Report - xcycle.ro

Report Overview

Submitted URL
xcycle.ro
IP
185.92.194.160
ASN
#44043 H88 Web Hosting S.r.l.
Submitted
2024-05-10 05:55:24
Access
public
Website Title
Den årlige brukerundersøkelsen 2024
Final URL
weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
70

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xcycle.ro	unknown	2011-03-23	2014-10-15	2024-04-12	8.7 kB	2.9 MB	185.92.194.160
maps.google.com	1899	1997-09-15	2012-09-11	2024-05-09	406 B	70 kB	142.250.74.46
apidevst.com	unknown	unknown	No data	No data	425 B	31 kB	31.184.253.65
gainscoreprize.life	unknown	unknown	No data	No data	1.1 kB	63 kB	185.155.184.32
weapkd4.hellsixfirm.live	unknown	unknown	No data	No data	17 kB	358 kB	185.155.186.25
jsontdsexit2.com	unknown	2022-05-16	2022-05-16	2024-05-07	467 B	752 B	136.243.216.235

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 05:54:52	high	Client IP	31.184.253.65	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevst .com)
2024-05-10 05:54:52	high	Client IP	31.184.253.65	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevst .com)
2024-05-10 05:54:54	high	Client IP	185.155.186.25	ThreatFox Unknown malware payload delivery (ip:port - confidence level: 50%)
2024-05-10 05:54:54	high	Client IP	185.155.186.25	ThreatFox Unknown malware payload delivery (ip:port - confidence level: 50%)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	apidevst.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	apidevst.com	Sinkholed
2024-05-10	medium	gainscoreprize.life	Sinkholed
2024-05-10	medium	gainscoreprize.life	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed
2024-05-10	medium	hellsixfirm.live	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-04-30	medium	apidevst.com	FAKEUPDATES

JavaScript (22)

	URL	Size	First Seen	Last Seen
	weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D	582 B	2024-05-10	2024-05-10
Pretty URL weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 07:55:31 Last Seen2024-05-10 07:55:31 Times Seen1 Hash 3264e51bbefcccdefbbeda1540e8b4d6 b5afdf5c8161e2638706af207fb0d0e6bbdb9d45 904fe4d493036892d69b5be8c07721fd01b110d841c5099f00e10b9cd2bdfdb8 Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/no/8.js	1.2 kB	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/no/8.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2024-05-20 13:36:43 Times Seen1462 Hash dbdb981f8658c845968ec8226f81d1d8 d679b7bf47f71cd55b6c307cf96146a95660d667 5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa Loading...

	weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D	27 B	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-20 13:36:43 Times Seen730 Hash 161f9a69d329eefbacd7189c6e7c4717 24471f3653e76a774ee0b0a26bc552d7d1010619 286b3e82413a678df1f76749c9fde680f2d4adc46f9e10a6e44d8982ab4b3e14 Loading...

	weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D	51 B	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-20 13:36:43 Times Seen696 Hash 8da6025b0f37cfcb5159f14899f1259e f1dc2b85e181e418c319fabcafbc02cfe0e2677d 120a3671c235c1e3eea60a2bcf36fdf328913b6d75264414183501f28c7db244 Loading...

	weapkd4.hellsixfirm.live/media/mainstream/u.js	24 kB	2024-02-25	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/u.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-25 16:07:16 Last Seen2024-05-20 13:36:43 Times Seen1290 Hash 89ed4b592ab506a6fca18e95657dfc4f 179998ad5741d669e75521fb943850a808917924 4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b Loading...

	weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D	20 B	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18:07 Last Seen2024-05-20 13:36:43 Times Seen803 Hash 4c981176ad777cd42704547a34e38fd7 b8b3405d5144df7ffa3df8da12003925a6bd5f10 f684cc3909c044c62a129eeaece559818947abfa00e7ff1c1344407699456c6c Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/4.js	5.8 kB	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/4.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-20 13:36:43 Times Seen1388 Hash 8c7a2e36533feed8cd5fbca8b8f91114 854cdef22953f1eab3d94eb6b421c433ad34f4c7 f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6 Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/6.js	29 kB	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/6.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-05-20 14:31:07 Times Seen10669 Hash ba847811448ef90d98d272aeccef2a95 5814e91bb6276f4de8b7951c965f2f190a03978d 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1 Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/5.js	12 kB	2024-02-24	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/5.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:22 Last Seen2024-05-20 13:36:43 Times Seen1165 Hash de362f15f5232df7747f7e741f587fcd 6353ff9bb0db73da818f1bc7250866f3d56bc8f8 e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47 Loading...

	weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D	32 B	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-20 13:36:43 Times Seen696 Hash d1fc504dfb1bf43968d1d83b98732bd6 a2ee4d6e44f99e721894b5c70fbf471d2cd7d0f4 62144f95cb4d3d23136c15d183dfcbb051102f0f836d5bbe956be26f31945a89 Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/7.js	7.9 kB	2024-02-24	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/7.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-05-20 13:36:43 Times Seen1168 Hash 114f0be35fbff35e205c5f0bc146d864 dad256468614b8bb885233a71b31751edc222c5d 7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d Loading...

	weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D	39 B	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-20 13:36:43 Times Seen691 Hash 2fbdfa4e04d76b87c23f87e832cd7b23 9d43f5beab48537f469fbf72c17930ad1586eeff 9a365e6129870f0efb051315111b44b71fa52c2951060dc6f38fe5365ba70363 Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/jquery.min.js	87 kB	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/jquery.min.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-20 17:07:02 Times Seen68203 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/1.js	12 kB	2024-02-24	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/1.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-05-20 13:36:43 Times Seen1172 Hash 4c0b32d32b0b7317afb94deba5cabeac ee478251de9e6c4046a72ae0dff93ba1ac06c85a b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46 Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/2.js	15 kB	2024-02-24	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/2.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-05-20 13:36:43 Times Seen1174 Hash 0bddd3bcca2df107ca5b8187b8e2a3f8 8bb441d73dfd233f8db6bbaffc2b0227a329a0f7 03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b Loading...

	weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D	34 B	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-20 13:36:43 Times Seen689 Hash 33752473f5296f7592bf34007363d9cd e6b81b1e154cf8883f18d90591015f186cdd69dd b412bac7f038e04833108c29e7ce496215edd1b51afaa8b6648275790c088dc6 Loading...

	weapkd4.hellsixfirm.live/media/mainstream/all/mb/3.js	15 kB	2024-02-24	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/media/mainstream/all/mb/3.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:22 Last Seen2024-05-20 13:36:43 Times Seen1177 Hash 55bab18cf6adc22fc3d91e30c20ce0e6 0f18ff18d3db09841c930241460d61bc136e5a34 b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed Loading...

	weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D	23 B	2023-03-07	2024-05-20
Pretty URL weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:56 Last Seen2024-05-20 13:36:43 Times Seen681 Hash df1b896f4fac3bd9289cb281825ec760 f23884052caeb422d137868f7256a442b353e704 82b015da06c8025a4c31b869996f8281cc0cfd74a333728684762861200bac5a Loading...

		Size	First Seen	Last Seen
	#1 Write - 763f7f1aec350cd1a46238d1d5c3c229	7 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:03:11 Last Seen2024-05-20 13:36:43 Times Seen1385 Hash 763f7f1aec350cd1a46238d1d5c3c229 b4ee6522335b033249255b4cc1d572993282aafb 2f26233595d165e6868c5bb9e5e835506039e72c61a36a1bafb0827abfe746a5 Loading...

	#2 Write - 18d6d42f7129d207cea6686420173be4	11 B	2024-05-10	2024-05-11
Pretty Observations First Seen2024-05-10 05:11:44 Last Seen2024-05-11 01:49:59 Times Seen48 Hash 18d6d42f7129d207cea6686420173be4 47e6ca1ef80c403d77ae83ae48067bedcaac6163 84949c4804cdbb27d087745276431fcedccde5ba101d7853c84e579211a8d65c Loading...

	#3 Write - 3247750a72fae4424557c14e24defeaf	6 B	2023-03-07	2024-05-16
Pretty Observations First Seen2023-03-07 01:18:07 Last Seen2024-05-16 12:54:47 Times Seen684 Hash 3247750a72fae4424557c14e24defeaf e47b0507109ad8e7fb4cc83ff559fbde701b2d7d 1f310aec0e2bccc7b983d1d8759f6eac77d1d6721f9ecf87526ab93472a767c3 Loading...

	#4 Write - 80d41f1e0b14eacb229eea9618632e88	6 B	2023-03-17	2024-05-18
Pretty Observations First Seen2023-03-17 12:38:39 Last Seen2024-05-18 00:19:05 Times Seen120 Hash 80d41f1e0b14eacb229eea9618632e88 49de2f04421f83c395c3ff00d1a5beb5a907804d 9b7ae5c44dab49762dcaed9c53245d2086e02794665e4659fa7fb52fca8c529c Loading...

HTTP Transactions (54)

URL IP Response Size

xcycle.ro/

185.92.194.160

5.8 kB

URL
xcycle.ro/
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1173)
Size
5.8 kB (5824 bytes)
Hash
a229650d6043cb37943ecb113ed6f1e6
54b0c153fe19ac09f26539fb4360ddc7ec11f7ca
fad67128cc550b3f7e60dadf1e14a17562c346795704165761fe1044503a61cd

HTTP Headers

GET / HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
expires: Mon, 29 Oct 1923 20:30:00 GMT
content-type: text/html
last-modified: Fri, 10 May 2024 00:42:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5824
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
pragma: no-cache
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

xcycle.ro/wp-content/cache/wpfc-minified/d4e8jdvg/dworq.css

185.92.194.160

31 kB

URL
xcycle.ro/wp-content/cache/wpfc-minified/d4e8jdvg/dworq.css
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
ASCII text, with very long lines (53408)
Size
31 kB (31273 bytes)
Hash
f5f3eda5d71c19bfd6c15fb1e20fef0d
884d3c4d8d0e40f7af17102d28cfe449a34e015f
b62896c373ece8f9c6f83ed7fd793fdfaa65d1ad38ce6e2053fa533cfd386613

HTTP Headers

GET /wp-content/cache/wpfc-minified/d4e8jdvg/dworq.css HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/css
last-modified: Fri, 03 May 2024 18:14:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 31273
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

xcycle.ro/wp-content/cache/wpfc-minified/1pu6tj5q/dworq.css

185.92.194.160

65 kB

URL
xcycle.ro/wp-content/cache/wpfc-minified/1pu6tj5q/dworq.css
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
65 kB (65085 bytes)
Hash
504fdb28049a0e2edf2e88a467f6087e
c5d9b200a95a1149e6a62883ba9a92b7af1b62e6
2499de680b03f2b6954d3f62d04d3883c39b9a810c51a44b3a721f036431a19b

HTTP Headers

GET /wp-content/cache/wpfc-minified/1pu6tj5q/dworq.css HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/css
last-modified: Fri, 03 May 2024 18:14:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 65085
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/cache/wpfc-minified/df1n3iuj/dworq.js

185.92.194.160

36 kB

URL
xcycle.ro/wp-content/cache/wpfc-minified/df1n3iuj/dworq.js
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JavaScript source, ASCII text, with very long lines (31997)
Size
36 kB (36272 bytes)
Hash
8ff29a42f37c17fde8f2526fa82dcfd1
40ea36967fb23a047c946623ca729b7ffb7edc50
fb13877d2d24e932eba67c467bb167adb0808cdc189780cb51f29179be669d76

HTTP Headers

GET /wp-content/cache/wpfc-minified/df1n3iuj/dworq.js HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Fri, 03 May 2024 18:14:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 36272
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.9

185.92.194.160

3.8 kB

URL
xcycle.ro/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.9
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JavaScript source, ASCII text
Size
3.8 kB (3788 bytes)
Hash
eea94f6013d8a939c0b4ace7753afe6e
df8fa5affa60932e9aa1cfbda370c0c1bb3b380f
72ebfeb1ce24b152349b7a231f6fc29ff2a2b7a5ede91dcdb80d6b9de1779046

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.9 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Wed, 20 May 2020 09:20:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3788
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/themes/bezel-wp/assets/js/bundle.js?ver=5.4.15

185.92.194.160

51 kB

URL
xcycle.ro/wp-content/themes/bezel-wp/assets/js/bundle.js?ver=5.4.15
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JavaScript source, ASCII text, with very long lines (32033)
Size
51 kB (50883 bytes)
Hash
d5571b11da31d9b73af890099a5192b0
0f48a1c1332d779d3ee419c3db2ed6fc8a3af2fd
ca960e663413fc409a0799fd2d0f29ef483ba0d1c91905f410460f0bcc7c75a2

HTTP Headers

GET /wp-content/themes/bezel-wp/assets/js/bundle.js?ver=5.4.15 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Thu, 13 Jul 2017 10:03:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 50883
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/themes/bezel-wp/assets/js/main.js?ver=5.4.15

185.92.194.160

8.7 kB

URL
xcycle.ro/wp-content/themes/bezel-wp/assets/js/main.js?ver=5.4.15
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JavaScript source, ASCII text
Size
8.7 kB (8700 bytes)
Hash
a05b994cc4f42bead31396eb725c3f68
72a27452987fc316ceb3254f91c8f5fb7840acb5
38b948a0c4b4f1b71237abce6e434fe1c62249eb93b6ba131db0762fb23ac965

HTTP Headers

GET /wp-content/themes/bezel-wp/assets/js/main.js?ver=5.4.15 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Thu, 13 Jul 2017 10:03:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8700
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/themes/bezel-wp/assets/js/SmoothScroll.js?ver=5.4.15

185.92.194.160

6.1 kB

URL
xcycle.ro/wp-content/themes/bezel-wp/assets/js/SmoothScroll.js?ver=5.4.15
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JavaScript source, ASCII text
Size
6.1 kB (6092 bytes)
Hash
d6dfd672b2f1882f0aa71a3a7da1d4d3
ac3b3ba7e442a0376d234fd3efcecea2c970cfe2
408f6a591cc42a66f1e93446574216775b89adac895c5958554c11d491d0e403

HTTP Headers

GET /wp-content/themes/bezel-wp/assets/js/SmoothScroll.js?ver=5.4.15 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Thu, 13 Jul 2017 10:03:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6092
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-includes/js/wp-embed.min.js?ver=5.4.15

185.92.194.160

702 B

URL
xcycle.ro/wp-includes/js/wp-embed.min.js?ver=5.4.15
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JavaScript source, ASCII text, with very long lines (1443)
Size
702 B (702 bytes)
Hash
7c5c36baa69fcdb57bd891cda90920b3
9d8b3df7a4fa2968403290d69a60b2eab20734f5
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd

HTTP Headers

GET /wp-includes/js/wp-embed.min.js?ver=5.4.15 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Tue, 16 May 2023 22:57:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 702
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.1

185.92.194.160

5.6 kB

URL
xcycle.ro/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.1
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JavaScript source, ASCII text, with very long lines (20382), with CRLF line terminators
Size
5.6 kB (5550 bytes)
Hash
fea4eded7edf91c43a2759c42829bd54
5a5bae135844dd8d12339bebc7a7debb1e8280b9
5cf22edb786e22fc2819d22e0fe2c1f5eb88c3e172ce3c1b9b6e463ee5788938

HTTP Headers

GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.1 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Sat, 23 May 2020 15:39:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5550
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

maps.google.com/maps/api/js?ver=5.4.15

142.250.74.46

69 kB

URL
maps.google.com/maps/api/js?ver=5.4.15
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (10223)
Size
69 kB (69173 bytes)
Hash
135a332bac024e3ca900330258cc7e6b
c2621977fb124a60f833097194f0d33cf947f241
97cfbc8b7c895afeea9901e99c96236dafc93313cc734c66f33d79349baeae3b

HTTP Headers

GET /maps/api/js?ver=5.4.15 HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
timing-allow-origin: *
vary: Accept-Language, Origin, X-Origin, Referer
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=1800
content-encoding: gzip
date: Fri, 10 May 2024 05:54:52 GMT
server: scaffolding on HTTPServer2
content-length: 69173
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcycle.ro/wp-content/uploads/2017/04/csm_DTP_2280_5953bb72aa.jpg

185.92.194.160

251 kB

URL
xcycle.ro/wp-content/uploads/2017/04/csm_DTP_2280_5953bb72aa.jpg
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1440x962, components 3
Size
251 kB (250712 bytes)
Hash
dea03c6ab8bfb98fd9f0cb346b2a58fb
c9c065f37496f192bef2462933e53aab8673081f
f5eb5597cf6efc661dca65d9ba739ddde0f31ade6f8a09996a25dace7a5c9713

HTTP Headers

GET /wp-content/uploads/2017/04/csm_DTP_2280_5953bb72aa.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Mon, 24 Jul 2017 08:32:29 GMT
accept-ranges: bytes
content-length: 250712
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/uploads/2021/05/xc2-2.png

185.92.194.160

956 kB

URL
xcycle.ro/wp-content/uploads/2021/05/xc2-2.png
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
PNG image data, 1440 x 962, 8-bit/color RGB, non-interlaced
Size
956 kB (955669 bytes)
Hash
a1b5a069728ecccf9fc67862f943e132
5599e57bb64f873dcee193069f9237331ad10b29
4723249d33e58e52cb8895a618e58979192da06335376c8136d4cbd8ab9e6fa2

HTTP Headers

GET /wp-content/uploads/2021/05/xc2-2.png HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/png
last-modified: Thu, 13 May 2021 12:25:54 GMT
accept-ranges: bytes
content-length: 955669
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

apidevst.com/uaWfhCZHOIRqgm3sQA8R2hSloaaytLgjqevq-GkCZvoF

31.184.253.65

30 kB

URL
apidevst.com/uaWfhCZHOIRqgm3sQA8R2hSloaaytLgjqevq-GkCZvoF
IP
31.184.253.65:0
ASN
#49505 OOO Network of data-centers Selectel

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30515 bytes)
Hash
109b91ff7517aa467e47b01c494fe699
4d37cddd9d75fd30d4a2b6305696232f00fbd071
37d9ff26000718d31b72fd222f3ff72b5187415bc626ed557c1c1feaf6d22061

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	FAKEUPDATES
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uaWfhCZHOIRqgm3sQA8R2hSloaaytLgjqevq-GkCZvoF HTTP/1.1
Host: apidevst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 05:54:53 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Expires: Fri, 10 May 2024 05:54:53 GMT
Set-Cookie: _subid=376l60jm97o9b; expires=Mon, 10 Jun 2024 05:54:53 GMT; path=/
7e4fc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjUxMzZcIjoxNzE1MzIwNDkzLFwiNTE0M1wiOjE3MTUzMjA0OTN9LFwiY2FtcGFpZ25zXCI6e1wiMjUzXCI6MTcxNTMyMDQ5MyxcIjI1NFwiOjE3MTUzMjA0OTN9LFwidGltZVwiOjE3MTUzMjA0OTN9In0.ibxVnfDF3GuLl5NCYKEGotSn13avBH-L2NiUQwYJkO0; expires=Tue, 20 Sep 2078 11:49:46 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

xcycle.ro/wp-content/uploads/2017/05/csm_802000-large-01-14_b94d5a05db.jpg

185.92.194.160

91 kB

URL
xcycle.ro/wp-content/uploads/2017/05/csm_802000-large-01-14_b94d5a05db.jpg
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1440x912, components 3
Size
91 kB (90583 bytes)
Hash
fac1d7d915cbc43d5339fba9ef202315
d95776246d353d59eb57bd719362cf20dac31e87
e23625778fea657974ce0fe5343f5b2c76e9adb767c60bc698f4c5b0c7eef57f

HTTP Headers

GET /wp-content/uploads/2017/05/csm_802000-large-01-14_b94d5a05db.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Tue, 25 Jul 2017 10:03:47 GMT
accept-ranges: bytes
content-length: 90583
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/uploads/2017/05/csm_801001-large-01-14_9ea09af516.jpg

185.92.194.160

95 kB

URL
xcycle.ro/wp-content/uploads/2017/05/csm_801001-large-01-14_9ea09af516.jpg
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1440x912, components 3
Size
95 kB (94781 bytes)
Hash
19b94e87ba45b3aba6f077f5e2693bce
2b42d414aae86b3c71d86777acfe901f4eb55d07
643688a5154442464806e3522f0ba660fe56c5baf3e4209f195bad9b23767cd7

HTTP Headers

GET /wp-content/uploads/2017/05/csm_801001-large-01-14_9ea09af516.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Tue, 25 Jul 2017 10:09:57 GMT
accept-ranges: bytes
content-length: 94781
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/uploads/2017/07/2.png

185.92.194.160

12 kB

URL
xcycle.ro/wp-content/uploads/2017/07/2.png
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
PNG image data, 200 x 84, 8-bit/color RGBA, non-interlaced
Size
12 kB (12355 bytes)
Hash
4b561ae615b11356c58313a05cfa6ab8
264da4fb4f2e1fdfff7c3fe0a5744198bcd22f5c
6d8299416307854ac4715df15828fa8aa81211f37029cc4a90c4ce2e08ebb246

HTTP Headers

GET /wp-content/uploads/2017/07/2.png HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/png
last-modified: Thu, 13 Jul 2017 11:00:45 GMT
accept-ranges: bytes
content-length: 12355
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/uploads/2017/07/light.png

185.92.194.160

9.9 kB

URL
xcycle.ro/wp-content/uploads/2017/07/light.png
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
PNG image data, 200 x 84, 8-bit/color RGBA, non-interlaced
Size
9.9 kB (9881 bytes)
Hash
d651f396de4639b283b25f520c7e9814
90d6c917dce7bf2b4aa3e4d69c212fea95e91f76
4e54445e220011fafbe105cdeff8613a855b39cc776b6d533a543fd49a59de88

HTTP Headers

GET /wp-content/uploads/2017/07/light.png HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/png
last-modified: Wed, 26 Jul 2017 10:15:55 GMT
accept-ranges: bytes
content-length: 9881
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/uploads/2017/07/dark.png

185.92.194.160

12 kB

URL
xcycle.ro/wp-content/uploads/2017/07/dark.png
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
PNG image data, 200 x 84, 8-bit/color RGBA, non-interlaced
Size
12 kB (11800 bytes)
Hash
cf881524ea684b27af9db94d47c94b2d
575a363a4801b0fe201beee27fdb5b8d853c00b9
772fbc481aab6d541a1dc9e3a898d0cce999b36d4c5622ad5c4fa6557a51849d

HTTP Headers

GET /wp-content/uploads/2017/07/dark.png HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/png
last-modified: Wed, 26 Jul 2017 10:16:04 GMT
accept-ranges: bytes
content-length: 11800
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

xcycle.ro/wp-content/uploads/2017/04/DSCF4076-min.jpg

185.92.194.160

921 kB

URL
xcycle.ro/wp-content/uploads/2017/04/DSCF4076-min.jpg
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 6000x4000, components 3
Size
921 kB (920596 bytes)
Hash
f5b7bad9f37e480a9956d42aaa4dd613
79656f91af39d9a0c5ea1a3aff8411eda81e64f5
b07d4ffce30ea3ded8e3f033e9cbd29d558504fb9b0bfdfdd0e94730e842cedc

HTTP Headers

GET /wp-content/uploads/2017/04/DSCF4076-min.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Thu, 13 Jul 2017 10:22:56 GMT
accept-ranges: bytes
content-length: 920596
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

gainscoreprize.life/?u=4dkpaew&o=81yk607&t=offerms

185.155.184.32

200 OK

63 kB

URL User Request GET HTTP/1.1
gainscoreprize.life/?u=4dkpaew&o=81yk607&t=offerms
IP
185.155.184.32:443
ASN
#5398 AS5398 SA

Certificate
IssuerLet's Encrypt
Subjectgainscoreprize.life
FingerprintD7:09:53:E2:0E:98:A1:06:57:AF:33:F1:68:82:73:7A:6B:25:36:92
ValidityMon, 22 Apr 2024 12:31:22 GMT - Sun, 21 Jul 2024 12:31:21 GMT

File type
HTML document, ASCII text, with very long lines (47858), with CRLF line terminators
Size
63 kB (62695 bytes)
Hash
279fe38c6aeff8d22ab5e6bd6823be0b
6926c7f9a5f50fda037593bb413d326967e17181
73b42a585fd37d4df85501c662038b7978890de0673e646d167f4a10a49500d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?u=4dkpaew&o=81yk607&t=offerms HTTP/1.1
Host: gainscoreprize.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 05:54:53 GMT
Content-Type: text/html
Content-Length: 62695
Connection: keep-alive
set-cookie: sid=t2~hhiok1sfx0hc10qfw04gx0en; path=/
sid=t2~hhiok1sfx0hc10qfw04gx0en; path=/
p1=https://hellsixfirm.live/uxsvyhae/; path=/
s1=p6ieewibpw24neyi; path=/
cache-control: private, no-transform

gainscoreprize.life/favicon.ico

185.155.184.32

0 B

URL
gainscoreprize.life/favicon.ico
IP
185.155.184.32:0
ASN
#5398 AS5398 SA

Certificate
IssuerLet's Encrypt
Subjectgainscoreprize.life
FingerprintD7:09:53:E2:0E:98:A1:06:57:AF:33:F1:68:82:73:7A:6B:25:36:92
ValidityMon, 22 Apr 2024 12:31:22 GMT - Sun, 21 Jul 2024 12:31:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gainscoreprize.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gainscoreprize.life/?u=4dkpaew&o=81yk607&t=offerms
Cookie: sid=t2~hhiok1sfx0hc10qfw04gx0en; p1=https://hellsixfirm.live/uxsvyhae/; s1=p6ieewibpw24neyi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 10 May 2024 05:54:54 GMT
Connection: keep-alive
Cache-Control: no-transform

weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D

185.155.186.25

200 OK

17 kB

URL User Request GET HTTP/1.1
weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (562)
Size
17 kB (16903 bytes)
Hash
6dd67067c16fded41ff42ca58e35b446
b093426799194dfce800d045fdfd2f6064f5ba8c
e64a5d93584ff1f2ca073e95c0bb3dc25128414d42d49b63e7c30400f1dc06c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gainscoreprize.life/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/html
Content-Length: 16903
Connection: keep-alive
cache-control: private

weapkd4.hellsixfirm.live/media/mainstream/all/mb/bootstrap-mini.css

185.155.186.25

200 OK

10 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/bootstrap-mini.css
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
ASCII text, with very long lines (571), with CRLF line terminators
Size
10 kB (10214 bytes)
Hash
f0a842b8b8a52bb05e6c729828fbb40e
f1fe8a76db92bc9bd3f9d70f3867f03d51ebbae5
eb9fe798331b592bd8fc54d5ede3ac19e961b5aa7c2dffb3dbb17ce5fcb88e01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/bootstrap-mini.css HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/css
Content-Length: 10214
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "f0a842b8b8a52bb05e6c729828fbb40e"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EE3CF59A79
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#911577422/gid:0/gname:root/mode:33279/mtime:1653412343#213095000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:23.213095Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/font-awesome-mini.css

185.155.186.25

200 OK

1.9 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/font-awesome-mini.css
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
ASCII text, with very long lines (1857), with no line terminators
Size
1.9 kB (1857 bytes)
Hash
8b2fe9dcd9e31f21056ebc3d6667123c
49e6a844f0085d9f653faab8a451742be82ecdf7
e7eb3ba41e31f5d9710bb64a87a5e9e7664143a95f68d0f357fe0d4252bb58d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/font-awesome-mini.css HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/css
Content-Length: 1857
Connection: keep-alive
ETag: "8b2fe9dcd9e31f21056ebc3d6667123c"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EE3BAA898F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#300024630/gid:0/gname:root/mode:33279/mtime:1653412350#393111000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:30.393111Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/2.js

185.155.186.25

200 OK

15 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/2.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (15146), with no line terminators
Size
15 kB (15146 bytes)
Hash
0bddd3bcca2df107ca5b8187b8e2a3f8
8bb441d73dfd233f8db6bbaffc2b0227a329a0f7
03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/2.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 15146
Connection: keep-alive
ETag: "0bddd3bcca2df107ca5b8187b8e2a3f8"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EE6A4941EF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806892#746902194/gid:0/gname:root/mode:33188/mtime:1708809290#939090444/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.967Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/3.js

185.155.186.25

200 OK

15 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/3.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (14971), with no line terminators
Size
15 kB (14971 bytes)
Hash
55bab18cf6adc22fc3d91e30c20ce0e6
0f18ff18d3db09841c930241460d61bc136e5a34
b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/3.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 14971
Connection: keep-alive
ETag: "55bab18cf6adc22fc3d91e30c20ce0e6"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09D731F41863
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#30902711/gid:0/gname:root/mode:33188/mtime:1708809291#171090831/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.198Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/main-like.css

185.155.186.25

200 OK

7.2 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/main-like.css
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
ASCII text, with very long lines (7181), with no line terminators
Size
7.2 kB (7181 bytes)
Hash
30d4bbfa0a8fa6727a9edb23be989598
39bc311daad791b9c7377e11fbb6f9b24c6b3d46
f2ead250f003ad44fad41af0a1554922e31ab930fa86d90a8f2df62c048c2843

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/main-like.css HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/css
Content-Length: 7181
Connection: keep-alive
ETag: "30d4bbfa0a8fa6727a9edb23be989598"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EE48644DE4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223406#63752192/gid:0/gname:root/mode:33279/mtime:1653412366#569146000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:46.569146Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/1.js

185.155.186.25

200 OK

12 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/1.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (12181), with no line terminators
Size
12 kB (12181 bytes)
Hash
4c0b32d32b0b7317afb94deba5cabeac
ee478251de9e6c4046a72ae0dff93ba1ac06c85a
b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/1.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 12181
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4c0b32d32b0b7317afb94deba5cabeac"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EE54C6AC90
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806892#370901510/gid:0/gname:root/mode:33279/mtime:1708809290#731090096/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.756Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/no/8.js

185.155.186.25

200 OK

1.2 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/no/8.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
Unicode text, UTF-8 text
Size
1.2 kB (1242 bytes)
Hash
dbdb981f8658c845968ec8226f81d1d8
d679b7bf47f71cd55b6c307cf96146a95660d667
5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/no/8.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 20 Sep 2023 15:23:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0AE6E8F28480
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#312024668/gid:0/gname:root/mode:33279/mtime:1653412375#277166000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:55.277166Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/4.js

185.155.186.25

200 OK

5.8 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/4.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (5828), with no line terminators
Size
5.8 kB (5828 bytes)
Hash
8c7a2e36533feed8cd5fbca8b8f91114
854cdef22953f1eab3d94eb6b421c433ad34f4c7
f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/4.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: application/javascript
Content-Length: 5828
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8c7a2e36533feed8cd5fbca8b8f91114"
Last-Modified: Mon, 20 Feb 2023 09:33:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EEC91C1CF9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#911577422/gid:0/gname:root/mode:33279/mtime:1653412338#153083000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.153083Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/5.js

185.155.186.25

200 OK

12 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/5.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (11920), with no line terminators
Size
12 kB (11920 bytes)
Hash
de362f15f5232df7747f7e741f587fcd
6353ff9bb0db73da818f1bc7250866f3d56bc8f8
e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/5.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 11920
Connection: keep-alive
ETag: "de362f15f5232df7747f7e741f587fcd"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EEC6D45F3A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#798904105/gid:0/gname:root/mode:33279/mtime:1708809291#359091145/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.387Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/7.js

185.155.186.25

200 OK

7.9 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/7.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (7936), with no line terminators
Size
7.9 kB (7936 bytes)
Hash
114f0be35fbff35e205c5f0bc146d864
dad256468614b8bb885233a71b31751edc222c5d
7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/7.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 7936
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "114f0be35fbff35e205c5f0bc146d864"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EECC0CEC0A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806894#614905586/gid:0/gname:root/mode:33279/mtime:1708809291#543091452/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.568Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/jquery.min.js

185.155.186.25

200 OK

87 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/jquery.min.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/jquery.min.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: application/javascript
Content-Length: 86659
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c9f5aeeca3ad37bf2aa006139b935f0a"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EE4B292917
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412360#809134000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.809134Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/u.js

185.155.186.25

200 OK

24 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/u.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (24389), with no line terminators
Size
24 kB (24389 bytes)
Hash
89ed4b592ab506a6fca18e95657dfc4f
179998ad5741d669e75521fb943850a808917924
4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/u.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 24389
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "89ed4b592ab506a6fca18e95657dfc4f"
Last-Modified: Sun, 25 Feb 2024 11:59:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09D71E425E3F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809189#0/gid:0/gname:root/mode:33188/mtime:1708862369#235249424/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-25T11:59:29.279Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/6.js

185.155.186.25

200 OK

29 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/6.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JavaScript source, ASCII text, with very long lines (28941)
Size
29 kB (29110 bytes)
Hash
ba847811448ef90d98d272aeccef2a95
5814e91bb6276f4de8b7951c965f2f190a03978d
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/6.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 29110
Connection: keep-alive
ETag: "ba847811448ef90d98d272aeccef2a95"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EEC91D711E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223404#223748054/gid:0/gname:root/mode:33279/mtime:1653412338#597084000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.597084Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img1.jpg

185.155.186.25

200 OK

1.3 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img1.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.3 kB (1315 bytes)
Hash
c3c59916d3b4977017c89125dc42b664
c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img1.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A103ADCB829
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412354#865120000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.86512Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

xcycle.ro/wp-content/uploads/2017/04/DSCF4072-min.jpg

185.92.194.160

329 kB

URL
xcycle.ro/wp-content/uploads/2017/04/DSCF4072-min.jpg
IP
185.92.194.160:0
ASN
#44043 H88 Web Hosting S.r.l.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 5813x3875, components 3
Size
329 kB (328780 bytes)
Hash
62b3937cbcd3eeaa06569b6bf477ca92
cc53823b5eff8a4fb23b63c16325641c9ac385c9
93bb09e0705cc1c318e1dea2adb8c2ebc20ae1c7175f3362f7988e719687869c

HTTP Headers

GET /wp-content/uploads/2017/04/DSCF4072-min.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Thu, 13 Jul 2017 10:54:31 GMT
accept-ranges: bytes
content-length: 841904
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img3.jpg

185.155.186.25

200 OK

2.3 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img3.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.3 kB (2336 bytes)
Hash
5edf4db493423ac10c72a27ad5c4a618
5c535d00eaeaa725b39e3e1167a12de5bd66a1f2
a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img3.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A104BBA7066
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#363750618/gid:0/gname:root/mode:33279/mtime:1653412355#109121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.109121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/iphone15pro.png

185.155.186.25

200 OK

46 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/iphone15pro.png
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
PNG image data, 300 x 351, 8-bit colormap, non-interlaced
Size
46 kB (46124 bytes)
Hash
901fdfedb54cf1297edd1de54a893cf8
c9cd3908f28908392b45e1a54e7b350993eee53c
f30ac8920f3a3ab6621abad202e015353d46b61233549dfabe927234a9a5b3c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/iphone15pro.png HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/png
Content-Length: 46124
Connection: keep-alive
ETag: "901fdfedb54cf1297edd1de54a893cf8"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EF006859B2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1697145024#950103503/gid:0/gname:root/mode:33188/mtime:1697144761#0/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2023-10-12T21:06:01Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img6.jpg

185.155.186.25

200 OK

2.1 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img6.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.1 kB (2143 bytes)
Hash
f48aa7778890400e3be6131e64cd4236
9341d039b9f7de4eac9070c36fecac2772cc1ba0
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img6.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A105B33A979
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#383750663/gid:0/gname:root/mode:33279/mtime:1653412355#293121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.293121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img4.jpg

185.155.186.25

200 OK

1.2 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img4.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.2 kB (1169 bytes)
Hash
a848711320a9df61e6457f65b0dfa9fb
68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img4.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE0A104E3833C8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#181121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.181121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img5.jpg

185.155.186.25

200 OK

2.0 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img5.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.0 kB (2037 bytes)
Hash
6d02d5cf49120718501b9a6629290c48
a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1
84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img5.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A105B058932
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#241121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.241121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img9.jpg

185.155.186.25

200 OK

1.4 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img9.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
Size
1.4 kB (1374 bytes)
Hash
a2dbd5c25807fbad37aceb676e90cd66
6972c6df94b50dd66111d5a555bdf2907b6f3e7e
6592c5497d79980109ee577663beac8d709726a63329f893775f89083cc8858e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img9.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
ETag: "a2dbd5c25807fbad37aceb676e90cd66"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A10618E2473
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#461122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.461122Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img8.jpg

185.155.186.25

200 OK

1.6 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img8.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.6 kB (1608 bytes)
Hash
5da3831556c780010e0e5c5b967e43ce
574623afde349258b91d44849ef16d483b61e223
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img8.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A105F86BF95
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#395750690/gid:0/gname:root/mode:33279/mtime:1653412355#405122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.405122Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img7.jpg

185.155.186.25

200 OK

2.3 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img7.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.3 kB (2264 bytes)
Hash
7364bf39dcf0941d3a1760e46a562710
a358405162193128cceae8551e14648798bd4254
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img7.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE0A105FF22935
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#349122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.349122Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/logo_f01.png

185.155.186.25

200 OK

6.8 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/logo_f01.png
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
PNG image data, 130 x 126, 8-bit colormap, non-interlaced
Size
6.8 kB (6763 bytes)
Hash
192b810ba6ed4b80611aef274d85948d
2835cc503efcd77d03613293dbc33c4cc7b6b5b9
91e5c1968eee9298437a097fd47978a077d667e086593ab0fd7988ef60d2ddf4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/logo_f01.png HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/png
Content-Length: 6763
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "192b810ba6ed4b80611aef274d85948d"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09D71F68CF5C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412365#157143000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:45.157143Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img11.jpg

185.155.186.25

200 OK

1.6 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img11.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
Size
1.6 kB (1610 bytes)
Hash
14ca7a7e1bb1db7a31af7c44a0ae9062
7293947d75065f3def42439f32138127d605bc8f
d8d2b0e0baad97e943838712911352a8c9dd0d5bf2114e78c3d1649bcc0d634a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img11.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1610
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "14ca7a7e1bb1db7a31af7c44a0ae9062"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE0A106DD7B6AF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412354#997121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.997121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img10.jpg

185.155.186.25

200 OK

1.5 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img10.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3
Size
1.5 kB (1506 bytes)
Hash
0d0f29abfcedc7dfffe3811a5100a6cd
19567e85aab4fd05d752cfa86f88087465042b0a
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img10.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A106B50DF12
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#347750582/gid:0/gname:root/mode:33279/mtime:1653412354#925121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.925121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/media/mainstream/us/wap/mobsurvey/ff.png

185.155.186.25

200 OK

11 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/us/wap/mobsurvey/ff.png
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
PNG image data, 245 x 253, 8-bit colormap, non-interlaced
Size
11 kB (10691 bytes)
Hash
2f5710ee40aba475e1d0cd9c9c953407
93ac36daaed5f1b86a2f301faddca673393996aa
38450abe3fe9fdc0c5c281fa3bc6532f9ffcd7632d6924f154444fba265a39f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/us/wap/mobsurvey/ff.png HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/png
Content-Length: 10691
Connection: keep-alive
ETag: "2f5710ee40aba475e1d0cd9c9c953407"
Last-Modified: Tue, 21 Nov 2023 12:30:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0AE70AE5ECD8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695324012#424606891/gid:0/gname:root/mode:33279/mtime:1655387479#482644706/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:51:19.482644706Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weapkd4.hellsixfirm.live/favicon.ico

185.155.186.25

204 No Content

0 B

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/favicon.ico
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Connection: keep-alive

weapkd4.hellsixfirm.live/media/mainstream/alert.mp3

185.155.186.25

200 OK

8.8 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/alert.mp3
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural
Size
8.8 kB (8802 bytes)
Hash
6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/alert.mp3 HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09D7C073EAC0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695324533#997523934/gid:0/gname:root/mode:33279/mtime:1655387452#802583242/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.802583242Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

jsontdsexit2.com/ExtService.svc/getextparams

136.243.216.235

200 OK

537 B

URL GET HTTP/2
jsontdsexit2.com/ExtService.svc/getextparams
IP
136.243.216.235:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjectjsontdsexit2.com
Fingerprint48:31:DD:61:15:18:42:C5:25:8C:3D:8D:29:32:35:54:12:C1:59:1C
ValidityTue, 19 Mar 2024 13:03:39 GMT - Mon, 17 Jun 2024 13:03:38 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (628), with no line terminators
Size
537 B (537 bytes)
Hash
f0ff9519ad22b8b518b843ffb173ccc7
2a756d59ca73ebca175cfe427486b7c2b7c18b2f
bfc8dedb9d5109a40b1efa76f59438c1e54993399d2a8a01aff0c1a46d7574a5

HTTP Headers

GET /ExtService.svc/getextparams HTTP/1.1
Host: jsontdsexit2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://weapkd4.hellsixfirm.live
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 05:54:55 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

weapkd4.hellsixfirm.live/media/mainstream/all/mb/img2.jpg

185.155.186.25

200 OK

1.3 kB

URL GET HTTP/1.1
weapkd4.hellsixfirm.live/media/mainstream/all/mb/img2.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjecthellsixfirm.live
Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9
ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.3 kB (1297 bytes)
Hash
92b944714cea3e478a8e50dea1a80b26
f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img2.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE0A104D5B3522
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#53121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.053121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML