Report - play.shaokan.shop/filmes.phplogin.phplogin.php

Report Overview

Visited public
2025-01-23 03:18:03
Tags
Submit Tags
URL
play.shaokan.shop/filmes.phplogin.phplogin.php
Finishing URL
play.shaokan.shop/login.php
IP / ASN
172.67.220.104
#13335 CLOUDFLARENET
Title
Login - DEZPILA

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
i.ibb.co	13485	2010-07-20	2018-11-25	2025-01-16	438 B	5.3 kB	91.134.10.168
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-01-22	1.0 kB	18 kB	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-01-22	465 B	4.1 kB	142.250.74.10
api.qrserver.com	73523	2009-05-16	2012-06-20	2025-01-21	494 B	880 B	159.69.246.187
play.shaokan.shop	unknown	2024-07-26	2025-01-23	2025-01-23	1.7 kB	10 kB	104.21.59.87
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-01-22	1.0 kB	144 kB	104.17.24.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-23 03:17:38	medium	104.21.59.87	Client IP	ET INFO TLS Handshake Failure
2025-01-23 03:17:39	medium	172.67.220.104	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	play.shaokan.shop/login.php	ScriptElement	1.9 kB	2025-01-23	2025-04-27
Pretty URL play.shaokan.shop/login.php IP 104.21.59.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-23 03:14 Last Seen2025-04-27 19:32 Times Seen12 Hash bfe25480360fb889920a2bc463359537 03592a7491f8a5bfe447070174855e34039b6f98 5b2d3a9d86e390040c2e6deb4b4710ce4b8488c90a9012741aad3e8c7fa71a98 Loading...

HTTP Transactions (11)

	URL	IP	Response	Size
	GET play.shaokan.shop/filmes.phplogin.phplogin.php	104.21.59.87	302 Found	2 B
URL User Request GET play.shaokan.shop/filmes.phplogin.phplogin.php IP 104.21.59.87:0 ASN #13335 CLOUDFLARENET File type ASCII text, with no line terminators Size 2 B (2 bytes) Hash 23b58def11b45727d3351702515f86af 099600a10a944114aac406d136b625fb416dd779 6c179f21e6f62b629055d8ab40f454ed02e48b68563913473b857d3638e23b28 HTTP Headers `GET /filmes.phplogin.phplogin.php HTTP/1.1 Host: play.shaokan.shop User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 302 Found Date: Thu, 23 Jan 2025 03:17:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive set-cookie: PHPSESSID=ednf30ai5kkaavk41o9hpnjk7p; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache location: login.php vary: Accept-Encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BpttJcCGWZ%2BGCr1Fu%2B%2BTiCCe8uPmv3dpMKVziG8ubuwcAEpAkS9jyviuZVMaJ7VGXQJgLXYXEa60dYOss1CS1qtZQkbTUxIFGoehxZKXXJoJHDrlNWdS5%2Buv5io5wFu4dSfBJQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9064a1c63c5ab4f7-OSL alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=488&min_rtt=488&rtt_var=244&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=418&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

	GET play.shaokan.shop/login.php	104.21.59.87	200 OK	3.2 kB
URL GET HTTP/1.1 play.shaokan.shop/login.php IP 104.21.59.87:80 ASN #13335 CLOUDFLARENET Requested by http://play.shaokan.shop/login.php File type HTML document, Unicode text, UTF-8 text Size 3.2 kB (3162 bytes) Hash 3dacdc3c7fb8bb1d201736249a718a19 5f6e315613094e3a7183c264ef4d40a661eefa48 401950adcbfbb6ee94476038faa14fafa3b2589946ebb4c96a64ee2c65bba33f HTTP Headers `GET /login.php HTTP/1.1 Host: play.shaokan.shop User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Cookie: PHPSESSID=ednf30ai5kkaavk41o9hpnjk7p Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 03:17:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache vary: Accept-Encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4vpOewE8yvgvMANFgqVjoxiQWijawjT18ctRHTudq9UbO4WrM6hkmgfAqKkI1Le9A2vnxFydeGdlDTDzmApTJz3hUF5PE0Osl2oxuKGAlRyhe2nupdIoC7qnQ1H6%2BgvCFb5qVw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9064a1c87d19b4f7-OSL Content-Encoding: gzip alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=498&min_rtt=488&rtt_var=154&sent=4&recv=6&lost=0&retrans=0&sent_bytes=1013&recv_bytes=863&delivery_rate=5236889&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

	GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css	104.17.24.14	200 OK	15 kB
URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css IP 104.17.24.14:443 ASN #13335 CLOUDFLARENET Requested by http://play.shaokan.shop/login.php Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02 ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT File type ASCII text, with very long lines (65317) Size 15 kB (15248 bytes) Hash dfb8fc36e102730fddf78b5494eb0035 b513d9a39af2ee145f12c1ba03f9982960c47029 8d321d88cb97fdedc3189506c25de9292c6e73a60ebaab496243346c6404480e HTTP Headers `GET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://play.shaokan.shop/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 23 Jan 2025 03:17:39 GMT content-type: text/css; charset=utf-8 content-length: 15248 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "620188b3-3b90" last-modified: Mon, 07 Feb 2022 21:01:39 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 562592 expires: Tue, 13 Jan 2026 03:17:39 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EsskZ9K2O7y8JNhmVWzbypGkDZjDksKOjR9aaPy1o9AElbIeOnXJ0Hjh3L%2F%2Fgo8i%2BI6JNFGF5eFvSihY82PmIZoREW5AUQLTn1AvR%2FrIn0iaedIPrc4RqNzaK5DH3sxjOvQLy1qV"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 9064a1cb58870b3d-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	GET i.ibb.co/2qs1vSD/dezpila.png	91.134.10.168	200 OK	5.0 kB
URL GET HTTP/2 i.ibb.co/2qs1vSD/dezpila.png IP 91.134.10.168:443 ASN #16276 OVH SAS Requested by http://play.shaokan.shop/login.php Certificate IssuerLet's Encrypt Subjectibb.co Fingerprint56:71:B7:22:9A:FB:B0:F3:60:DB:D6:0F:6A:5A:AE:4F:0E:BA:48:65 ValidityFri, 20 Dec 2024 16:16:20 GMT - Thu, 20 Mar 2025 16:16:19 GMT File type PNG image data, 124 x 27, 8-bit/color RGBA, non-interlaced Size 5.0 kB (4985 bytes) Hash 22fb4deb54339c4a131fa83cc6fca42a 17ee8e4107302a4bfff75bd78eb30093fb458265 85627582b81993d60378fd039b0fa3cb9cdf0d17461724295f49f26c881f5cc3 HTTP Headers `GET /2qs1vSD/dezpila.png HTTP/1.1 Host: i.ibb.co User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://play.shaokan.shop/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: openresty date: Thu, 23 Jan 2025 03:17:39 GMT content-type: image/png content-length: 4985 last-modified: Sun, 05 Jan 2025 21:33:32 GMT expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000, public access-control-allow-origin: * access-control-allow-methods: GET, OPTIONS accept-ranges: bytes X-Firefox-Spdy: h2`

	GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2	104.17.24.14	200 OK	127 kB
URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2 IP 104.17.24.14:443 ASN #13335 CLOUDFLARENET Requested by http://play.shaokan.shop/login.php Certificate IssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02 ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT File type Web Open Font Format (Version 2), TrueType, length 126828, version 768.256 Size 127 kB (126828 bytes) Hash 297973a488f688271dd223d542ba2697 ed99d812e4c88826335f93acede3fad85c90fb54 1b099f88c06ed0869872561c157f0ec9cbe133a0939d9ece4ee1e1f54bd4683d HTTP Headers GET /ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2 HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: http://play.shaokan.shop DNT: 1 Connection: keep-alive Referer: https://cdnjs.cloudflare.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Thu, 23 Jan 2025 03:17:40 GMT content-type: application/octet-stream; charset=utf-8 content-length: 126828 access-control-allow-origin: * cache-control: public, max-age=30672000 etag: "620188b3-1ef6c" last-modified: Mon, 07 Feb 2022 21:01:39 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 31881 expires: Tue, 13 Jan 2026 03:17:40 GMT accept-ranges: bytes priority: u=4,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CrE0hYEC65urCF8M6L94YS87Ft47tmugZTn4Urq4Eytfra9UfYzVKiZiy7UP2Dk2o7u90OaCCMXx3jeejwo%2F0yypW%2Fdbf3mZ0pcORVQb%2FOsALQOf%2BjhsIVA4O4xYo9vMvIlqmzkc"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 9064a1cd5a3c568d-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri

	GET fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2	142.250.74.35	200 OK	7.9 kB
URL GET HTTP/2 fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by http://play.shaokan.shop/login.php Certificate IssuerGoogle Trust Services Subject.gstatic.com Fingerprint0A:7E:C7:68:03:0C:7D:D9:EA:D1:64:B5:09:F0:73:23:7E:07:0A:F2 ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0 Size 7.9 kB (7884 bytes) Hash 9212f6f9860f9fc6c69b02fedf6db8c3 ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f HTTP Headers GET /s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: http://play.shaokan.shop DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 7884 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 16 Jan 2025 14:37:27 GMT expires: Fri, 16 Jan 2026 14:37:27 GMT cache-control: public, max-age=31536000 last-modified: Wed, 04 Dec 2024 06:53:08 GMT content-type: font/woff2 age: 564013 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2	142.250.74.35	200 OK	8.0 kB
URL GET HTTP/2 fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by http://play.shaokan.shop/login.php Certificate IssuerGoogle Trust Services Subject.gstatic.com Fingerprint0A:7E:C7:68:03:0C:7D:D9:EA:D1:64:B5:09:F0:73:23:7E:07:0A:F2 ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0 Size 8.0 kB (8000 bytes) Hash 72993dddf88a63e8f226656f7de88e57 179f97ec0275f09603a8db94d4380eb584d81cd5 f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149 HTTP Headers GET /s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: http://play.shaokan.shop DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 8000 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 16 Jan 2025 14:18:04 GMT expires: Fri, 16 Jan 2026 14:18:04 GMT cache-control: public, max-age=31536000 last-modified: Wed, 04 Dec 2024 06:53:31 GMT content-type: font/woff2 age: 565176 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET play.shaokan.shop/favicon.ico	104.21.59.87	302 Found	2 B
URL GET HTTP/1.1 play.shaokan.shop/favicon.ico IP 104.21.59.87:80 ASN #13335 CLOUDFLARENET Requested by http://play.shaokan.shop/login.php File type ASCII text, with no line terminators Size 2 B (2 bytes) Hash 23b58def11b45727d3351702515f86af 099600a10a944114aac406d136b625fb416dd779 6c179f21e6f62b629055d8ab40f454ed02e48b68563913473b857d3638e23b28 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: play.shaokan.shop User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://play.shaokan.shop/login.php Cookie: PHPSESSID=ednf30ai5kkaavk41o9hpnjk7p Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 302 Found Date: Thu, 23 Jan 2025 03:17:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache location: login.php vary: Accept-Encoding CF-Cache-Status: BYPASS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZK0WdkSjr0u7GoX2MCak7Jhy7vfw8sMAvxuo2r0GyB3iqkGvd7Bakdeo32aYI36WoylG1tsDlT9po0LEf%2FZ1lIdhVaNqgCCCE%2Fl4OrypjKQt2fDi7vPMMOVcmH%2F8Chsyec10OA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9064a1ce3ed3b4f7-OSL alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=559&min_rtt=488&rtt_var=129&sent=9&recv=11&lost=0&retrans=0&sent_bytes=5131&recv_bytes=1265&delivery_rate=8644776&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

	GET play.shaokan.shop/login.php	104.21.59.87	200 OK	3.2 kB
URL GET HTTP/1.1 play.shaokan.shop/login.php IP 104.21.59.87:80 ASN #13335 CLOUDFLARENET Requested by http://play.shaokan.shop/login.php File type HTML document, Unicode text, UTF-8 text Size 3.2 kB (3162 bytes) Hash 3dacdc3c7fb8bb1d201736249a718a19 5f6e315613094e3a7183c264ef4d40a661eefa48 401950adcbfbb6ee94476038faa14fafa3b2589946ebb4c96a64ee2c65bba33f HTTP Headers `GET /login.php HTTP/1.1 Host: play.shaokan.shop User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://play.shaokan.shop/login.php DNT: 1 Connection: keep-alive Cookie: PHPSESSID=ednf30ai5kkaavk41o9hpnjk7p Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Date: Thu, 23 Jan 2025 03:17:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache vary: Accept-Encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FaJgdMBftTj%2FFq65imph3ZVr569EVM3fcK9%2BzMjfWWNZ9V0dbEyPDcVEQcTM3YP1rO0dZP1OIio6pmYO%2FBxgpWNRpPEHapV6IhkVaBoEOB9p3TZxcaEa7UHrzRXjVztrTAQrxw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9064a1cf5f75b4f7-OSL Content-Encoding: gzip alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=556&min_rtt=488&rtt_var=79&sent=12&recv=14&lost=0&retrans=0&sent_bytes=6092&recv_bytes=1665&delivery_rate=8644776&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

	GET fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap	142.250.74.10	200 OK	3.4 kB
URL GET HTTP/2 fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap IP 142.250.74.10:443 ASN #15169 GOOGLE Requested by http://play.shaokan.shop/login.php Certificate IssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint40:E7:4C:FA:6D:23:B6:A9:19:0C:67:77:3A:43:22:D0:A4:CE:49:24 ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT File type ASCII text, with very long lines (3448), with no line terminators Size 3.4 kB (3376 bytes) Hash f60383f75d3c59288502995e4d03d33a 6e9a984a1350d87319096ebd0376c791f195c2b6 6e8538ba4f581a84da88f651c4b04d820c8236f98b2204d1bf67c39f5a37ce9b HTTP Headers `GET /css2?family=Poppins:wght@400;500;600;700&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://play.shaokan.shop/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Thu, 23 Jan 2025 03:17:39 GMT date: Thu, 23 Jan 2025 03:17:39 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET api.qrserver.com/v1/create-qr-code/?size=200x200&data=http%3A%2F%2Fplay.shaokan.shop%2Flogin.php	159.69.246.187	200 OK	490 B
URL GET HTTP/2 api.qrserver.com/v1/create-qr-code/?size=200x200&data=http%3A%2F%2Fplay.shaokan.shop%2Flogin.php IP 159.69.246.187:443 ASN #24940 Hetzner Online GmbH Requested by http://play.shaokan.shop/login.php Certificate IssuerLet's Encrypt Subject.qrserver.com Fingerprint8D:A2:28:D0:75:0C:A6:A2:F8:82:1F:01:20:BD:B5:EE:FE:47:01:C4 ValidityFri, 06 Dec 2024 22:44:11 GMT - Thu, 06 Mar 2025 22:44:10 GMT File type PNG image data, 200 x 200, 1-bit colormap, non-interlaced Size 490 B (490 bytes) Hash e40043ac611ff28773fd0303b339af5c 52d4eccc867361d2e277009b0a185f9f5eb094e6 2eb8b7d30b25d7f6c291336c32a1c102fe78d55f588cf43f10479d6fb7ef2f30 HTTP Headers `GET /v1/create-qr-code/?size=200x200&data=http%3A%2F%2Fplay.shaokan.shop%2Flogin.php HTTP/1.1 Host: api.qrserver.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://play.shaokan.shop/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Thu, 23 Jan 2025 03:17:40 GMT content-type: image/png access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT access-control-max-age: 7200 access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Origin, Authorization, X-Requested-With, Client-Security-Token X-Firefox-Spdy: h2`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL User Request GET

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers