| 137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972 | 137.184.145.124 | | 26 kB |
URL 137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972 IP137.184.145.124:0 ASN#14061 DIGITALOCEAN-ASN
File typeHTML document, ASCII text, with very long lines (62324) Hashe9442fc6ceff87dfc708db82ce595a4d b078fb8eee37c08b794954b2444a9a928bbfee22 b938d2e53cd447208dc8aa0624ab224096133788f1e6e138add217783f12e7a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972 HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, private
Date: Fri, 10 May 2024 07:51:01 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; expires=Fri, 10 May 2024 09:51:01 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D; path=/; httponly; samesite=lax
Content-Encoding: gzip
|
|
| 137.184.145.124:9003/images/arshiya-logo.jpg | 137.184.145.124 | | 6.9 kB |
URL 137.184.145.124:9003/images/arshiya-logo.jpg IP137.184.145.124:0 ASN#14061 DIGITALOCEAN-ASN
File typePNG image data, 97 x 31, 8-bit/color RGBA, non-interlaced Hash5034635d004dad1d89d25a960b12f961 453856545ac4407de3dd45e8afd46b151cb49f63 37363f4f1b9eea9c01a32ce569d275816d42b5c341bc12f76c71e880f15596e4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/arshiya-logo.jpg HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 07:51:01 GMT
Content-Type: image/jpeg
Content-Length: 6886
Last-Modified: Wed, 27 Dec 2023 07:21:35 GMT
Connection: keep-alive
ETag: "658bd07f-1ae6"
Accept-Ranges: bytes
|
|
| 137.184.145.124:9003/images/banner-games.gif | 137.184.145.124 | | 382 kB |
URL 137.184.145.124:9003/images/banner-games.gif IP137.184.145.124:0 ASN#14061 DIGITALOCEAN-ASN
File typeGIF image data, version 89a, 640 x 360 Size382 kB (382278 bytes) Hashf8668b8d9fce55b1d989d0cbcf5643dc e6b3cbd16d7c6d278793e341991e53e71fa0148e 842ba957f3813a4de323cf10157e46065247838562bef20219139f4863913ab6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/banner-games.gif HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 07:51:02 GMT
Content-Type: image/gif
Content-Length: 382278
Last-Modified: Wed, 27 Dec 2023 07:21:35 GMT
Connection: keep-alive
ETag: "658bd07f-5d546"
Accept-Ranges: bytes
|
|
| sg.d.shield.monitoringservice.co/ | 139.162.21.64 | | 0 B |
URL sg.d.shield.monitoringservice.co/ IP139.162.21.64:0 ASN#63949 Akamai Connected Cloud
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: sg.d.shield.monitoringservice.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 852
Origin: http://137.184.145.124:9003
DNT: 1
Connection: keep-alive
Referer: http://137.184.145.124:9003/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: *
server: MCP-Shield
date: Fri, 10 May 2024 07:51:02 GMT
content-length: 0
x-server: Data-1
|
|
| sg.ws.shield.monitoringservice.co/ | 139.162.21.64 | | 0 B |
URL sg.ws.shield.monitoringservice.co/ IP139.162.21.64:0 ASN#63949 Akamai Connected Cloud
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: sg.ws.shield.monitoringservice.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://137.184.145.124:9003
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rV+kKi1Bnr/JyVGsbA19JQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
upgrade: websocket
connection: Upgrade
sec-websocket-accept: YII9BExX0xYJ4bXPMMVOWdM0M+M=
origin: http://137.184.145.124:9003
x-server: WS-1
|
|
| 137.184.145.124:9003/integrations/UaeEt/bg_image.png | 137.184.145.124 | | 131 kB |
URL 137.184.145.124:9003/integrations/UaeEt/bg_image.png IP137.184.145.124:0 ASN#14061 DIGITALOCEAN-ASN
File typePNG image data, 1366 x 768, 8-bit/color RGBA, non-interlaced Size131 kB (130658 bytes) Hashc841a003257a96a99b32777bc3ef1c45 eefb2a6d9c616a9a883808d0d0cf5223c8ae0aaf b0a1cd77fbd0f5a8282d0689d25d2916be6e32d0a0087825795c7510331ac57a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /integrations/UaeEt/bg_image.png HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D; _s_ZisSess=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 07:51:03 GMT
Content-Type: image/png
Content-Length: 130658
Last-Modified: Wed, 27 Dec 2023 07:21:35 GMT
Connection: keep-alive
ETag: "658bd07f-1fe62"
Accept-Ranges: bytes
|
|
| sg.d.shield.monitoringservice.co/?d=JTdCJTIyayUyMjolMjJlYjM3OTRhM2VmYmMwNjQ0M2NiYzVkMDU5YjU3ZDA3NSUyMiwlMjJzJTIyOiUyMl9Nalc4WXNCLVc1ZmN1dWYySnYxJTIyLCUyMmZyb20lMjI6JTIyaHR0cDovLzEzNy4xODQuMTQ1LjEyNDo5MDAzL2lxL2lxX3phaW4tR2FtZUNhZmU/Zmxvdz1oZSZuZXR3b3JrX2tleT1kdzk0U1VvSUM1JmNsaWNrX2lkPUQtMjA5MDcyNzQtMTcxNTMyNzQyMC0zNEcxNzBHMjI4RzIyOS1EVUJKUTkxMjAmcHViX2lkPTQ1NTk3MiUyMiwlMjJ0eXBlJTIyOiUyMlNSU0NJJTIyLCUyMmRhdGElMjI6JTIyJTdCJTVDJTIycyU1QyUyMjp0cnVlLCU1QyUyMnQlNUMlMjI6MzE4NiwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMnclNUMlMjI6MTI4MCwlNUMlMjJoJTVDJTIyOjUwMCwlNUMlMjJkRSU1QyUyMjolN0IlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0JTdELCU1QyUyMnIlNUMlMjI6JTdCJTVDJTIyeCU1QyUyMjowLCU1QyUyMnklNUMlMjI6NSwlNUMlMjJ3aWR0aCU1QyUyMjoxMjgwLCU1QyUyMmhlaWdodCU1QyUyMjo0OTkuNzgzMzI1MTk1MzEyNSwlNUMlMjJ0b3AlNUMlMjI6NSwlNUMlMjJyaWdodCU1QyUyMjoxMjgwLCU1QyUyMmJvdHRvbSU1QyUyMjo1MDQuNzgzMzI1MTk1MzEyNSwlNUMlMjJsZWZ0JTVDJTIyOjAlN0QsJTVDJTIycyU1QyUyMjolN0IlNUMlMjJhSCU1QyUyMjoxMDI0LCU1QyUyMmFXJTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0LCU1QyUyMnclNUMlMjI6MTI4MCU3RCwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMmglNUMlMjI6MTAyNCwlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyb0glNUMlMjI6MTAyNCwlNUMlMjJvVyU1QyUyMjoxMjgwLCU1QyUyMnglNUMlMjI6MCwlNUMlMjJ5JTVDJTIyOjAlN0QlN0QlN0QlMjIlN0Q= | 139.162.21.64 | | 0 B |
URL sg.d.shield.monitoringservice.co/?d=JTdCJTIyayUyMjolMjJlYjM3OTRhM2VmYmMwNjQ0M2NiYzVkMDU5YjU3ZDA3NSUyMiwlMjJzJTIyOiUyMl9Nalc4WXNCLVc1ZmN1dWYySnYxJTIyLCUyMmZyb20lMjI6JTIyaHR0cDovLzEzNy4xODQuMTQ1LjEyNDo5MDAzL2lxL2lxX3phaW4tR2FtZUNhZmU/Zmxvdz1oZSZuZXR3b3JrX2tleT1kdzk0U1VvSUM1JmNsaWNrX2lkPUQtMjA5MDcyNzQtMTcxNTMyNzQyMC0zNEcxNzBHMjI4RzIyOS1EVUJKUTkxMjAmcHViX2lkPTQ1NTk3MiUyMiwlMjJ0eXBlJTIyOiUyMlNSU0NJJTIyLCUyMmRhdGElMjI6JTIyJTdCJTVDJTIycyU1QyUyMjp0cnVlLCU1QyUyMnQlNUMlMjI6MzE4NiwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMnclNUMlMjI6MTI4MCwlNUMlMjJoJTVDJTIyOjUwMCwlNUMlMjJkRSU1QyUyMjolN0IlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0JTdELCU1QyUyMnIlNUMlMjI6JTdCJTVDJTIyeCU1QyUyMjowLCU1QyUyMnklNUMlMjI6NSwlNUMlMjJ3aWR0aCU1QyUyMjoxMjgwLCU1QyUyMmhlaWdodCU1QyUyMjo0OTkuNzgzMzI1MTk1MzEyNSwlNUMlMjJ0b3AlNUMlMjI6NSwlNUMlMjJyaWdodCU1QyUyMjoxMjgwLCU1QyUyMmJvdHRvbSU1QyUyMjo1MDQuNzgzMzI1MTk1MzEyNSwlNUMlMjJsZWZ0JTVDJTIyOjAlN0QsJTVDJTIycyU1QyUyMjolN0IlNUMlMjJhSCU1QyUyMjoxMDI0LCU1QyUyMmFXJTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0LCU1QyUyMnclNUMlMjI6MTI4MCU3RCwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMmglNUMlMjI6MTAyNCwlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyb0glNUMlMjI6MTAyNCwlNUMlMjJvVyU1QyUyMjoxMjgwLCU1QyUyMnglNUMlMjI6MCwlNUMlMjJ5JTVDJTIyOjAlN0QlN0QlN0QlMjIlN0Q= IP139.162.21.64:0 ASN#63949 Akamai Connected Cloud
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?d=JTdCJTIyayUyMjolMjJlYjM3OTRhM2VmYmMwNjQ0M2NiYzVkMDU5YjU3ZDA3NSUyMiwlMjJzJTIyOiUyMl9Nalc4WXNCLVc1ZmN1dWYySnYxJTIyLCUyMmZyb20lMjI6JTIyaHR0cDovLzEzNy4xODQuMTQ1LjEyNDo5MDAzL2lxL2lxX3phaW4tR2FtZUNhZmU/Zmxvdz1oZSZuZXR3b3JrX2tleT1kdzk0U1VvSUM1JmNsaWNrX2lkPUQtMjA5MDcyNzQtMTcxNTMyNzQyMC0zNEcxNzBHMjI4RzIyOS1EVUJKUTkxMjAmcHViX2lkPTQ1NTk3MiUyMiwlMjJ0eXBlJTIyOiUyMlNSU0NJJTIyLCUyMmRhdGElMjI6JTIyJTdCJTVDJTIycyU1QyUyMjp0cnVlLCU1QyUyMnQlNUMlMjI6MzE4NiwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMnclNUMlMjI6MTI4MCwlNUMlMjJoJTVDJTIyOjUwMCwlNUMlMjJkRSU1QyUyMjolN0IlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0JTdELCU1QyUyMnIlNUMlMjI6JTdCJTVDJTIyeCU1QyUyMjowLCU1QyUyMnklNUMlMjI6NSwlNUMlMjJ3aWR0aCU1QyUyMjoxMjgwLCU1QyUyMmhlaWdodCU1QyUyMjo0OTkuNzgzMzI1MTk1MzEyNSwlNUMlMjJ0b3AlNUMlMjI6NSwlNUMlMjJyaWdodCU1QyUyMjoxMjgwLCU1QyUyMmJvdHRvbSU1QyUyMjo1MDQuNzgzMzI1MTk1MzEyNSwlNUMlMjJsZWZ0JTVDJTIyOjAlN0QsJTVDJTIycyU1QyUyMjolN0IlNUMlMjJhSCU1QyUyMjoxMDI0LCU1QyUyMmFXJTVDJTIyOjEyODAsJTVDJTIyaCU1QyUyMjoxMDI0LCU1QyUyMnclNUMlMjI6MTI4MCU3RCwlNUMlMjJkJTVDJTIyOiU3QiU1QyUyMmglNUMlMjI6MTAyNCwlNUMlMjJ3JTVDJTIyOjEyODAsJTVDJTIyb0glNUMlMjI6MTAyNCwlNUMlMjJvVyU1QyUyMjoxMjgwLCU1QyUyMnglNUMlMjI6MCwlNUMlMjJ5JTVDJTIyOjAlN0QlN0QlN0QlMjIlN0Q= HTTP/1.1
Host: sg.d.shield.monitoringservice.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://137.184.145.124:9003/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
access-control-allow-origin: *
server: MCP-Shield
content-type: image/png
date: Fri, 10 May 2024 07:51:03 GMT
content-length: 0
x-server: Data-2
|
|
| 137.184.145.124:9003/favicon.ico | 137.184.145.124 | | 3.4 kB |
URL 137.184.145.124:9003/favicon.ico IP137.184.145.124:0 ASN#14061 DIGITALOCEAN-ASN
File typePNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced Hashdaae80c062061910706bfcf9aad9f30d 523e5b3a24d3d598248d60d96a0c7c9d6f7fd27b 528e9fced60c307291de3b99b8a517c30d26f48e7d35ceb172bbb065c68cae21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 137.184.145.124:9003
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/iq/iq_zain-GameCafe?flow=he&network_key=dw94SUoIC5&click_id=D-20907274-1715327420-34G170G228G229-DUBJQ9120&pub_id=455972
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9VOCswN2lpRUEwUVpjczNSM09KZEE9PSIsInZhbHVlIjoiMktwZmhBU09mOEpxVmhJSjAyRFU5ejhPMVJUdGZTRTlHdGQ1WHlOSEhkNXJyS2V5MS83RDNidGJtV2E3NWhZSkJaUXpnN2N6cXEzMzVCRVZVQUpxa1M4c21rOGxIdW5ZL3pHNHdJczJGUk0vdVA2YnhUYnB3bi90ZEJLSlphTFkiLCJtYWMiOiI0ZThmMDE0YTMzZjRmNjhhYjJjMWQ0ODQ2NzQyYjZlYTc3MTVmZmY0MzVmZmM2NWNkZTU0M2FjYjg4NWNiMjdlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InQxZVkwVHUwQ0R4dGo4RHFiKzUrQkE9PSIsInZhbHVlIjoiSEYyMENrRGlETGhwa0VqS0ROZHJwa3hNSDBlWWMvWDgxTStMSnpOQjFTVEt2ZDIzU1AxNGZQcEUxMnk1M3ZhK1RLc2E1T0hhZG1HMFltcDhaSGN4aG1ZamJuYVoramNxRW1NZDdyQ2dkWFJKQnA1RmoxbmIrQ09McjJXblpaQysiLCJtYWMiOiI4MDM5MjgwZWI1ZmY5OTI4ZjFlOWFkZDBlNDg1MjE1ZDVkODY5YWExYWJjYTA2YjU1NWUwMTUyYjY3NDQ4NTE5IiwidGFnIjoiIn0%3D; _s_ZisSess=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 07:51:03 GMT
Content-Type: image/x-icon
Content-Length: 3374
Last-Modified: Wed, 27 Dec 2023 07:21:35 GMT
Connection: keep-alive
ETag: "658bd07f-d2e"
Accept-Ranges: bytes
|
|
| sg.ws.shield.monitoringservice.co/ | 139.162.21.64 | | 0 B |
URL sg.ws.shield.monitoringservice.co/ IP139.162.21.64:0 ASN#63949 Akamai Connected Cloud
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: sg.ws.shield.monitoringservice.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://137.184.145.124:9003
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XOXQIVrMRQRl1oaRwWPmqA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
upgrade: websocket
connection: Upgrade
sec-websocket-accept: 6B0HrBK3/Iu3kRoiQTxAaMLIdcI=
origin: http://137.184.145.124:9003
x-server: WS-2
|
|
| www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075 | 134.119.216.147 | 200 OK | 10 B |
URL User Request GET HTTP/1.1www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075 IP134.119.216.147:80 ASN#29066 velia.net Internetdienste GmbH
File typeASCII text, with no line terminators Hashbf513c8f8b87b28ec0006bdb0a69e8ee c8588f8dfe9584d1facea53d776b3eb4a7aac23b 609842dad82efc9315722cf37e5d6c4bc16d98a116476d682d3b4714ddcce588
GET /iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075 HTTP/1.1
Host: www.social-sms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://137.184.145.124:9003/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:51:04 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 10
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| www.social-sms.com/favicon.ico | 134.119.216.147 | 404 Not Found | 280 B |
URL GET HTTP/1.1www.social-sms.com/favicon.ico IP134.119.216.147:80 ASN#29066 velia.net Internetdienste GmbH
Requested byhttp://www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075
File typeHTML document, ASCII text Hasha3f7b7cd16a5ff7586e9083fb8879c2c fffc262e1f497c163fd19c643a377aee5f3bcb77 d76efd2d3ddafeb5da6509b16c3d7c498196a779070b5262dd5a3b6e12c412d9
GET /favicon.ico HTTP/1.1
Host: www.social-sms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.social-sms.com/iq-dcb/HE/v1.2/oneclick/sub.php?serviceId=618&spId=186&shortcode=3368&uniqid=eb3794a3efbc06443cbc5d059b57d075
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 07:51:06 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 280
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|