingsomething.com	unknown	2024-05-28	2024-08-27	2025-01-11	4.8 kB	4.4 MB	88.211.205.212
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-01-15	450 B	1.6 kB	142.250.74.10
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-01-15	530 B	24 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed
2025-01-17	medium	interestingsomething.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	interestingsomething.com/?di={debug_id}&dt=1&dp=1	ScriptElement	40 B	2024-02-06	2025-06-20
Pretty URL interestingsomething.com/?di={debug_id}&dt=1&dp=1 IP 88.211.205.212 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-06 23:48 Last Seen2025-06-20 20:23 Times Seen99 Hash 8de3e81e96fffedea6408d0d5e4f9e24 e6aad834cb60d3a439f7feaeddfd31e4bf00dfd0 37d60765e1812672536703eca7dbc4a481038b7f50a259c8b747e581cedd8465 Loading...

	interestingsomething.com/js/dwl.js	ScriptElement	31 kB	2025-01-11	2025-07-11
Pretty URL interestingsomething.com/js/dwl.js IP 88.211.205.212 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-11 10:31 Last Seen2025-07-11 03:39 Times Seen40 Hash a0fabac2daf48532544702d374cc3ec1 c6f2a308a80afba8ed08410df28d3b7be49276b2 426d14900f0b77627eff1fccdc03084b4950431edefb3ae4ef00f7dd64e94abe Loading...

	interestingsomething.com/js/main.js	ScriptElement	10 kB	2024-12-07	2025-07-11
Pretty URL interestingsomething.com/js/main.js IP 88.211.205.212 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-07 07:07 Last Seen2025-07-11 03:39 Times Seen41 Hash 86cf8dad8b32d774e69c625b5b6d4369 4a508aa379759888777d4ca0db1824e0ff464851 780f62bd0568833036ca1d8242c8ae52ca6f6eae944f401f8ea4961c289cd9e1 Loading...

		Size	First Seen	Last Seen
	#1 Write - 312351bff07989769097660a56395065	4 B	2023-03-13 00:05	2025-07-21 05:53
Pretty Observations First Seen2023-03-13 00:05 Last Seen2025-07-21 05:53 Times Seen10895 Hash 312351bff07989769097660a56395065 004be89dd9e070ecb080b9b759e5be29ec24881b b2b2f104d32c638903e151a9b20d6e27b41d8c0c84cf8458738f83ca2f1dd744 Loading...

HTTP Transactions (13)

URL IP Response Size

chemicalssmuglyuntying.com/dupa.gif?z=2028244&afid=5743342501296640&cd=24&chm=false&chv=10.0.0&de=0&fdl=1&lang=de-DE&pbc=jCoFVHrQhYu7PYpn&tz=Europe/Berlin&vp=0&wcks=1&bb=0&cti=0&eclog=0&im=1&os=-60&pb=a4a5bc6705d0d427296af3e1dffb0e721737113019&psu=qQGW0nsaHR0cHM6Ly9jaGVtaWNhbHNzbXVnbHl1bnR5aW5nLmNvbS8yMDI4MjQ0Lw&zoneid=2028244&ge=2&nojs=0&t=0&wgl=1&chb=64&chp=Windows&dl=10&ix=0&ls=1&md=0&pbu=FCl6n9wThMG7PYpn&vcn=ANGLE%20(NVIDIA,%20NVIDIA%20GeForce%20RTX%203060%20(0x00002504)%20Direct3D11%20vs_5_0%20ps_5_0,%20D3D11)&x=1920&pf=Win32&febuild=1.0.451&pload=297&psr=0LAD4vZaHR0cHM6Ly9jbG91ZHdpc2gueHl6Lw&ss=1&es=14&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&rlp=[0,0,103.2999999821186,101.7999999821186,17.600000023841858,305.5,166.10000002384186,171.2000000178814]&vcv=Google%20Inc.%20(NVIDIA)&y=953&abvar=0&cha=x86&cnvs=1&fn=3&rtt=50&th=Ii3&psp=0BZFpi4gE2hLmtGYCz4lj31rZz2Qwd1Nz4JFHYGJaz9FJs8SvF7tg1JX_zS4uo2x7SSWEFGqAHq2DIdowvPvuONP7Ya9x2hkeV70QrGV5X2uHICUTr1lbex1kGVJiHDLCHmHUZw7pwphynU07aRwnbkkBEhMAw7QSEjkRpuq_aB8d6sQRsgRYnKz-oqpOe6oA3INiAmNWHHGL6-TlOom0ZOweMxcsT_v_n5FmEF1aYH8zGitNhLmiNuSEuRakbSXr1SzGLcBH7aw9t3LBHQmIQneKGBw93bcurhRMyLmjPsT3eViJHQ1hQx3rj20MvNHVGi8hK9cXf5rMw1i12hXBzBuYG-dF6Nv6ti2I4J4VGskfUBeETNcm28kfEO1SFUBHLpeHVAnz3YpGmq1yQLn_khokq_56-87NyS8dw==&pload=501&rlp=%5B0%2C1%2C154%2C131%2C4%2C183%2C24%2C0%5D

94.242.247.22

200 OK

43 B

URL
chemicalssmuglyuntying.com/dupa.gif?z=2028244&afid=5743342501296640&cd=24&chm=false&chv=10.0.0&de=0&fdl=1&lang=de-DE&pbc=jCoFVHrQhYu7PYpn&tz=Europe/Berlin&vp=0&wcks=1&bb=0&cti=0&eclog=0&im=1&os=-60&pb=a4a5bc6705d0d427296af3e1dffb0e721737113019&psu=qQGW0nsaHR0cHM6Ly9jaGVtaWNhbHNzbXVnbHl1bnR5aW5nLmNvbS8yMDI4MjQ0Lw&zoneid=2028244&ge=2&nojs=0&t=0&wgl=1&chb=64&chp=Windows&dl=10&ix=0&ls=1&md=0&pbu=FCl6n9wThMG7PYpn&vcn=ANGLE%20(NVIDIA,%20NVIDIA%20GeForce%20RTX%203060%20(0x00002504)%20Direct3D11%20vs_5_0%20ps_5_0,%20D3D11)&x=1920&pf=Win32&febuild=1.0.451&pload=297&psr=0LAD4vZaHR0cHM6Ly9jbG91ZHdpc2gueHl6Lw&ss=1&es=14&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&rlp=[0,0,103.2999999821186,101.7999999821186,17.600000023841858,305.5,166.10000002384186,171.2000000178814]&vcv=Google%20Inc.%20(NVIDIA)&y=953&abvar=0&cha=x86&cnvs=1&fn=3&rtt=50&th=Ii3&psp=0BZFpi4gE2hLmtGYCz4lj31rZz2Qwd1Nz4JFHYGJaz9FJs8SvF7tg1JX_zS4uo2x7SSWEFGqAHq2DIdowvPvuONP7Ya9x2hkeV70QrGV5X2uHICUTr1lbex1kGVJiHDLCHmHUZw7pwphynU07aRwnbkkBEhMAw7QSEjkRpuq_aB8d6sQRsgRYnKz-oqpOe6oA3INiAmNWHHGL6-TlOom0ZOweMxcsT_v_n5FmEF1aYH8zGitNhLmiNuSEuRakbSXr1SzGLcBH7aw9t3LBHQmIQneKGBw93bcurhRMyLmjPsT3eViJHQ1hQx3rj20MvNHVGi8hK9cXf5rMw1i12hXBzBuYG-dF6Nv6ti2I4J4VGskfUBeETNcm28kfEO1SFUBHLpeHVAnz3YpGmq1yQLn_khokq_56-87NyS8dw==&pload=501&rlp=%5B0%2C1%2C154%2C131%2C4%2C183%2C24%2C0%5D
IP
94.242.247.22:0
ASN
#0

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

POST /dupa.gif?z=2028244&afid=5743342501296640&cd=24&chm=false&chv=10.0.0&de=0&fdl=1&lang=de-DE&pbc=jCoFVHrQhYu7PYpn&tz=Europe/Berlin&vp=0&wcks=1&bb=0&cti=0&eclog=0&im=1&os=-60&pb=a4a5bc6705d0d427296af3e1dffb0e721737113019&psu=qQGW0nsaHR0cHM6Ly9jaGVtaWNhbHNzbXVnbHl1bnR5aW5nLmNvbS8yMDI4MjQ0Lw&zoneid=2028244&ge=2&nojs=0&t=0&wgl=1&chb=64&chp=Windows&dl=10&ix=0&ls=1&md=0&pbu=FCl6n9wThMG7PYpn&vcn=ANGLE%20(NVIDIA,%20NVIDIA%20GeForce%20RTX%203060%20(0x00002504)%20Direct3D11%20vs_5_0%20ps_5_0,%20D3D11)&x=1920&pf=Win32&febuild=1.0.451&pload=297&psr=0LAD4vZaHR0cHM6Ly9jbG91ZHdpc2gueHl6Lw&ss=1&es=14&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&rlp=[0,0,103.2999999821186,101.7999999821186,17.600000023841858,305.5,166.10000002384186,171.2000000178814]&vcv=Google%20Inc.%20(NVIDIA)&y=953&abvar=0&cha=x86&cnvs=1&fn=3&rtt=50&th=Ii3&psp=0BZFpi4gE2hLmtGYCz4lj31rZz2Qwd1Nz4JFHYGJaz9FJs8SvF7tg1JX_zS4uo2x7SSWEFGqAHq2DIdowvPvuONP7Ya9x2hkeV70QrGV5X2uHICUTr1lbex1kGVJiHDLCHmHUZw7pwphynU07aRwnbkkBEhMAw7QSEjkRpuq_aB8d6sQRsgRYnKz-oqpOe6oA3INiAmNWHHGL6-TlOom0ZOweMxcsT_v_n5FmEF1aYH8zGitNhLmiNuSEuRakbSXr1SzGLcBH7aw9t3LBHQmIQneKGBw93bcurhRMyLmjPsT3eViJHQ1hQx3rj20MvNHVGi8hK9cXf5rMw1i12hXBzBuYG-dF6Nv6ti2I4J4VGskfUBeETNcm28kfEO1SFUBHLpeHVAnz3YpGmq1yQLn_khokq_56-87NyS8dw==&pload=501&rlp=%5B0%2C1%2C154%2C131%2C4%2C183%2C24%2C0%5D HTTP/1.1
Host: chemicalssmuglyuntying.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=25011704249919b2c0aa184394a06a40b3af; ppucnt=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.redirect-pixel
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

GET interestingsomething.com/img/logo.webp

88.211.205.212

200 OK

7.1 kB

URL GET HTTP/2
interestingsomething.com/img/logo.webp
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
7.1 kB (7076 bytes)
Hash
cc742629d5ac722642fe0be8a2d5579c
8c4204da67cb57953211dba5ab5f5f9ff5467634
daef515f1cebec265bda17f64f6a55f478c8990cb4ba8a2b21877d9cdf3a28a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo.webp HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: image/webp
content-length: 7076
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
etag: "6788f58c-1ba4"
expires: Sat, 18 Jan 2025 09:24:03 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

GET interestingsomething.com/img/planet.webp

88.211.205.212

200 OK

8.4 kB

URL GET HTTP/2
interestingsomething.com/img/planet.webp
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.4 kB (8396 bytes)
Hash
d28254e86ff648350e15b06ce3a5f20f
09d9f208f46fc1834df371de4ad7869374addd82
7b3ed125a06c024930aca96f3a67afda25afa7fdfb69f05fefd884e4ef97e962

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/planet.webp HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: image/webp
content-length: 8396
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
etag: "6788f58c-20cc"
expires: Sat, 18 Jan 2025 09:24:03 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

GET interestingsomething.com/img/player.webp

88.211.205.212

200 OK

2.2 kB

URL GET HTTP/2
interestingsomething.com/img/player.webp
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.2 kB (2230 bytes)
Hash
e047ac9b233e2daa9d5941cf9d2c5dfe
329aa52aa8e92da88d973dd8b38fc54420ee4c6e
fc53081c3aa7d8248c34b9d334a38581274c2bfffe61f41fe5d37247403cf0d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/player.webp HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: image/webp
content-length: 2230
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
etag: "6788f58c-8b6"
expires: Sat, 18 Jan 2025 09:24:03 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

GET interestingsomething.com/img/asteroid.webp

88.211.205.212

200 OK

56 kB

URL GET HTTP/2
interestingsomething.com/img/asteroid.webp
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type
RIFF (little-endian) data, Web/P image
Size
56 kB (55802 bytes)
Hash
8f14e4721ca38f5fb2bd9240c3f44c7b
891a7f825e9b62ab136c336135e3bd0b235eb058
91c2c2182c237a298cc0e55c291d0b96117f04c83481825c24c819dcae97025a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/asteroid.webp HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: image/webp
content-length: 55802
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
etag: "6788f58c-d9fa"
expires: Sat, 18 Jan 2025 09:24:03 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

GET interestingsomething.com/css/style.css

88.211.205.212

200 OK

2.7 kB

URL GET HTTP/2
interestingsomething.com/css/style.css
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type
gzip compressed data, max speed, from Unix
Size
2.7 kB (2721 bytes)
Hash
61a80ba5fa1d3ae2207f60934fbe3f94
c172bbd0ea4e4f38ed3a89cebbfae3e24a906ec3
c566c7bc7f3766f56ab942d1b50150e2e76b63f40eb57b090ec190c983dbff2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: text/css
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
vary: Accept-Encoding
etag: W/"6788f58c-24d2"
expires: Sat, 18 Jan 2025 09:24:03 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Bangers&display=swap

142.250.74.10

200 OK

923 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bangers&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint40:E7:4C:FA:6D:23:B6:A9:19:0C:67:77:3A:43:22:D0:A4:CE:49:24
ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

File type
gzip compressed data, max compression
Size
923 B (923 bytes)
Hash
be72b9769f5c99edd8a34663b6c609e6
dcd6c4fbb371b08ab4930cddfec06fb480736789
8204d1f2c2d482be3ea9243bb6845b072b1fea1f392ee640f517712849c0466e

HTTP Headers

GET /css2?family=Bangers&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 17 Jan 2025 09:24:04 GMT
date: Fri, 17 Jan 2025 09:24:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET interestingsomething.com/js/dwl.js

88.211.205.212

200 OK

2.2 MB

URL GET HTTP/2
interestingsomething.com/js/dwl.js
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type
gzip compressed data, max speed, from Unix
Size
2.2 MB (2152651 bytes)
Hash
f4e5227fdd9f077baee00e359fe7228d
6d26bca00f58ed55853a8fc5f6aa2afd8314bbf7
a72f3b0328a43c81d404e70d1192f03e7c317b3d5d0e75af6c9de5d19b64ac04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/dwl.js HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
vary: Accept-Encoding
etag: W/"6788f58c-77a2"
expires: Sat, 18 Jan 2025 09:24:03 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/bangers/v24/FeVQS0BTqb0h60ACH55Q2A.woff2

142.250.74.35

200 OK

24 kB

URL GET HTTP/2
fonts.gstatic.com/s/bangers/v24/FeVQS0BTqb0h60ACH55Q2A.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint0A:7E:C7:68:03:0C:7D:D9:EA:D1:64:B5:09:F0:73:23:7E:07:0A:F2
ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23604, version 1.0
Size
24 kB (23604 bytes)
Hash
1c606ecc10c8d959cc8d693a270bdf1d
2a47ce178cd666479a8037346c8db27eef6bcd2c
8dda284b2884152157e98574f8340cd385a9b6bb2d1fd8179fe990785ec228c8

HTTP Headers

GET /s/bangers/v24/FeVQS0BTqb0h60ACH55Q2A.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://interestingsomething.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 Jan 2025 19:30:34 GMT
expires: Sat, 10 Jan 2026 19:30:34 GMT
cache-control: public, max-age=31536000
age: 568410
last-modified: Thu, 20 Jul 2023 20:47:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET interestingsomething.com/img/logo.png

88.211.205.212

200 OK

48 kB

URL GET HTTP/2
interestingsomething.com/img/logo.png
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
Size
48 kB (47650 bytes)
Hash
7e5b561930e41c8a7aeaa865f0960ab9
e398cfe774429de2ac8b50c98272fd18a969cc6e
8761727fb6316050babd303e42d5a392ff40e71bb4ef2e0907daa1fcfbef4420

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:04 GMT
content-type: image/png
content-length: 47650
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
etag: "6788f58c-ba22"
expires: Sat, 18 Jan 2025 09:24:04 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

GET interestingsomething.com/js/main.js

88.211.205.212

200 OK

10 kB

URL GET HTTP/2
interestingsomething.com/js/main.js
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type

Size
10 kB (10501 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/main.js HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
vary: Accept-Encoding
etag: W/"6788f58c-2905"
expires: Sat, 18 Jan 2025 09:24:03 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

GET interestingsomething.com/img/background.png

88.211.205.212

200 OK

2.1 MB

URL GET HTTP/2
interestingsomething.com/img/background.png
IP
88.211.205.212:443
ASN
#0

Requested by
https://interestingsomething.com/?di={debug_id}&dt=1&dp=1
Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type

Size
2.1 MB (2139865 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/background.png HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interestingsomething.com/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:04 GMT
content-type: image/png
content-length: 2139865
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
etag: "6788f58c-20a6d9"
expires: Sat, 18 Jan 2025 09:24:04 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

GET interestingsomething.com/?di={debug_id}&dt=1&dp=1

88.211.205.212

200 OK

4.2 kB

URL User Request GET HTTP/2
interestingsomething.com/?di={debug_id}&dt=1&dp=1
IP
88.211.205.212:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectinterestingsomething.com
FingerprintDD:8C:0E:E7:11:FE:CC:B7:9C:B7:55:88:A6:FF:AF:63:A2:18:91:14
ValidityWed, 08 Jan 2025 12:28:17 GMT - Tue, 08 Apr 2025 12:28:16 GMT

File type
HTML document, ASCII text, with very long lines (4400), with no line terminators
Size
4.2 kB (4173 bytes)
Hash
978bd4dd147b0830a29848e3c62ee581
75144d7268c950983ee4e360d700c8949fbcb6e0
dcdb2b165ccbbe348c3dbe345a6dcafd9ff731c62b6cb85defa2b18a9f0b06e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?di={debug_id}&dt=1&dp=1 HTTP/1.1
Host: interestingsomething.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 17 Jan 2025 09:24:03 GMT
content-type: text/html; charset=utf-8
last-modified: Thu, 16 Jan 2025 12:03:24 GMT
vary: Accept-Encoding
etag: W/"6788f58c-104d"
expires: Sat, 18 Jan 2025 09:24:03 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size