| pqwmrjcb.nesipay.xyz/img/style-img/logo.png | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/style-img/logo.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 616 x 90, 8-bit/color RGBA, non-interlaced Hashc632e6bfd0076695e56477bdb3f7232c 5b4212f029814b5dfda946ac5e5a6ba97857feb9 86ccbc1dbeb58af3e6bce5ee52f86a47399da998ad34a0fd2ce9b0b539d92f6c
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/style-img/logo.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 8314
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sun, 07 Apr 2024 19:48:20 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wD%2FZB%2BaByyo1xv7r%2BqGkqiVHerp8HWsLHm5eB3%2FIO2RkrcIOmVYd4sWH55pxWQAdAo%2FeEssVMIBvRFwYGRh77NNkSGoIiv%2F2zOfTQWkwMitRn%2BWP43mVSy%2B6y%2BvIVBZyCQnPFuIdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5690faeb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/13.png | 188.114.96.1 | 200 OK | 27 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/13.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hashf7fe5c4e5201f6c374790ff63ab1d9c2 2f975f0e1d72482aa95eacff80fc3e8012f96bd1 a6953e7160ff85adbc62fd0822a84e176da59adddb707d97878d8e16b433c3d5
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/13.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 27153
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 15:22:32 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Krvrp9PPeJX9Cl0fUhIQ7aMFbNiUkHiESBwK%2BJNjGP9ffXG8ZVrwr6mNDdy7KVtoNcHuIyIj7smv%2B93kqvCgW1y5r9LvTdn5j3I0ualwfxbRJgHYsSokhcsEWBVLEBT29PJy23DXPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5690fb4b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/lazaheader/1.jpg | 188.114.96.1 | 200 OK | 136 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/lazaheader/1.jpg IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=843, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1230], progressive, precision 8, 1230x813, components 3 Size136 kB (136434 bytes) Hashab78339058792ff165716e4d914d6beb 685f6c0ed6ab0d7edc312670ab706a7e510fb2bf 4dca977be24b92f273e2d2f70be3a4b240598fa430868cd3c722412d25560020
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/lazaheader/1.jpg HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/jpeg
content-length: 136434
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 22:48:38 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8192WvW5LHtimd9D16bv5tJKXju5Dhw0JMdtXmOF2vok%2BXo3Fq7fSCITev8FdThDTXwmoYmCaZfjoSOKglh1O7B0onsDHlzXVDwCHv3KMj18rwLiVNbW740%2FtU%2BJCV3irupqxI%2Bcnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5690fb3b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/tokens.png | 188.114.96.1 | 200 OK | 5.5 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/tokens.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 135 x 130, 8-bit colormap, non-interlaced Hashc17d58c98659f3829c4a29a44b737861 53fd8ba7e57e6dcfcbc40b469320b21bf777cbea a20b9d4d4ba5d014e36e326e4f04f5a4a8c1d37803858ba4388b10b12e9177ac
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/tokens.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 5474
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:41:52 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tgVGoHJJoAaJswtIMbbaTpRsERS8QC5RI8RH7xLbgXcs3azyKqQ8bo%2BlzqVGOR7nhvDZYPfij%2BVpvOGuoBHygyOYSDXvnsLY4m1PJ01kKDiMRsOlBxXHBpnVkf%2FHBr4UoG6PcYRxRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5690fb5b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/14.png | 188.114.96.1 | 200 OK | 48 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/14.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hashcf9f3dcff142de34ed7237a74da63346 6ecbc226d694657315385d7e5d10972c63c95c01 ee124edd06d48cc3b3516ef157993cb978d17aa19daba55d3364bcd2feced1bd
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/14.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 48314
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 15:22:22 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IwX8bQRlQNku7maqj%2BFGMGgDwklRxXLprUnsVbgUY5pvWMvWOsMWFBIJWtcxIOVo%2Fp4yranh84Mi4GKfnQR57B3sv4oA7rWywwg1JyuaD%2BPnx08v0fe1AWPg0gFEdtpRzbx5jsZlmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5691fb9b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/15.png | 188.114.96.1 | 200 OK | 37 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/15.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hashe4e417e121ebea4226f0620eb9752cac 3f2702efce570e531ca910282f9b63de4b3f6be7 e6ba2604c1867e3ee296bbc4d834572f7c1328cd60060b8983908f4871743d10
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/15.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 36956
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 15:22:32 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vlYceScNMma%2FPAirK6PKEEihNg0TFz5SeeP6bdrlkcgFm6v%2BRuYNPmlQYNi1PWlIV7Yk8FOXNGWRv0uxFFLHn6YagxI3VgqFqTpHi9qDRBfeu1iwaqo24qhH8LqcxjMYHKx4ejPv2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5692fbcb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/16.png | 188.114.96.1 | 200 OK | 35 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/16.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hasha33a705c2b41fadb89023ede7dc7c97b 2d0a585f6294b01d0928e6fb16d7eed5f1275b35 1f9348d57a1b31f7ae485250f4c8d2ad35badc798336bd34b85f0ec3f4dcdfb0
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/16.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 34998
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 15:22:32 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TFWgCQStXAFcPqwd3mFNbPsoKLET%2B2Xpbo63jgZ%2BwDwA1Ri%2FPoXdKJIxlqZbJqi3VRNrigrEGJknYTqa5CP1zq6XrT7e5I%2Fv%2FL90wtAMgqoQjb%2BvK%2FXgdyipwGV6zZLv37C2IuaacA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5692fbeb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/17.png | 188.114.96.1 | 200 OK | 35 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/17.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hashfd0b87d27d0e1ccf23c9d2171636aecd 9eba0c7733f8b950df6a1d87f3ab7bfad39ff91d ba2d33be643cd9d151862d8f9465c52bd44f88c3826e06c9f8d06ae98f803aa6
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/17.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 34934
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 15:22:32 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fnYHD3%2FiD16C8uE8JMa6mjJ2ZZU0VO%2Fnhp%2FT%2F2Y0xJoRpn3NHVlJR7eoB%2F5dA8dvhPLtk%2BxQJppKQgCIdwDh0F60RBibWF0yWAPdGD1jmo6NyiE4RXCdvqJYCCRbcAUBtKbXBcQhBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5692fc0b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/18.png | 188.114.96.1 | 200 OK | 28 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/18.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash9266980f6008837076845fcbe7444d76 6e6eba3b578f08df611271021be468c274cf999d 7be6e754d03baca4401aefb28d0786e7e158881b6617e17998901bad8e1da6b0
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/18.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 28326
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 15:22:32 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eFPev70CLPHCQTDakkn8YS5SYknqPwx%2BqDUCbI7LcarKAx8wPvD08KL%2BtTn9JYJH2xzmE5b6e68du9BR8YA97n2Z6pESL4td3YS0mPFpCwKd6dMXT8oJlsIyguRZ%2BnL36WLg1xng2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5692fc1b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/8.png | 188.114.96.1 | 200 OK | 27 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/8.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hashb1c27165cb7e5759e4aaec691a201fe2 9c9ca79f23a92d149ce2eda361757660ac5fc3e6 5dad5d4de54205ac90ed8344999b76c6dc5e0abe8d6fbc832d427e5a07016b0d
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/8.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 27424
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 11 Apr 2024 14:58:38 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbiFetdJ4mg9L5Kx11rsv4DkTmhiIV%2BYi5a9wYuEIOWZ%2BsMT3PmC%2BBlMMRVwjqIy8ohBVDllTfWKwdMjuMv2MNoVaYKGUrxHgpIe0r3LicyzID%2BdOjjeV%2BfDfis0cT4CLctPwLKNpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5692fc2b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/7.png | 188.114.96.1 | 200 OK | 29 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/7.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash3c8185e0bf8dae95bb466d08a6e3fef7 33b7322b64a4706203aca6e76388e43f0c339633 0e935acaa77b1029af26f03b1f07a0801ad12c5a199f7eea70742734f86944ca
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/7.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 29087
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 11 Apr 2024 14:58:38 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pbbwDgdcf4VdkN9PXwi2P5fZMtOdu1yWUZ0PI4XWVZUC8sRTXtm84l%2F4WZlJxlr5%2FiM%2Bg374x8K%2Bli82VPYmxhevZ7aqc2UA4LhXiBFz9l7W4jrygckwliNjjgmbfNKkcl2hWi2Vqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5692fc3b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/9.png | 188.114.96.1 | 200 OK | 20 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/9.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hashb410ef15f7ea730dece54bb388b87b5d f787794f2d6888b49598e5c083465efa056e9d9f 9838a3cc3165a18e05de09e15c4b24c7ecbc71ccb1639bf40aa7977de41a2677
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/9.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 20314
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 11 Apr 2024 14:58:38 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=igcYYFAZWb3OlVde7aFngvyt1B5m87UYud4fwnkg54ID%2FDD2qXnkL5q%2BN0ct8GAHKeMPYsTowYxDmJqmeF2yZJ%2FCnX%2Bo6kgjhCedbYWYcZcByYrreI2Jm9mzyUV7kJIQshz%2BV%2B6lxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fc9b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/10.png | 188.114.96.1 | 200 OK | 50 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/10.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash56a9f4ba3999c21028cbf67822c50d49 909b90b76ad223051df1ccf1e347d443e9a6d76d 81a925407e72cedc5ca601b18b9ddb580add8f34e82911fe9c129924414703d9
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/10.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 50507
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 11 Apr 2024 14:58:38 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DRpfDen%2BWoeY1AG4tzhC8o%2FWwSO2KGKuybZJS9xkivQqDs1LpjjDkh43SoIlORG%2BAXIq1MvM5JPE9eDeUWsRHPNd8%2FK0FmzskDJBhOqbl8YS3Bs3h%2Fzph1iqjvJGMMq3sGro3xzcZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fcab518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/11.png | 188.114.96.1 | 200 OK | 30 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/11.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash0de33516662d5aeceaf915c41d77299c a69c2e046be20762c21ba36b6df9297631398ddf 12c0f85b8b970c40d9b64eb3c3a93f1e27ad74d61ef02d16a9d8e43a7edf3aa4
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/11.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 30228
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 11 Apr 2024 14:58:38 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RLOHs%2BYqM%2F%2Bg%2Bp3eVe%2BFn2XGY19xhQCyua%2FNvtRtTK3ES0NkguSHpFWJ55la0Y%2Fpko1JCdp1zeVXWuhXtZcIIzi8cR9YrJZMeg6VobHqOmDQBn8GpinvLWaHZob8xbVsAR1SHDqbow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fccb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/12.png | 188.114.96.1 | 200 OK | 42 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/12.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash01173abc84a50d5d89e74560cb3d1ea7 d5a45df53d51b8d36eb78d180a037d24e6634f7d b6f93a49e7f8b5ab56fda7fc22acaae71db1d73fae2ab8e04f5e85c0e155fe0c
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/12.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 42000
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 11 Apr 2024 14:58:28 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Q%2BN2FuQSamuTa9HFy%2B7iJBJ%2BpGQDL6vsEJY71muCWyC6JdQwNAkJkmFmOGvjrv%2FDntJawTtZnrZD9eLGUNtkjAU1cVJF0JKOyPjN7vateZFBOD5SPTTW6s4mamY6Gj4YgUNPBG3HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fcdb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/1.png | 188.114.96.1 | 200 OK | 40 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/1.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash8eccb06acd079ed87a81e1ba4c5fb51b bdf771d7c1955435ae169452edac3a06595d6e52 3d1af8c094a018432c4795352e04b080c6be43e11a1a3e140464d38270869aee
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/1.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 40320
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:43:18 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hd7Qyp53TkquRdGJTEnH2uLnXkvQ5pky%2FkIYIuPyjVNOk1pbjYbFSt9e%2Bwkx%2B8%2BY4bZnV2Gnug1HsHI1VbiYQ61Qaqw%2B2JWrjwDPPmrq8Vc3K4MDNAm7kc4PtgesqJGI5UbSi62FMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fceb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css | 104.17.24.14 | 200 OK | 5.8 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css IP104.17.24.14:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashe9365fe85b7e4db79a87015e52c3db6c 2e2b5eb6e08f0f3d11fe0ada97c962a23ba6a0d9 dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
GET /ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/css; charset=utf-8
content-length: 5845
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed9-1149f"
last-modified: Mon, 04 May 2020 16:12:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 379425
expires: Fri, 25 Apr 2025 04:02:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74voaJ196uo1KNfh3zMMzTj996TKTSsjAbqkscjaonipaCYE6fln0xXAKhz28a8Ltn9svJySe%2F4NR7FFTwnk6TgfLzhtg81IlCcEwJw945wHoT29e0BOPqoEjS1tdMfB%2Bihp9sTD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87edd569ea1556c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| pqwmrjcb.nesipay.xyz/img/reward/5.png | 188.114.96.1 | 200 OK | 33 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/5.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash508cb0ee03f707be4fed00ffdcc9d5d8 cbdcb399b28be93cd229361371b45ae9bc6456f9 8fe82750c2a910db3a8fad44394a957b2fd34e01b6dac5b59a6cf2288944a642
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/5.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 32686
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:42:36 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FeaUBMbgRy3LeLMVTa825HzzCiKzrKhMYTKfCoqC7%2F1vbYZcYy9kTdxSKvENlacJjSlG7mE5BfDnWWGVrVtwOeAAWLLxoB1n3gOEe0C7xD799MRH2LcrDVZXzBtfzvuTbsEO1WS59w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fd4b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/6.png | 188.114.96.1 | 200 OK | 26 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/6.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hashc23c6a39b3b2936cc8ad04a6dfc5077c f3f6d96235efeb75d17b8be20f67c59183e781b9 d3a188e5280ae801dcd1a6d0b93b9428f5f37ccfa105292878dcb413920e9bbb
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/6.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 26069
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:43:20 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=11JiSU0%2F7L2vgEHQ91GKxRy%2BPk1G5LngT4KjUFjHpaYIydte2jL3S%2FZgqwWlG%2FRQtfPFoJpdAKo3c6zUqOKieMO7N1BkIO6%2BUFcrL3i3oPf%2FeJdLVOKhicJp2ZDbOM56y%2B%2Bsu%2BLpvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fd5b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/style-img/facebook-text.png | 188.114.96.1 | 200 OK | 12 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/style-img/facebook-text.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 604 x 158, 8-bit colormap, non-interlaced Hashc8469979cfb24192fc638efb7784a921 ff2f9c8fdb233dc3bfabd2ecaf11cbb70791dfa3 0cb512d932e3ad625dfb6c1ae0d47e1dfafecdf31c9c7fd9c9677c95bf31efb5
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/style-img/facebook-text.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 12239
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 30 Nov 2023 06:01:46 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dpfK%2BTk2yeHrtaQ894mb1B3xbQhbeah%2FIsNnS5iawSvx5Pgq2SZwHtKBVvxL9HKQRfA011KpCQcdG6AHhXRITaQp1KLja06KgZJqTBA7xNEhbVgOjxMeIqKS%2BYzNGBBZ08XsNaFZ5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fd6b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/style-img/icon_2.jpg | 188.114.96.1 | 200 OK | 9.6 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/style-img/icon_2.jpg IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeRIFF (little-endian) data, Web/P image Hashe595d05f92349dc2b5aa37164ae376e7 f4ed874d1fceb5eafb7bd5c213715e683fff690f 50cb8b539efb773ccb042e5f18ed308f2d99418e6974603bfe6d39b48659970f
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/style-img/icon_2.jpg HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/jpeg
content-length: 9604
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sun, 07 Apr 2024 19:48:16 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qsX6RqNnV3UySsB1hh0XcIFBIUrFFwPj44exGnDo3zD%2BUf2etgsqW3JdOesG3NlBW33og0dPRgO3dPfvBwcaY4fMAHsupMsQ6UupVNY%2FJbQ8MWLkLtP0MgqnXEQqtSGRVGZnyVdKcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fd7b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/style-img/icon_fb.png | 188.114.96.1 | 200 OK | 4.5 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/style-img/icon_fb.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 512 x 512, 8-bit colormap, non-interlaced Hash8552ac3c41b10ae9e7f13d95e845a35d 86715d70cf7fada24e9d5e6647135f8678e923cf 3963edc509012e07abe8e5e3955a1793a21cadbc706859f1a299779b4289115a
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/style-img/icon_fb.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 4538
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 30 Nov 2023 06:01:46 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BSQfL0dFwICFDTaDA68Nu2uz7C0fHFPHsU7q%2Fjjqqkk9YVB7L9aUUkxy7TdqtDWvRe5SHVHYOSs8me4YsaxWPBn24uqR5sP%2FBNngzebjACF%2F6IjG76A0GPBX43iYsXj%2BIMJvUmIhfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fd8b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/logo.png | 188.114.96.1 | 200 OK | 11 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/logo.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 459 x 138, 8-bit/color RGBA, non-interlaced Hashf77fe97fc8f4d06fd93eaf7552c4a3e9 c73f03f3e5a9f460eb83e10ae7312738a36ce720 b695d33c5ece1af9739e89855c4cc718fd6e9550528009ee5ff644cac193cb41
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/logo.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 11185
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sun, 07 Apr 2024 19:48:24 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iyd2jqDNw61CX5nxY2tFAkjQlFNQ0t44Km7fFQ3bcn%2B71LBHMNA2bFMQ128%2BTt6ZoHe0%2FOzGMWJQ2NpxTIwdN6JWtSORDG4dzfZGQEuZ0CEYLibvzvI%2Fh8sg4Sx55ysTpmkdjeIjxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fdab518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/loadlogin.png | 188.114.96.1 | 200 OK | 61 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/loadlogin.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=761, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1501], progressive, precision 8, 1501x761, components 3 Hash3c5ebcea20aab3ab02a1846f3d43a039 7007048b6538caba8eb09f7abb3d79406ebeae96 5131f5f1c5377a4b4fb0f7a1fbd3fc3b10acc2f27a8cf7687fbb21921ec799f4
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/loadlogin.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 61444
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Wed, 10 Apr 2024 01:11:06 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MS910barvlAbONFfIaDrTIQV0Vmt9JimrP14O%2FJRdJDkFqvwiGh7SrZw3mIp7OEKOeiHV1MFA7U77BE9RCfMMRNv31ELB%2F6u9L9XJ%2FnCSdplvwNfETxBg4%2F1XVwQD%2BCFDXdAl4rFvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fdbb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/popup-close2.png | 188.114.96.1 | 200 OK | 358 B |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/popup-close2.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 30 x 31, 8-bit colormap, non-interlaced Hash14f983708ddeb2052c1756e3d79f7031 56d439d66495faa3a784b161d044f6edb853f8ac 47b6e3288d9def65b44f0ac0ea8a5e45cc77aa1b934b85aab003cd9076e1ab1c
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/popup-close2.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 358
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 02 Jan 2024 20:50:44 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qAQkVxug%2B3xmtUY2w4rCR1U%2FRwoq00539LNR5NjnSv68wBx2r25shZdmQBclhceLs3TGSahptYB0TrED%2F7hh1Adpxu0Te5Ugi9My8nlpIQFaRormrV%2BPNF9m8qEwoMVbkuoOAyuQIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fddb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/2.png | 188.114.96.1 | 200 OK | 39 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/2.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash423823958a4edbfa60934173462bfa9a 15a2ff7301156ec0fd660cb358208e5aeff4bfb8 a33f4104ba666f0c0c7a87bc1c193c5695fc59d4cf03635ebebe011f0c529615
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/2.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 39163
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:43:18 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2FHLw7LhyLTCUrit2ZUAMD8ejt4KpiC5IQsDifCZxLKyWk3BYulgqkFh5JiPVdgEC47G%2B1EAC%2BUJIZ1HCosqWMoxBCnN5%2FEEZ0vIDAtkqWh1C4vwZw%2F5BLni2mIiELL8oqmpDbpu1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fcfb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/3.png | 188.114.96.1 | 200 OK | 37 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/3.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash364602f07b223249dd1cc3adf088dec6 3ffc76f4f90f10f88e43da1fc1a1b088d60228a3 ac565c70ee52d4a94dbab5074e99f01425daff977a491a4986a917d7bfe9d4dc
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/3.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 36702
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:43:18 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n5DNZNigDyjol3X4Yr8k1cdcYlBT0DrVlJOcVc3xirYl622uL3kD1V5%2Bt9fWsQeqjCmgLHJvUCVcywBITfK3Vgv5ex4IWE1zyvp4qkQdqCAUtzjO30HyDdpONZzfp7wsPNX5BhyVSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fd0b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/reward/4.png | 188.114.96.1 | 200 OK | 48 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/reward/4.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 480, 8-bit colormap, non-interlaced Hash67ccf3ec8df38ab63a0bb81b021457d8 d7020c150b2d48aa000bdb0e7cdcedf00a8a1f9f 70112e24957d4f6ed29be6e863c9af129fac70971157c18b355d36753903c2a3
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/reward/4.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 48040
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:43:18 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14357
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ww4Pgvxo8cuLjCITIIAqgJ1ER9cOmKzdtMHuCmHXk%2BIkbSG9cul%2By6B%2F%2BgTrhBcJ9RRXgipDtD1wC%2BCikbOKCii4u6zYMUdzg13jVpkoV63%2BUXjSws797RNr8auA5r7HA6Mel68tQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fd1b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css | 104.17.24.14 | 200 OK | 19 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css IP104.17.24.14:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (52276) Hash5222e06b77a1692fa2520a219840e6be 8b4236206a8b86af3761a244277663046d7ff7ee 0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5
GET /ajax/libs/font-awesome/6.4.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/css; charset=utf-8
content-length: 18778
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64cac444-495a"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 383725
expires: Fri, 25 Apr 2025 04:02:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLV7jUJCDifZqzyONJ9YhvP%2BDKXOFhzZHNasjog2z6nErpQy6GoEBwLJUH%2FOGI09CxqpgoElj%2B2WwxTl7xWKZc7TcEZcXeCK2j28SYEyxVREiDSLfETggHwf169DFhfZOzAhNqY3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87edd56aea8656c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| pqwmrjcb.nesipay.xyz/js-zone/debug.js | 188.114.96.1 | 200 OK | 0 B |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/debug.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/debug.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/javascript
content-length: 0
last-modified: Sun, 14 Apr 2024 00:13:42 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KY6zBnK6P7FPndlxa1n9IWgOVOlYSnHd4UiNSfO0RcNCVHrjMpecEZuWy71FgPapryfCnshu11Ei9eG%2FoIdvJvHY2kpbHrOKg3EE3x%2BIgHRm8%2FlaO1a61SvnpAZLTfBTpuXA2cC1CQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd569a81cb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| code.jquery.com/jquery-1.10.2.min.js | 151.101.2.137 | 200 OK | 33 kB |
URL GET HTTP/2code.jquery.com/jquery-1.10.2.min.js IP151.101.2.137:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32072) Hash628072e7212db1e8cdacb22b21752cda 0511abe9863c2ea7084efa7e24d1d86c5b3974f1 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
GET /jquery-1.10.2.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-16bb3"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 05 May 2024 04:02:12 GMT
age: 20081127
x-served-by: cache-lga13622-LGA, cache-hel1410024-HEL
x-cache: HIT, HIT
x-cache-hits: 1, 21756
x-timer: S1714881732.365642,VS0,VE0
vary: Accept-Encoding
content-length: 32788
X-Firefox-Spdy: h2
|
|
| i.ibb.co/PYpHF6b/Twitter-Show-Password.png | 162.19.58.161 | 200 OK | 28 kB |
URL GET HTTP/2i.ibb.co/PYpHF6b/Twitter-Show-Password.png IP162.19.58.161:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerLet's Encrypt Subjectibb.co Fingerprint0C:8B:6F:2F:B8:9F:91:1E:3A:DD:B1:1B:45:47:B4:65:FD:56:73:3D ValidityMon, 22 Apr 2024 06:29:44 GMT - Sun, 21 Jul 2024 06:29:43 GMT
File typePNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced Hash2fd203703821d5ce5d18bee2a51b779a a78d7b1369ce8bc34de57909af142043cae446f0 6b82611fa96f118128b0db9692dd982ca0fe79b1b4d8048946880600cc4f97c8
GET /PYpHF6b/Twitter-Show-Password.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 28355
last-modified: Tue, 17 Jan 2023 04:04:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| i.ibb.co/pZDr8sd/Twitter-Hide-Password.png | 162.19.58.161 | 200 OK | 28 kB |
URL GET HTTP/2i.ibb.co/pZDr8sd/Twitter-Hide-Password.png IP162.19.58.161:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerLet's Encrypt Subjectibb.co Fingerprint0C:8B:6F:2F:B8:9F:91:1E:3A:DD:B1:1B:45:47:B4:65:FD:56:73:3D ValidityMon, 22 Apr 2024 06:29:44 GMT - Sun, 21 Jul 2024 06:29:43 GMT
File typePNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced Hash8d1f08b46884df302bf7300fc234832c 5735d57b6fa211c400d439095d5ff2f5bb57e691 e4cff1f68b85c3343554090b3479273a54e5eed2dbb3e56ceb9f86c4ebe8b0e7
GET /pZDr8sd/Twitter-Hide-Password.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 04:02:12 GMT
content-type: image/png
content-length: 28029
last-modified: Tue, 17 Jan 2023 04:04:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js | 142.250.74.74 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js IP142.250.74.74:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (32180) Hash32015dd42e9582a80a84736f5d9a44d7 41b4bfbaa96be6d1440db6e78004ade1c134e276 8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 23:43:21 GMT
expires: Fri, 02 May 2025 23:43:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 188331
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js | 142.250.74.74 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP142.250.74.74:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (32061) Hashe40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 11:39:23 GMT
expires: Sat, 03 May 2025 11:39:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 145369
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js | 142.250.74.74 | 200 OK | 33 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js IP142.250.74.74:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeJavaScript source, ASCII text, with very long lines (32089) Hash397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33018
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Apr 2024 07:15:23 GMT
expires: Wed, 30 Apr 2025 07:15:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 420409
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| dl.dir.freefiremobile.com/common/web_event/official2/dist/client/img/full_logo.969f536.png | 54.230.111.38 | 200 OK | 8.3 kB |
URL GET HTTP/2dl.dir.freefiremobile.com/common/web_event/official2/dist/client/img/full_logo.969f536.png IP54.230.111.38:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerAmazon Subjectdl.dir.freefiremobile.com FingerprintD7:4C:09:C2:7E:90:38:EA:18:D7:59:E0:F8:87:98:CF:8A:74:D3:D9 ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT
File typePNG image data, 616 x 90, 8-bit/color RGBA, non-interlaced Hashc632e6bfd0076695e56477bdb3f7232c 5b4212f029814b5dfda946ac5e5a6ba97857feb9 86ccbc1dbeb58af3e6bce5ee52f86a47399da998ad34a0fd2ce9b0b539d92f6c
GET /common/web_event/official2/dist/client/img/full_logo.969f536.png HTTP/1.1
Host: dl.dir.freefiremobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 8314
server: OBS
date: Sun, 05 May 2024 03:58:28 GMT
x-obs-request-id: 0000018F46E7347494101CE334A81743
content-md5: xjLmv9AHZpXlZHe9s/cjLA==
x-obs-replication-status: REPLICA
accept-ranges: bytes
last-modified: Wed, 10 Apr 2024 03:54:58 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSVNTj1OTyB0IfZeMKgRNpzY3sirgXsW
etag: "c632e6bfd0076695e56477bdb3f7232c"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7RCA9sK0zQdDkKka_jz-mRAKAW8hhzJXTR0vnjbBLR9EzBsxSsmiMQ==
age: 224
vary: Origin
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 | 142.250.74.106 | 200 OK | 1.4 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 IP142.250.74.106:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typegzip compressed data, max compression Hasha1345cee6d1ea13d83b554b421153d00 8dfc400f65c0ea4988956ce166824a1918e6de3c 941e9817219c5094de18ad98c9ecca0e349a5927025a16a4aadd41256d43ea31
GET /css?family=Roboto:300,400,500,700|Teko:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 04:02:12 GMT
date: Sun, 05 May 2024 04:02:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pqwmrjcb.nesipay.xyz/img/lazback.jpg | 188.114.96.1 | 200 OK | 106 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/lazback.jpg IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeJPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1720, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1000], progressive, precision 8, 1000x1241, components 3 Size106 kB (106514 bytes) Hashbebd7a9618ed1d6f43858fae13cde0d1 719b7701b28a9a9ee6e50800f9bcde561f1f61fe 544d5b2da4c18c200c75426693dce7718a201213581c6aa1338b84dc78e7beee
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/lazback.jpg HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:13 GMT
content-type: image/jpeg
content-length: 106514
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 22:50:28 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14358
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VgQS8uXPCB%2F26ZagqPStrO1jGgjrmVFVvjXfQCWRratJoWhBJvyfrTlhCRrFaAPo3n8yUyLtHc8VAMuuNk7Ao6uzjfV1FZ%2B2UhZReOxTpaW0rx42KpDXI0okM4j8G5snwg9lTdeJoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56f4b1fb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/bg_tip2.png | 188.114.96.1 | 200 OK | 2.4 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/bg_tip2.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 294 x 60, 8-bit colormap, non-interlaced Hash40404540e54d9542385df6a5727e29ea 36652283d4ee3c000e9d9b55da32a038c7086b87 eb1db53403215fd75df47e8584881adc54ec61aa248e50ef837f0102e633e533
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/bg_tip2.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:13 GMT
content-type: image/png
content-length: 2427
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:41:50 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14358
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C3wWw4PfLjPocDTio0HEjlHEes3Rgv8Q%2FP4dOUsken3R7fZGSlB48WNQdm7tSHm61RyELxVR4OZ8lpPIeHY1xdhNrCv4dYblheiB5Hbf1FLWdqa2QMf7Hnv6DGH0GFzst%2Bl4djWm2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56f5b25b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/priv_laz.png | 188.114.96.1 | 404 Not Found | 6.8 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/priv_laz.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash8150f458ed6fb9b1db4e5cfa57a1a281 6e5726854d28687b560d7fdcb5c782c425c7dfb9 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/priv_laz.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PGz1Uf1ayHHnhoAK5dRgHMP3muH3IOlTOLwaa74CE3si4zBm%2FtK0tIIh5M0M85%2BXw3uXxG6rX%2BqPeFspnQIHZd3lSGDLxjl1PHm%2Fa23K0ySb8VfbvvtaaJj8hXSeg3B4QzoQZs3scQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5693fdcb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/button.png | 188.114.96.1 | 200 OK | 6.2 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/button.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 480 x 161, 8-bit colormap, non-interlaced Hash0f7d208c792091d6563778aff3dba1ab f54a03422a36c19539abb66ce1cefae33c0b6349 68bc45702f83c903e5dc38293221981ebe1810133b36e31db62e8959402ccda3
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/button.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:13 GMT
content-type: image/png
content-length: 6166
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:41:52 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14358
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sk2ltV7t2WN0ne431OK60eo1L8OOH%2FyXSnFRpZj3wOkrktjywT5Gfk279IR1TaZ51gogpcdcmi2LdfN6IAIW1HtAwqoGrYJjcMc1YMhywLNnkZdLZeQ9O%2FN5%2BSbnrL%2BXuLUnyNAfMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56f7b34b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/point-card-bg.png | 188.114.96.1 | 200 OK | 51 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/point-card-bg.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 408 x 480, 8-bit/color RGBA, non-interlaced Hash9ffa7e32544eb9c5982c66dd17447420 eb3e6450ad419e171da378a9eadf1ce672233376 0c2fdda7e58cab78fe8b7307e2d1a535d638fd5c61a1f0d64824e4b3bb8c8c7c
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/point-card-bg.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:13 GMT
content-type: image/png
content-length: 50640
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 13 Apr 2024 22:51:22 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14358
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZJwtn6rAZO7qMUgWKPfBxViAodEiMxtW9noXgCVknb7hsPIn3Cj4O0DKVX8%2B7tYcggYibzgiXTtvstO1kPLLhBR7jpHrCqEjlOAq9qtq23Cb3RVKLf3i8uMaO25nK3FtQBisI3e8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56f7b32b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 | 104.17.24.14 | 200 OK | 150 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 IP104.17.24.14:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 150020, version 772.1280 Size150 kB (150020 bytes) Hashd5e647388e2415268b700d3df2e30a0d 97f0942c6627ddd89fb62170e5cac9a2cbd6c98c 886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9
GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pqwmrjcb.nesipay.xyz
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:13 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150020
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-24a04"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 379284
expires: Fri, 25 Apr 2025 04:02:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WPsdHLUtO5wZN8nYINfMtPjafFE3OeTCltg7iOngmGu7J83Fe5Bf23EEFUynOxm37eSXcR7gdFL%2FTJiFHAIU%2B28SK15sI0raOWvz0tCb451VAgJ%2F0DKNoy01prCGPdrGJZf6Z9I5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87edd56fbff7568d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/fonts/laza.woff2 | 188.114.96.1 | 200 OK | 22 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/fonts/laza.woff2 IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 22220, version 1.0 Hash345579e8566a3dd6dc9feb5362fbe7e1 df075dd0c26e72fd7df19948f07904c1eaa72ded 1d0dfcc32b3be2bf3b3dbc371e9b7c5ce205f4bc6f7c8ce0226256cc7064c3e4
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /fonts/laza.woff2 HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:13 GMT
content-type: font/woff2
content-length: 22220
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 04:02:13 GMT
last-modified: Thu, 30 Nov 2023 06:01:44 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7l1L0D1aimxOCeZDHLaCkK50S8iE794%2BWQT1Ura9loBESPcHO3TbF5FuAD9yjczYZ27mKB7DZjPwNup42cmmy%2FBEVrDw1xAhtLCxj8fUvfCKP949hThSJOGz4bRuRyCjmuIJ0xaBaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56f7b35b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.pubgmobile.com/en/images/nav_language.svg | 23.36.76.227 | 200 OK | 675 B |
URL GET HTTP/2www.pubgmobile.com/en/images/nav_language.svg IP23.36.76.227:443 ASN#20940 Akamai International B.V.
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerDigiCert Inc Subjectwetv.acc.qq.com Fingerprint5C:D9:77:1B:16:32:99:FE:C5:2E:BD:E3:86:D8:71:22:B0:1B:6A:3F ValidityMon, 30 Oct 2023 00:00:00 GMT - Wed, 30 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashd8ba211bb1be1a15bf5b0143ca1b009a 215203609a551dcaccf6e434508623f302635f86 a441182568ad88fa9c54384de94a77f64148d3d54df66ea1beff4a11100967c6
GET /en/images/nav_language.svg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/svg+xml
last-modified: Mon, 21 Mar 2022 13:24:18 GMT
etag: "62387c82-45b"
accept-ranges: bytes
unused62: 8096267
vary: Accept-Encoding
content-encoding: gzip
content-length: 675
date: Sun, 05 May 2024 04:02:13 GMT
akamai-grn: 0.df4c2417.1714881732.1d331d2e
X-Firefox-Spdy: h2
|
|
| www.pubgmobile.com/en/images/nav_menu.svg | 23.36.76.227 | 200 OK | 426 B |
URL GET HTTP/2www.pubgmobile.com/en/images/nav_menu.svg IP23.36.76.227:443 ASN#20940 Akamai International B.V.
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerDigiCert Inc Subjectwetv.acc.qq.com Fingerprint5C:D9:77:1B:16:32:99:FE:C5:2E:BD:E3:86:D8:71:22:B0:1B:6A:3F ValidityMon, 30 Oct 2023 00:00:00 GMT - Wed, 30 Oct 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hasha1f09c4f5c87271dbccf8cb05885ad42 18bbacc9c372dcb6bc77c2475595e058c1ad1594 b0d849e0e910d13bcdab1e94f5c799dda1a9429c908e18069f9dc7f7d551d58a
GET /en/images/nav_menu.svg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/svg+xml
last-modified: Mon, 21 Mar 2022 13:24:18 GMT
etag: "62387c82-374"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 426
date: Sun, 05 May 2024 04:02:14 GMT
akamai-grn: 0.df4c2417.1714881732.1d331d2d
X-Firefox-Spdy: h2
|
|
| freefiremobile-a.akamaihd.net/common/web_event/common/images/ff-logo-icon.png | 23.36.76.115 | 200 OK | 1.4 kB |
URL GET HTTP/1.1freefiremobile-a.akamaihd.net/common/web_event/common/images/ff-logo-icon.png IP23.36.76.115:443 ASN#20940 Akamai International B.V.
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerDigiCert Inc Subjecta248.e.akamai.net FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9 ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File typePNG image data, 71 x 61, 8-bit/color RGBA, non-interlaced Hash7829ec7999775865a662468dd7e96117 d2dda88c46098945bfc1282724aa86478acddc10 049490ddf516d0c066e4245937065d8ff549ecddfd0f6ebe55891960627c86e8
GET /common/web_event/common/images/ff-logo-icon.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185EE9543439542F10037BFF7CD
Accept-Ranges: bytes
ETag: "7829ec7999775865a662468dd7e96117"
Last-Modified: Thu, 04 Aug 2022 12:29:56 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSZdaWuzpmM2O+ItUV06oDUJbNs22WV8
Content-Length: 1414
Date: Sun, 05 May 2024 04:02:14 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
|
|
| pqwmrjcb.nesipay.xyz/js-zone/sender.js | 188.114.96.1 | 404 Not Found | 1.1 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/sender.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash8150f458ed6fb9b1db4e5cfa57a1a281 6e5726854d28687b560d7fdcb5c782c425c7dfb9 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/sender.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eSfQqquTkRZwu21c6KWFs2%2FQw6yGz7bR9klRbTVFm8kJr4hcpQDS1RhFxigQpU%2Bbf3jKTbmXSMmEdkHC1Mq8BMQh%2FS6SYmKhuEg31J%2FRUO0YAlT1ERUExevL7%2B3yo044yb39ed7sFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd569a81ab518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/slogan1.png | 188.114.96.1 | 404 Not Found | 3.0 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/slogan1.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash8150f458ed6fb9b1db4e5cfa57a1a281 6e5726854d28687b560d7fdcb5c782c425c7dfb9 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/slogan1.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YL%2B0a46vtnGlB2X5WykDkc1AxF82SOcErikwZ9sSV8uyF%2BFXiM3KmwdtrHK8MRkaU6vN5QPcF8uMZqFfLyUyQuFvFKZFXQpftV2uWF%2BvyrJBZb1w2yrZSMEbf3QabEEyloTUYjCg3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56f4b23b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/js-zone/gift-zone.js | 188.114.96.1 | 404 Not Found | 6.0 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/gift-zone.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash8150f458ed6fb9b1db4e5cfa57a1a281 6e5726854d28687b560d7fdcb5c782c425c7dfb9 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/gift-zone.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOs50MY1UFkgeTh%2F7z%2F9esawjLE90JYriXaNA4y8QFBx8mwKgm3ZR0o4fsNspI53Q%2BMPH%2BVqCvOrIXIuE3GenSoVl3VzUpiFCvydhCOpuGjlX%2FnB02HwwfD5%2Fus5tqNstJScWr6c%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56ffb69b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/media/spin.mp3 | 188.114.96.1 | 404 Not Found | 14 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/media/spin.mp3 IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
Hashf616509ee0b466ebf7673d5bb9a9deec 27bd253795652af98f3ca182eae7200335d45aa8 74051364a85c572404af05c073f26b91e90a4164b7b43e4ff15ba691e5ffca6f
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /media/spin.mp3 HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ipjxnX%2Fe4FdCbhH9UHU8fNRmSt%2FRjKUzRJyO7afsLjTXxbgxgkuElufQPD9S0DK7fJbL3AVPWY7iIx4iAP8LUgPClJo71CmxJI48%2FOF0q6G5HF6ge%2BDuNAqmJ07Dt2sJMuZ8Nf4zMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5717c15b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/js-zone/gift-zone.js | 188.114.96.1 | 404 Not Found | 11 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/gift-zone.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash8150f458ed6fb9b1db4e5cfa57a1a281 6e5726854d28687b560d7fdcb5c782c425c7dfb9 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/gift-zone.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CwzAC5dSPogzSh6tKBnMN94WDzvW78f57HBOc8L7QA6ThvESVZDmyBFn1rA9VTunoGRCMB2x%2Bg%2BxIWg9AJO4wqH%2F81X66VrLPSmRzHJGUx%2FA29Itd75RIVqLy%2B%2FsyLgLV5y7VVyNlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd569a816b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/css-zone/twitter.css | 188.114.96.1 | 200 OK | 4.7 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/css-zone/twitter.css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (5055), with no line terminators Hashd520cdc9018f0ee4be1c1277d903c9db 18ae5e599ea88303486d6b4dbc9ef5a665e1c015 73ed00e997937833b9d8f57619a092c0af363de7bc652473bf78e4e9e7177152
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css-zone/twitter.css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sat, 10 Feb 2024 08:54:56 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cs0eH6nEdf5IaJmn%2BZwpxGLIzIFCXTbXyJlZY0ZkUQFdslxoGgMKm1f6IBxYluCJ7hzB51CXH3WQWyB2G9poAcejZSPRjZzeVwklrS69%2BmkSZtsd4s0TxiqbHfeRdi%2BFfLcWt6zgIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568cf92b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/js-zone/flaglink.js | 188.114.96.1 | 404 Not Found | 1.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/flaglink.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/flaglink.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3K6zCjdXJDLfSNrHD%2Fg0O1vzz2yhMnZlLOWiUG5Mn9uPgMJRP4eJXqamebV9ATdOpV1U9BPbev01INd2UPnOuf6Rw1HKLgvfrdvUCovgCS9Z6Yane8HZBiOh3s6ihvROGG%2FUaAO6xw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd569a818b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/css-zone/zero-zone.css | 188.114.96.1 | 200 OK | 5.7 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/css-zone/zero-zone.css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (6256), with no line terminators Hashb2db0a1d00aca4ab104b0d3219f0c0f4 80ca3f52aaa169a81470265ade8046f0eaf30ba4 6766f0bb99ab8a5ce93f6e29314d42f85b9683b8c42cb60e85e249ec29e1cace
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css-zone/zero-zone.css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sun, 21 Apr 2024 22:26:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4vtpf6p%2FN0XfjU4btMm929lD5ZDheMDuozm%2BfryEA37P%2Fs8rIJbD47tjJsnEwbX%2FOqQZJ97cGHoHH4TEh7OPgtQ2IQvaYMr7AdYu0qumyBYS7p7I%2FYqQFr449sYVWM0k55hLxjbhMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568efa1b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/css-zone/facebook.css | 188.114.96.1 | 200 OK | 4.1 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/css-zone/facebook.css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (4392), with no line terminators Hash3c7f233e917b62865a60bb9f2382987a 4cd08955ccf7bb6da28940b8585d9b7d0ee52e21 04664361ca8f2a282390f27c8d7dceb86b0e43f7e0b9f42bd51d0b1f54021a3b
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css-zone/facebook.css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Thu, 11 Apr 2024 05:36:38 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FQdr%2F61iEGtecj8pcggwaSHFXsTf5i4IbnxP1vM79B4XjZYN%2BcCN0SclzyNC8OOHopXvoSsJJZM6cocsTDe0sIt%2FGpzq43WmZsHM7czalxTIzoUAo7EpO2B1t0ehNwHlMqLqvwM6Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568cf90b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css2?family=Teko&display=swap | 142.250.74.106 | 200 OK | 1.2 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Teko&display=swap IP142.250.74.106:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (1182), with no line terminators Hash517c67874f6f9ada9c4283fe962de9cf 3ef9577a3d48a4d102dbad75e10bc5563e08d81f 6a843b3e563cf2b17bbb15e15041f252e7524deb41991c4a2ce088b0e1c7f29a
GET /css2?family=Teko&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 May 2024 04:02:12 GMT
date: Sun, 05 May 2024 04:02:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pqwmrjcb.nesipay.xyz/js-zone/lazcode.js | 188.114.96.1 | 200 OK | 69 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/lazcode.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashde4a7681dffe0d4647e098e39113ac38 b3400595282b92b109566477be6765b4b29cbfdc 606033e26217432c2f12eca59ed597cbac39b19afbd4a86ff3124b4f0d0657d2
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/lazcode.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/javascript
last-modified: Sun, 21 Apr 2024 23:19:24 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zYBbE7cvDAfEyi65B6zwiNTr0I%2FYQbZQaDx8sEAAOW%2B%2B9fiId6Oq0t92iky7LcRVPUkwuluMWN0I0PQqUG%2ByD%2FUGR9m4A4at4KZUPndi1lgT6sh4vuj0dDa1GeE2Y83etw4H992dYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd569a817b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js | 188.114.96.1 | 200 OK | 1.2 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1271), with no line terminators Hash40d981045a7516cdadd00e8dccc9c58d 8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3 71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 15:20:25 GMT
etag: W/"66310c39-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BVM616qEeIaABBJVQBZlYPhkaW6hxCeERIXo6QsQ6tQAe7UAYhftSWPAa7LVEUWH87B6t1XbgxZARwWyY4IMVFocgAtDeof1epggrifzKRXTFtZen%2FLgXslnzgm1Q887kREc%2FVGr4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd569a81db518-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Tue, 07 May 2024 04:02:12 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| pqwmrjcb.nesipay.xyz/img/bg_tip3.png | 188.114.96.1 | 200 OK | 6.2 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/bg_tip3.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typePNG image data, 691 x 91, 2-bit colormap, non-interlaced Hash19cc6d96aa7c032152f1b060b3bc6cf3 6f0d220ce43ace6f262c7218f640e92a83691f6e 933d6f824b96dbcf45f827e574f2c21ff6317ce5d4de874c4f948a91acbd724b
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/bg_tip3.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:13 GMT
content-type: image/png
content-length: 6187
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 09 Apr 2024 19:41:50 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14358
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JaD6vSKvq4lG%2BXqa5G0euiN7WknEojPrIBektdAzygfFtBWBMqdq9pe3dTrrjytuosSsrHDe%2FxNkOoRZgCLV5HFszu57FWZyC4CgVKBYfZYo33WK7%2FvV%2FxQtg91EA0m7wP%2FY9Y0ARA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56f5b26b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/media/close.mp3 | 188.114.96.1 | 404 Not Found | 1.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/media/close.mp3 IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /media/close.mp3 HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YGdw7%2FfDqxaSbdv7Ns0g5IZupmx%2B1X7NkaqiEg2wJNIppYHUqDGltMlWYdzu9BpVrRyquVWINc%2BKv0gfyZ31ublO14rK7CoM7k15DpHKJ6mAUaJIyTOh%2BH1%2BkaHxN1m8PVLJkuaJwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5717c1db518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| | 188.114.96.1 | 200 OK | 91 kB |
URL User Request GET HTTP/2IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET / HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HM3ScWzB4nSZvbMx8QWC92AVgH7j5Z8OdOV7FFsBJ3zxcfxlF9fUFYWUl3kcamyvHYOjMoN6TbdT0XqhapSISmzJQudqiT7CYvlhqVI5OWy7PU5%2FgPU0PzIbt9C7bQLRz2XXylbOxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd563fd5556c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| pqwmrjcb.nesipay.xyz/css-zone/flaglink.css | 188.114.96.1 | 200 OK | 15 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/css-zone/flaglink.css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (14748), with no line terminators Hash28e08cc393a5126b1f15d03289ea48e2 44c7b51c46667fdebf05a8ceb4141d1f9e7d537e 9ac44dcb07fa79ebf1e81b575258ade1ce26556bc0575187652160980b30f23e
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css-zone/flaglink.css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sun, 21 Apr 2024 22:26:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oltLs%2Bp5Je4ORYiYj8Wn%2BNgaZkerqNPv04ciehP%2F0I9jFsEHZ8pYgswQ0QyO%2BYC3PbmNRbFtxXgGcnHmIP9ovBwN9GpN5LcnuZNqzwKg3kfkce84ze99vMPM5dn8lFtk9p3pbVkVWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568cf95b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/css-zone/style-zone.css | 188.114.96.1 | 200 OK | 52 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/css-zone/style-zone.css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (7259) Hash57f73c053432bcaaf748e1ee984e83db 69642560faec1eb7284a2751e787848f8593a1a5 28860f2bc3b306e6ffc8027a8888e462dc66e6b1d19e8d56af17d7acd2537fcb
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css-zone/style-zone.css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Sun, 21 Apr 2024 22:26:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrPlOV4afV6FSinfrHThHayZ18m4WAfWtmP3oFXm9GRwIetccQXE6vcjyXA0hckELi7NXympqu9PJXboU8kpELa1hoGqlsuEtLQWWsRIPlVxh4THOyxODmfcgOxtI2HlxbNL2MLvXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568df9eb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/cdn-cgi/rum? | 188.114.96.1 | 200 OK | 0 B |
URL POST HTTP/3pqwmrjcb.nesipay.xyz/cdn-cgi/rum? IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1041
Origin: https://pqwmrjcb.nesipay.xyz
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:14 GMT
server: cloudflare
cf-ray: 87edd575ddfeb518-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| pqwmrjcb.nesipay.xyz/css-zone/google.css | 188.114.96.1 | 200 OK | 4.7 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/css-zone/google.css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (5117), with no line terminators Hash89a5d57984f3b8f805d26d28b1186269 232b658c1f732dff7f5eb75cd45adafe60e712ab a6272b0608c58d56d36fa0bfa33ac7dcc854d4d74fa1a02adf4d2b6c738fb04d
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css-zone/google.css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Wed, 10 Apr 2024 21:47:52 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSlCSvL9CwPZlpOFUUbGPylfT8LTjooKB8SMwyGuHDx%2FL28zGNM31OrUJ68HJXE9U89Xe2gpyarSCU7j7TaabBd3l7PgZnIbc3cKp34RDW3YfAxLmciq6Urfeu8T7POLuAOtxgXQvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568cf91b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/index_files/css | 188.114.96.1 | 404 Not Found | 1.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/index_files/css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /index_files/css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ImVtwBcYOB9yMOHyEfeWs2Y%2BxxRZgl55wtHZjn5jxhyd%2FB1N2e%2Bxw10DRlBr%2B8xmIREpaP4rPw4VmEFbB8if2Wot2E05QzqEwN8vpD2f3HbJdtJ5wFEG9B7Ntb4ETzZ2rH9xVl7XgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568bf86b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/css-zone/animate.css | 188.114.96.1 | 200 OK | 78 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/css-zone/animate.css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
Hash8eae1a9cfafdc593321d4d59ec4905ea 232f5f3f4c3a0a56823e0e933f9c7fec3aa9cbcc e89c81987c5cbc157097eaa6657d6a594abf030cc89bb63f0d2154d8383e9fab
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css-zone/animate.css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:55 GMT
last-modified: Tue, 02 Jan 2024 21:53:44 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ixbF83JjFYmcH1b%2FI%2BLjsgKlO2JYwdVswh4PwA3FkkAg%2B5o2wUNAFMiSOqOVKvWypf22R6tm6dyJ9Z70mHehPmH9fzG9eCEoCND9QRFaou5f2pVXwsVB4rO6wQc1d5ajVW57jW7s%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568df99b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css | 104.18.11.207 | 200 OK | 31 kB |
URL GET HTTP/2stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css IP104.18.11.207:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT
File typeASCII text, with very long lines (30837) Hash269550530cc127b6aa5a35925a7de6ce 512c7d79033e3028a9be61b540cf1a6870c896f8 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pqwmrjcb.nesipay.xyz
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 03/18/2024 12:28:12
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d9cf4ab2106a52dfda887edc07f52dbd
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 87edd56b3fd4b511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| pqwmrjcb.nesipay.xyz/js-zone/slidernotif.js | 188.114.96.1 | 404 Not Found | 1.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/slidernotif.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/slidernotif.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V0sy0XbdkTG6NSXoDz3U5fdzOkUeqoSRAjak6VhuSzbhj3%2BewIC1XFrXANAvP5A%2B4Rx2zQqbEeHv1qk3CLCK3jxNh2Au0ud9ALTwOm0AGv8SSktpMnFu92rcL%2BkIi975E6bpSDOPzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5727c92b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/js-zone/slide-zone.js | 188.114.96.1 | 200 OK | 1.5 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/slide-zone.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (1606), with no line terminators Hash6a7c7ae72f791b3b8b46d76a3c4a2311 a7dc3fb632c192a76b7cf387f29703656f60df4b 985a614807422c18989e25d515b8330019b8fbfc691dc1ac3ec27b23cfb311e3
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/slide-zone.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/javascript
last-modified: Sun, 21 Apr 2024 23:19:26 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gJf%2BU%2FAEpiYS2Vs2Uri%2BQyX%2Bd0pruP7d35NPrTuRLZhr2XMlb7VHv7UEurHCaJfbERUsRShQH139ydmNHOqvVxxr4cF1vnTYSThax0iG4vpv7u9r2IQ94%2Bz%2BGw8oLWMatPTyTGIdHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd569a81bb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/css-zone/link.css | 188.114.96.1 | 200 OK | 5.9 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/css-zone/link.css IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeASCII text, with very long lines (6475), with no line terminators Hash6a54d1d1f85e34dccf0abb8d802c043a c9e0e3542039ab854da84ba990ef998093a682de a8de9524056b5da16a51925a126fe093e75947adbbad63d873f15f08335ab890
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /css-zone/link.css HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 04:02:11 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Sun, 12 May 2024 00:02:54 GMT
last-modified: Sun, 21 Apr 2024 22:26:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 14356
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=65UMxDmRLkUgGFV9hcnoylsb8dXjUWvpzocW535Xy3H89Gd56JT6GNpjdCJNEa0PEW%2FbbqfXe%2BNrMc8sgnK592BFMuXuIEtCT8xlhGLgr89XAfxY5YRuuvSCMidIqqEkY7XcOa8ljQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87edd568cf94b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/js-zone/slidernotif.js | 188.114.96.1 | 404 Not Found | 1.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/slidernotif.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/slidernotif.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xz45Wt0OLjOpOXHY%2Bh40B5uyAf%2BFMcI24UiwYuAXj9cr7BXKf%2BUnN2%2FFawG1foiEkh3Ekq3XbLjuFART%2Fj6s%2F1MBYo5UbdMFHNvzz04CBI8LuvMQMPvk5Eoa7X1RkRKonYt1SF%2F4tA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd569a819b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/img/slogan2.png | 188.114.96.1 | 404 Not Found | 1.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/img/slogan2.png IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /img/slogan2.png HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K73zgUE4voY2sKmbgLKLyBOoySiNC0ESTpA0jqC11GUY7U5JixuRLarKgMiDF8%2BJF9dBEzL5CFxC9Gy5NebUtlwKmtrHigCGJrePah4cOTfSkZQXT2KEsklfZTl1JfkxOKZERH3NbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56f4b24b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| pqwmrjcb.nesipay.xyz/media/open.mp3 | 188.114.96.1 | 404 Not Found | 1.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/media/open.mp3 IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /media/open.mp3 HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sYg3OS3uQwbzZOlXiagchmYfE4tZ2nO6XTzq7JFiULBd6z4zGmojIEYHcpMgHppTk2Q45DH%2BEfXIm%2FGftHI8WCUPcPHQgWX164H1wNR%2B0eo8z5AbsBoCMsxOSVINiu%2F59QPxPMHd5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5717c1cb518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039 | 104.16.79.73 | 200 OK | 20 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039 IP104.16.79.73:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00 ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT
File typeJavaScript source, ASCII text, with very long lines (19978), with no line terminators Hash09c0cae9d18b9ef8e6a132e71c3c245d e2237916aea3bba321d0662fc1bc188f0cd3e167 af780e357234ceb6feec085a9a31f46834c88c4d3852d79050ad9dc3658a3a67
GET /beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pqwmrjcb.nesipay.xyz
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 04:02:12 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.7.0"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd56b4f445699-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pqwmrjcb.nesipay.xyz/js-zone/flaglink.js | 188.114.96.1 | 404 Not Found | 1.3 kB |
URL GET HTTP/3pqwmrjcb.nesipay.xyz/js-zone/flaglink.js IP188.114.96.1:443
Requested byhttps://pqwmrjcb.nesipay.xyz/ CertificateIssuerGoogle Trust Services LLC Subjectnesipay.xyz FingerprintDF:D5:BE:8D:5F:63:E6:B9:CD:3E:F8:B8:6A:A5:26:AA:D7:C3:B2:7B ValidityThu, 25 Apr 2024 22:12:47 GMT - Wed, 24 Jul 2024 22:12:46 GMT
File typeHTML document, ASCII text, with very long lines (1285), with no line terminators Hash94f08a3a6562f7f079c4f5a67b7260e2 cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823 44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29
Analyzer | Verdict | Alert | OpenPhish | phishing | Garena |
GET /js-zone/flaglink.js HTTP/1.1
Host: pqwmrjcb.nesipay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pqwmrjcb.nesipay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Sun, 05 May 2024 04:02:13 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nq9CKZN7f6XHKRQgJPowCaIMA%2B%2FrmzgPUrsY%2FKdmMfXwLImsgGO2%2BhSJfIIsziJGZ2mpZ%2Fb0Ytl4dggv0DH40%2BKloi39e%2BorzdTpRclDc6BRgQzwpw37%2B3b2gyQpqpl49quTfCt5Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87edd5717c13b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|