Report - agreements2.city/invite/i=79

Report Overview

Visited public
2024-06-22 03:05:09
Tags
URL
agreements2.city/invite/i=79
Finishing URL
agreements2.city/enter/register
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
young paradise

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
agreements2.city	unknown	unknown	No data	No data	5.8 kB	597 kB	188.114.96.1
ocsp.sectigochina.com	unknown	2019-10-20	2022-02-25 07:42:56	2024-06-12 14:18:51	333 B	964 B	172.64.149.190
b.yzcdn.cn	425969	2014-12-08	2015-07-08 11:30:49	2023-10-23 14:59:32	430 B	9.8 kB	154.85.69.56
matrix-client.matrix.org	167763	1994-11-02	2019-10-18 17:57:30	2024-06-19 15:33:32	547 B	859 B	104.20.77.252
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-21 18:12:54	2.0 kB	5.3 kB	23.33.119.57

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed
2024-06-22	medium	agreements2.city	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	agreements2.city/js/chunk-vendors.8ac7a571.js	ScriptElement	949 kB	2024-06-02	2024-08-19
Pretty URL agreements2.city/js/chunk-vendors.8ac7a571.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-02 00:22 Last Seen2024-08-19 21:03 Times Seen119 Hash 9e1e041b5e361ec5b10e0c6e1fb70f56 0b7fcd6a05530bc31474e681c6011adc5f1e59a3 999799beeb23ab6b8963a5ca3c2b88e3c61c547e974df2d80ce8e170110a73c2 Loading...

	agreements2.city/js/app.6a1e32b2.js	ScriptElement	132 kB	2024-08-19	2024-08-19
Pretty URL agreements2.city/js/app.6a1e32b2.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 19:13 Last Seen2024-08-19 19:13 Times Seen1 Hash c9157c94bff04bd600cf4d0d4a4325d6 a1d58d93d6fd7ebd5627879254118d2287b05193 f925c47977ff241e862d0aa44aec2202060884ab6065267c4f67649ddabc43ab Loading...

HTTP Transactions (20)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6d997a3e4c838d12e34de2dd2d4208c3
386abb53e2df86f291b6a86765d9a6feb88ba30b
32e00abd54407308b80a14e2916a119d95d90b1e7842f8cf0e87df306287869c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32E00ABD54407308B80A14E2916A119D95D90B1E7842F8CF0E87DF306287869C"
Last-Modified: Thu, 20 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9897
Expires: Sat, 22 Jun 2024 05:49:39 GMT
Date: Sat, 22 Jun 2024 03:04:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c0fde0756f59aaa5fa85a62f5f528e74
3c2d990e14054ee3b407cc37d77e255533d91ed6
ca44d6619deb0e020993a84c6bfbf1993bf096b13863b706dc8a826499348276

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CA44D6619DEB0E020993A84C6BFBF1993BF096B13863B706DC8A826499348276"
Last-Modified: Wed, 19 Jun 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3063
Expires: Sat, 22 Jun 2024 03:55:45 GMT
Date: Sat, 22 Jun 2024 03:04:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5a3268763aa8247d09e7b12f8a157bb5
fbddec6e9fb707501596ca331266c50e77e23f5b
6095004cca6c22ee09c33dc58574519973f162bb1ee183856ed65675281d551c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6095004CCA6C22EE09C33DC58574519973F162BB1EE183856ED65675281D551C"
Last-Modified: Wed, 19 Jun 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4671
Expires: Sat, 22 Jun 2024 04:22:33 GMT
Date: Sat, 22 Jun 2024 03:04:42 GMT
Connection: keep-alive

GET agreements2.city/js/chunk-vendors.8ac7a571.js

188.114.96.1

200 OK

268 kB

URL GET HTTP/3
agreements2.city/js/chunk-vendors.8ac7a571.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (51759)
Size
268 kB (267692 bytes)
Hash
9e1e041b5e361ec5b10e0c6e1fb70f56
0b7fcd6a05530bc31474e681c6011adc5f1e59a3
999799beeb23ab6b8963a5ca3c2b88e3c61c547e974df2d80ce8e170110a73c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.8ac7a571.js HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/invite/i=79
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 22 Jun 2024 03:04:43 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 19 Jun 2024 12:12:14 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WM1r3rc7BBH4eEM8zOvr2ZqBD5etBsLOcuJs0UP8WgWq9iR6QjvniVrvxZffYEglfQjYHC9El8EzWC2Zbor0sUxDHpdwiMQu9%2FBO38T%2FceuiOwspDaPi26NceLrN5qVkD4%2BC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 897903372f32b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

agreements2.city/socket.io/?EIO=3&transport=websocket

188.114.96.1

0 B

URL
agreements2.city/socket.io/?EIO=3&transport=websocket
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://agreements2.city
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dCbczm70GwYRTfOKIEgTGQ==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sat, 22 Jun 2024 03:04:44 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Xtgm4exkwkwJfstrk68uasMvapo=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mHr6ahjcWdSRsUMpGpcNNnGafXd6CdL7ZhboK5HchI540Of1Smb1R1IUpiJR9S0yg2CW%2FYHpJ9vuF0g8NRwbv4aHpcV0dnUsaz2FhsZqatt0x453byAchTNUX2%2BlgMXm7pai"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8979033b9d76b505-OSL
alt-svc: h3=":443"; ma=86400

GET agreements2.city/img/icons/apple-touch-icon-152x152.png

188.114.96.1

200 OK

4.0 kB

URL GET HTTP/3
agreements2.city/img/icons/apple-touch-icon-152x152.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type
PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced
Size
4.0 kB (4046 bytes)
Hash
1a034e64d80905128113e5272a5ab95e
92328e60f63d690f33cd4961b9934a539dc29b82
4d9685d610c4411caadd8d36ce94d3303cf5b05c8e04d67fc232c16a4469a135

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/apple-touch-icon-152x152.png HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/invite/i=79
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 22 Jun 2024 03:04:44 GMT
content-type: image/png
content-length: 4046
last-modified: Wed, 19 Jun 2024 12:12:07 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 552
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8aQOIjnTL0%2BvjRYNUTqbpvikSUkDd2kEQv6owctWhsiDVxyyTC2cXwsEoePfB7R8%2BBwdEdure4AnfIb3nLZ5YU7I5%2FDrxOOR7W9PfasapVUb8cXUyUcdMlINQJIB6w9XSsfY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8979033d897cb518-OSL
alt-svc: h3=":443"; ma=86400

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10433
Expires: Sat, 22 Jun 2024 05:58:38 GMT
Date: Sat, 22 Jun 2024 03:04:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10433
Expires: Sat, 22 Jun 2024 05:58:38 GMT
Date: Sat, 22 Jun 2024 03:04:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10433
Expires: Sat, 22 Jun 2024 05:58:38 GMT
Date: Sat, 22 Jun 2024 03:04:45 GMT
Connection: keep-alive

GET agreements2.city/css/app.17a7b113.css

188.114.96.1

200 OK

13 kB

URL GET HTTP/3
agreements2.city/css/app.17a7b113.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type
ASCII text, with very long lines (14222), with no line terminators
Size
13 kB (12786 bytes)
Hash
8b0859d461b189652a7529712d86b63e
2f34635d9c31e6209408e7cf43807b83528ca384
376fcb9a0073142eb7142ad813c71ec0046c8ee684c7b6b3da3eab8ea650345b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.17a7b113.css HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/invite/i=79
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 22 Jun 2024 03:04:43 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 19 Jun 2024 12:12:04 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cen0MZLwd8ST3gjajHpSEsPq23UfIpWVSe6gMAhlztrXjXl%2B%2BQvtUt5XI5%2ByN%2FU59MyAcWyu8dmGjVKLzw1i3x2UdZMXeJ1DXGtxXRwQQaDd1%2FSFgRlGRgFgEhUZ%2FmIPlgXD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 897903372f35b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.sectigochina.com/

172.64.149.190

472 B

URL
ocsp.sectigochina.com/
IP
172.64.149.190:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
54ddae2fa0c0d6b8798e1b2cd9a2d127
7d5fa91a59470ca9a35dc076a1f9ad1b6094ad58
6dadea7750e5e7d74b9a6f99fd5226c7c5a6b7a67ac4b4a14c6ca33ae5259d05

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigochina.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 22 Jun 2024 03:04:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 19 Jun 2024 12:42:46 GMT
Expires: Wed, 26 Jun 2024 12:42:45 GMT
Etag: "7d5fa91a59470ca9a35dc076a1f9ad1b6094ad58"
Cache-Control: max-age=380773,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 89790342ae1b56c1-OSL

GET b.yzcdn.cn/vant/icon-demo-1126.png

154.85.69.56

200 OK

8.9 kB

URL GET HTTP/2
b.yzcdn.cn/vant/icon-demo-1126.png
IP
154.85.69.56:443
ASN
#139057 LEGEND DYNASTY PTE. LTD.

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuersslTrus
Subject*.yzcdn.cn
Fingerprint6A:A8:BA:7C:D4:B4:86:0B:74:EB:E6:19:C8:69:2E:8B:13:6C:1E:1B
ValidityThu, 09 Nov 2023 00:00:00 GMT - Mon, 09 Dec 2024 23:59:59 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
8.9 kB (8886 bytes)
Hash
f87c46f346a5548224ccbe0b6bd75df5
8e8b8bd4ba3e6b6c8557d94a726061fdd62492fd
b6304eb9b754d38d3ad74d0acce42c156536840351368ed3e4895a6b50cd9370

HTTP Headers

GET /vant/icon-demo-1126.png HTTP/1.1
Host: b.yzcdn.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 22 Jun 2024 03:04:45 GMT
content-type: image/png
content-length: 8886
server: openresty
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: X-Log, X-Reqid
access-control-max-age: 2592000
cache-control: public, max-age=2592000
content-disposition: inline; filename="icon-demo-1126.png"; filename*=utf-8''icon-demo-1126.png
content-md5: +HxG80alVIIkzL4La9dd9Q==
content-transfer-encoding: binary
etag: "Fo6Li9S6PmtshVfZSnJgYf3WJJL9"
last-modified: Mon, 26 Nov 2018 11:08:05 GMT
x-reqid: YyIAAAASg9geDiAX
x-svr: IO
x-qiniu-zone: 0
x-log: X-Log
x-ser: BC5_dx-lt-yd-zhejiang-huzhou-3-cache-7, BC165_lt-obgp-fujian-xiamen-33-cache-1, BC132_IT-Lombardia-Milan-1-cache-1, BC46_DE-Frankfurt-Frankfurt-11-cache-4
x-cache: HIT from BC46_DE-Frankfurt-Frankfurt-11-cache-4(cloudsvr)
X-Firefox-Spdy: h2

GET agreements2.city/js/app.6a1e32b2.js

188.114.96.1

200 OK

132 kB

URL GET HTTP/3
agreements2.city/js/app.6a1e32b2.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type

Size
132 kB (132452 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.6a1e32b2.js HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/invite/i=79
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Jun 2024 03:04:43 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 19 Jun 2024 12:12:10 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V427a1NLsjiIrs2UTxWQQlo5lyYwoBwm11FEQxhU3KbFx3O7OoAtgbcR8IDWpgSh4tqZvV2NJl8kXhN0DLThwZ%2B0pVUH%2F7JRXwv5LoD71jsKMKLc0n2MVi84tasOanTGuOD5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 897903372f33b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

POST agreements2.city/invite

188.114.96.1

200 OK

0 B

URL POST HTTP/3
agreements2.city/invite
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /invite HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 17
Origin: https://agreements2.city
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/invite/i=79
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Jun 2024 03:04:44 GMT
content-length: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IQmdk4I%2FWaq%2FBeLyXv5IfooE%2FTfQaAxZeCLh85WPTWB9oHKyMgKnS4vQqJ8W97EuAKtX7ier8UyigL201d3nxnuasmBsW%2FVDS88yKmP4Pmir%2FmjtAfaKG60HdSEo6mPRZUqq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8979033a0851b518-OSL
alt-svc: h3=":443"; ma=86400

GET agreements2.city/socket.io/?EIO=3&transport=websocket

188.114.96.1

101 Switching Protocols

0 B

URL GET HTTP/1.1
agreements2.city/socket.io/?EIO=3&transport=websocket
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://agreements2.city
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dCbczm70GwYRTfOKIEgTGQ==
DNT: 1
Connection: keep-alive, Upgrade
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sat, 22 Jun 2024 03:04:44 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Xtgm4exkwkwJfstrk68uasMvapo=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mHr6ahjcWdSRsUMpGpcNNnGafXd6CdL7ZhboK5HchI540Of1Smb1R1IUpiJR9S0yg2CW%2FYHpJ9vuF0g8NRwbv4aHpcV0dnUsaz2FhsZqatt0x453byAchTNUX2%2BlgMXm7pai"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8979033b9d76b505-OSL
alt-svc: h3=":443"; ma=86400

GET agreements2.city/getlog

188.114.96.1

200 OK

12 kB

URL GET HTTP/3
agreements2.city/getlog
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type
JSON text data
Size
12 kB (11802 bytes)
Hash
f2aced0091b0463eb693df609bbc290b
a7ab7d8479923b1fa359e09c4fb002d0d3988736
f0d607c3532c8fc7bc4bb7212b33ac120055967a52037cb23596d9868c5e9f22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /getlog HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/enter/register
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Jun 2024 03:04:44 GMT
content-type: application/json; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NnBOz7PlSKnwOgunLiST%2BKVu38CRLJ0n6R3wntNtibCjUBxMhKLpjnR7dylrTLmcq7IMvFOusGL6v3jXfljRgN2dJ26AC6WGE0BsOVTzV9Brxf5fWlBnp81%2B4%2B0qH3opvdxb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8979033b58bcb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET matrix-client.matrix.org/_matrix/media/r0/download/matrix.org/mswTKZaoQtJwDDtGwVnQXWci

104.20.77.252

404 Not Found

0 B

URL GET HTTP/2
matrix-client.matrix.org/_matrix/media/r0/download/matrix.org/mswTKZaoQtJwDDtGwVnQXWci
IP
104.20.77.252:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerLet's Encrypt
Subjectmatrix.org
Fingerprint95:53:E2:B9:11:52:CA:D3:E5:8C:B6:CC:4B:C2:49:BA:AA:23:50:96
ValidityFri, 31 May 2024 05:08:05 GMT - Thu, 29 Aug 2024 05:08:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_matrix/media/r0/download/matrix.org/mswTKZaoQtJwDDtGwVnQXWci HTTP/1.1
Host: matrix-client.matrix.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 22 Jun 2024 03:04:44 GMT
content-type: application/json
synapse-trace-id: 6ee232e194b034bf
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, Date
access-control-expose-headers: Synapse-Trace-Id, Server
cross-origin-resource-policy: cross-origin
content-security-policy: sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; media-src 'self'; object-src 'self';
x-content-security-policy: sandbox;
referrer-policy: no-referrer
cache-control: no-cache, no-store, must-revalidate
permissions-policy: interest-cohort=()
cf-cache-status: BYPASS
vary: Accept-Encoding
server: cloudflare
cf-ray: 8979033becbd568d-OSL
X-Firefox-Spdy: h2

GET agreements2.city/img/icons/favicon.svg

188.114.96.1

200 OK

2.5 kB

URL GET HTTP/3
agreements2.city/img/icons/favicon.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type
HTML document, ASCII text, with very long lines (2684), with no line terminators
Size
2.5 kB (2522 bytes)
Hash
f5aa8bd1ab994889e344a2697161db90
5601eaea5343d7d660aafc906bbe8742b94b007e
3a19f29f6dabc7bfde5577118cb9c6e1ea4e839951a09bb8fb3d5660461b1d6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon.svg HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/invite/i=79
Cookie: inviteNumber=-1; username=; hasLogin=false; tier=-1; password=; userId=-1; hasGuide=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Jun 2024 03:04:44 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-cache-status: HIT
age: 2905
last-modified: Sat, 22 Jun 2024 02:16:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v0QjSW%2Bjtnd9quBjaSEM%2BJtBq5FiYNt8%2FI5n7%2F7acIQEFEOrCva8QQH4IK200ctiuE5K03oC9jpV%2Fmjsw9L3aItdt4JN%2Bt%2F5qO6%2Fx%2FjqgcCyi9SS3dgims42ISUH9571kYg4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8979033d897eb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET agreements2.city/invite/i=79

188.114.96.1

200 OK

2.5 kB

URL User Request GET HTTP/2
agreements2.city/invite/i=79
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type
HTML document, ASCII text, with very long lines (2684), with no line terminators
Size
2.5 kB (2522 bytes)
Hash
f5aa8bd1ab994889e344a2697161db90
5601eaea5343d7d660aafc906bbe8742b94b007e
3a19f29f6dabc7bfde5577118cb9c6e1ea4e839951a09bb8fb3d5660461b1d6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /invite/i=79 HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 22 Jun 2024 03:04:43 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IGM6rlmUn8zti4RpVYXkgyimmYphemp1Im2i0OEcSAhKqLfKGcAkbtcJv%2FCzRQd6ZNxNiTWR%2BtVyDUS7%2BVdSSxZyY9HWtdw9R0RN81ArNvjnRd9VLjHZvV0wCM37PWvN6m5K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89790334dc4eb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET agreements2.city/css/chunk-vendors.c57533e1.css

188.114.96.1

200 OK

156 kB

URL GET HTTP/3
agreements2.city/css/chunk-vendors.c57533e1.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://agreements2.city/invite/i=79
Certificate
IssuerGoogle Trust Services
Subjectagreements2.city
FingerprintB2:87:1B:FA:2B:44:45:F6:2C:AB:FE:D3:93:5E:D6:DC:5C:06:0B:F9
ValidityWed, 19 Jun 2024 00:56:47 GMT - Tue, 17 Sep 2024 00:56:46 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
156 kB (156544 bytes)
Hash
ebfffebc1f62c3be51082e6595a0a005
e278fbd6fd48150b3f366b50ed388983d934978c
f5ce9e73e1f7cea326eedd4f39d9b2d703ba4ccb31a6078cdc1fb16481298a32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-vendors.c57533e1.css HTTP/1.1
Host: agreements2.city
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://agreements2.city/invite/i=79
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Jun 2024 03:04:43 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 19 Jun 2024 12:12:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2906
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yIrFvdDb3la9qALLX1CQmLxGJCf8j%2BEbBalbCbnJAM7LcoFnNsrmS2DIgPcmrP45DQeDdQyKp3kUMdEpRvMDE8PhwO%2BSkolkurfVl5E1AapSxwDoXjpzwFJQpMNmIPipaQ9T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 897903372f34b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP