| xcycle.ro/ | 185.92.194.160 | | 5.8 kB |
IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1173) Hasha229650d6043cb37943ecb113ed6f1e6 54b0c153fe19ac09f26539fb4360ddc7ec11f7ca fad67128cc550b3f7e60dadf1e14a17562c346795704165761fe1044503a61cd
GET / HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
expires: Mon, 29 Oct 1923 20:30:00 GMT
content-type: text/html
last-modified: Fri, 10 May 2024 00:42:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5824
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
pragma: no-cache
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
|
|
| xcycle.ro/wp-content/cache/wpfc-minified/d4e8jdvg/dworq.css | 185.92.194.160 | | 31 kB |
URL xcycle.ro/wp-content/cache/wpfc-minified/d4e8jdvg/dworq.css IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeASCII text, with very long lines (53408) Hashf5f3eda5d71c19bfd6c15fb1e20fef0d 884d3c4d8d0e40f7af17102d28cfe449a34e015f b62896c373ece8f9c6f83ed7fd793fdfaa65d1ad38ce6e2053fa533cfd386613
GET /wp-content/cache/wpfc-minified/d4e8jdvg/dworq.css HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/css
last-modified: Fri, 03 May 2024 18:14:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 31273
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
|
|
| xcycle.ro/wp-content/cache/wpfc-minified/1pu6tj5q/dworq.css | 185.92.194.160 | | 65 kB |
URL xcycle.ro/wp-content/cache/wpfc-minified/1pu6tj5q/dworq.css IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeASCII text, with very long lines (65536), with no line terminators Hash504fdb28049a0e2edf2e88a467f6087e c5d9b200a95a1149e6a62883ba9a92b7af1b62e6 2499de680b03f2b6954d3f62d04d3883c39b9a810c51a44b3a721f036431a19b
GET /wp-content/cache/wpfc-minified/1pu6tj5q/dworq.css HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/css
last-modified: Fri, 03 May 2024 18:14:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 65085
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/cache/wpfc-minified/df1n3iuj/dworq.js | 185.92.194.160 | | 36 kB |
URL xcycle.ro/wp-content/cache/wpfc-minified/df1n3iuj/dworq.js IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJavaScript source, ASCII text, with very long lines (31997) Hash8ff29a42f37c17fde8f2526fa82dcfd1 40ea36967fb23a047c946623ca729b7ffb7edc50 fb13877d2d24e932eba67c467bb167adb0808cdc189780cb51f29179be669d76
GET /wp-content/cache/wpfc-minified/df1n3iuj/dworq.js HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Fri, 03 May 2024 18:14:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 36272
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.9 | 185.92.194.160 | | 3.8 kB |
URL xcycle.ro/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.9 IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJavaScript source, ASCII text Hasheea94f6013d8a939c0b4ace7753afe6e df8fa5affa60932e9aa1cfbda370c0c1bb3b380f 72ebfeb1ce24b152349b7a231f6fc29ff2a2b7a5ede91dcdb80d6b9de1779046
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.9 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Wed, 20 May 2020 09:20:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3788
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/themes/bezel-wp/assets/js/bundle.js?ver=5.4.15 | 185.92.194.160 | | 51 kB |
URL xcycle.ro/wp-content/themes/bezel-wp/assets/js/bundle.js?ver=5.4.15 IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJavaScript source, ASCII text, with very long lines (32033) Hashd5571b11da31d9b73af890099a5192b0 0f48a1c1332d779d3ee419c3db2ed6fc8a3af2fd ca960e663413fc409a0799fd2d0f29ef483ba0d1c91905f410460f0bcc7c75a2
GET /wp-content/themes/bezel-wp/assets/js/bundle.js?ver=5.4.15 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Thu, 13 Jul 2017 10:03:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 50883
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/themes/bezel-wp/assets/js/main.js?ver=5.4.15 | 185.92.194.160 | | 8.7 kB |
URL xcycle.ro/wp-content/themes/bezel-wp/assets/js/main.js?ver=5.4.15 IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJavaScript source, ASCII text Hasha05b994cc4f42bead31396eb725c3f68 72a27452987fc316ceb3254f91c8f5fb7840acb5 38b948a0c4b4f1b71237abce6e434fe1c62249eb93b6ba131db0762fb23ac965
GET /wp-content/themes/bezel-wp/assets/js/main.js?ver=5.4.15 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Thu, 13 Jul 2017 10:03:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8700
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/themes/bezel-wp/assets/js/SmoothScroll.js?ver=5.4.15 | 185.92.194.160 | | 6.1 kB |
URL xcycle.ro/wp-content/themes/bezel-wp/assets/js/SmoothScroll.js?ver=5.4.15 IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJavaScript source, ASCII text Hashd6dfd672b2f1882f0aa71a3a7da1d4d3 ac3b3ba7e442a0376d234fd3efcecea2c970cfe2 408f6a591cc42a66f1e93446574216775b89adac895c5958554c11d491d0e403
GET /wp-content/themes/bezel-wp/assets/js/SmoothScroll.js?ver=5.4.15 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Thu, 13 Jul 2017 10:03:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6092
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-includes/js/wp-embed.min.js?ver=5.4.15 | 185.92.194.160 | | 702 B |
URL xcycle.ro/wp-includes/js/wp-embed.min.js?ver=5.4.15 IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJavaScript source, ASCII text, with very long lines (1443) Hash7c5c36baa69fcdb57bd891cda90920b3 9d8b3df7a4fa2968403290d69a60b2eab20734f5 6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd
GET /wp-includes/js/wp-embed.min.js?ver=5.4.15 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Tue, 16 May 2023 22:57:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 702
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.1 | 185.92.194.160 | | 5.6 kB |
URL xcycle.ro/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.1 IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJavaScript source, ASCII text, with very long lines (20382), with CRLF line terminators Hashfea4eded7edf91c43a2759c42829bd54 5a5bae135844dd8d12339bebc7a7debb1e8280b9 5cf22edb786e22fc2819d22e0fe2c1f5eb88c3e172ce3c1b9b6e463ee5788938
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.1 HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: text/javascript
last-modified: Sat, 23 May 2020 15:39:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5550
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| maps.google.com/maps/api/js?ver=5.4.15 | 142.250.74.46 | | 69 kB |
URL maps.google.com/maps/api/js?ver=5.4.15 IP142.250.74.46:0
File typeJavaScript source, ASCII text, with very long lines (10223) Hash135a332bac024e3ca900330258cc7e6b c2621977fb124a60f833097194f0d33cf947f241 97cfbc8b7c895afeea9901e99c96236dafc93313cc734c66f33d79349baeae3b
GET /maps/api/js?ver=5.4.15 HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
timing-allow-origin: *
vary: Accept-Language, Origin, X-Origin, Referer
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=1800
content-encoding: gzip
date: Fri, 10 May 2024 05:54:52 GMT
server: scaffolding on HTTPServer2
content-length: 69173
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| xcycle.ro/wp-content/uploads/2017/04/csm_DTP_2280_5953bb72aa.jpg | 185.92.194.160 | | 251 kB |
URL xcycle.ro/wp-content/uploads/2017/04/csm_DTP_2280_5953bb72aa.jpg IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1440x962, components 3 Size251 kB (250712 bytes) Hashdea03c6ab8bfb98fd9f0cb346b2a58fb c9c065f37496f192bef2462933e53aab8673081f f5eb5597cf6efc661dca65d9ba739ddde0f31ade6f8a09996a25dace7a5c9713
GET /wp-content/uploads/2017/04/csm_DTP_2280_5953bb72aa.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Mon, 24 Jul 2017 08:32:29 GMT
accept-ranges: bytes
content-length: 250712
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/uploads/2021/05/xc2-2.png | 185.92.194.160 | | 956 kB |
URL xcycle.ro/wp-content/uploads/2021/05/xc2-2.png IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typePNG image data, 1440 x 962, 8-bit/color RGB, non-interlaced Size956 kB (955669 bytes) Hasha1b5a069728ecccf9fc67862f943e132 5599e57bb64f873dcee193069f9237331ad10b29 4723249d33e58e52cb8895a618e58979192da06335376c8136d4cbd8ab9e6fa2
GET /wp-content/uploads/2021/05/xc2-2.png HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/png
last-modified: Thu, 13 May 2021 12:25:54 GMT
accept-ranges: bytes
content-length: 955669
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| apidevst.com/uaWfhCZHOIRqgm3sQA8R2hSloaaytLgjqevq-GkCZvoF | 31.184.253.65 | | 30 kB |
URL apidevst.com/uaWfhCZHOIRqgm3sQA8R2hSloaaytLgjqevq-GkCZvoF IP31.184.253.65:0 ASN#49505 OOO Network of data-centers Selectel
File typeJavaScript source, ASCII text, with very long lines (65451) Hash109b91ff7517aa467e47b01c494fe699 4d37cddd9d75fd30d4a2b6305696232f00fbd071 37d9ff26000718d31b72fd222f3ff72b5187415bc626ed557c1c1feaf6d22061
Analyzer | Verdict | Alert | ThreatFox | malicious | FAKEUPDATES | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /uaWfhCZHOIRqgm3sQA8R2hSloaaytLgjqevq-GkCZvoF HTTP/1.1
Host: apidevst.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 05:54:53 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Expires: Fri, 10 May 2024 05:54:53 GMT
Set-Cookie: _subid=376l60jm97o9b; expires=Mon, 10 Jun 2024 05:54:53 GMT; path=/
7e4fc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjUxMzZcIjoxNzE1MzIwNDkzLFwiNTE0M1wiOjE3MTUzMjA0OTN9LFwiY2FtcGFpZ25zXCI6e1wiMjUzXCI6MTcxNTMyMDQ5MyxcIjI1NFwiOjE3MTUzMjA0OTN9LFwidGltZVwiOjE3MTUzMjA0OTN9In0.ibxVnfDF3GuLl5NCYKEGotSn13avBH-L2NiUQwYJkO0; expires=Tue, 20 Sep 2078 11:49:46 GMT; path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| xcycle.ro/wp-content/uploads/2017/05/csm_802000-large-01-14_b94d5a05db.jpg | 185.92.194.160 | | 91 kB |
URL xcycle.ro/wp-content/uploads/2017/05/csm_802000-large-01-14_b94d5a05db.jpg IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1440x912, components 3 Hashfac1d7d915cbc43d5339fba9ef202315 d95776246d353d59eb57bd719362cf20dac31e87 e23625778fea657974ce0fe5343f5b2c76e9adb767c60bc698f4c5b0c7eef57f
GET /wp-content/uploads/2017/05/csm_802000-large-01-14_b94d5a05db.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Tue, 25 Jul 2017 10:03:47 GMT
accept-ranges: bytes
content-length: 90583
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/uploads/2017/05/csm_801001-large-01-14_9ea09af516.jpg | 185.92.194.160 | | 95 kB |
URL xcycle.ro/wp-content/uploads/2017/05/csm_801001-large-01-14_9ea09af516.jpg IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1440x912, components 3 Hash19b94e87ba45b3aba6f077f5e2693bce 2b42d414aae86b3c71d86777acfe901f4eb55d07 643688a5154442464806e3522f0ba660fe56c5baf3e4209f195bad9b23767cd7
GET /wp-content/uploads/2017/05/csm_801001-large-01-14_9ea09af516.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Tue, 25 Jul 2017 10:09:57 GMT
accept-ranges: bytes
content-length: 94781
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/uploads/2017/07/2.png | 185.92.194.160 | | 12 kB |
URL xcycle.ro/wp-content/uploads/2017/07/2.png IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typePNG image data, 200 x 84, 8-bit/color RGBA, non-interlaced Hash4b561ae615b11356c58313a05cfa6ab8 264da4fb4f2e1fdfff7c3fe0a5744198bcd22f5c 6d8299416307854ac4715df15828fa8aa81211f37029cc4a90c4ce2e08ebb246
GET /wp-content/uploads/2017/07/2.png HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/png
last-modified: Thu, 13 Jul 2017 11:00:45 GMT
accept-ranges: bytes
content-length: 12355
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/uploads/2017/07/light.png | 185.92.194.160 | | 9.9 kB |
URL xcycle.ro/wp-content/uploads/2017/07/light.png IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typePNG image data, 200 x 84, 8-bit/color RGBA, non-interlaced Hashd651f396de4639b283b25f520c7e9814 90d6c917dce7bf2b4aa3e4d69c212fea95e91f76 4e54445e220011fafbe105cdeff8613a855b39cc776b6d533a543fd49a59de88
GET /wp-content/uploads/2017/07/light.png HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/png
last-modified: Wed, 26 Jul 2017 10:15:55 GMT
accept-ranges: bytes
content-length: 9881
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/uploads/2017/07/dark.png | 185.92.194.160 | | 12 kB |
URL xcycle.ro/wp-content/uploads/2017/07/dark.png IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typePNG image data, 200 x 84, 8-bit/color RGBA, non-interlaced Hashcf881524ea684b27af9db94d47c94b2d 575a363a4801b0fe201beee27fdb5b8d853c00b9 772fbc481aab6d541a1dc9e3a898d0cce999b36d4c5622ad5c4fa6557a51849d
GET /wp-content/uploads/2017/07/dark.png HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/png
last-modified: Wed, 26 Jul 2017 10:16:04 GMT
accept-ranges: bytes
content-length: 11800
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| xcycle.ro/wp-content/uploads/2017/04/DSCF4076-min.jpg | 185.92.194.160 | | 921 kB |
URL xcycle.ro/wp-content/uploads/2017/04/DSCF4076-min.jpg IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 6000x4000, components 3 Size921 kB (920596 bytes) Hashf5b7bad9f37e480a9956d42aaa4dd613 79656f91af39d9a0c5ea1a3aff8411eda81e64f5 b07d4ffce30ea3ded8e3f033e9cbd29d558504fb9b0bfdfdd0e94730e842cedc
GET /wp-content/uploads/2017/04/DSCF4076-min.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Thu, 13 Jul 2017 10:22:56 GMT
accept-ranges: bytes
content-length: 920596
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| gainscoreprize.life/?u=4dkpaew&o=81yk607&t=offerms | 185.155.184.32 | 200 OK | 63 kB |
URL User Request GET HTTP/1.1gainscoreprize.life/?u=4dkpaew&o=81yk607&t=offerms IP185.155.184.32:443
CertificateIssuerLet's Encrypt Subjectgainscoreprize.life FingerprintD7:09:53:E2:0E:98:A1:06:57:AF:33:F1:68:82:73:7A:6B:25:36:92 ValidityMon, 22 Apr 2024 12:31:22 GMT - Sun, 21 Jul 2024 12:31:21 GMT
File typeHTML document, ASCII text, with very long lines (47858), with CRLF line terminators Hash279fe38c6aeff8d22ab5e6bd6823be0b 6926c7f9a5f50fda037593bb413d326967e17181 73b42a585fd37d4df85501c662038b7978890de0673e646d167f4a10a49500d7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?u=4dkpaew&o=81yk607&t=offerms HTTP/1.1
Host: gainscoreprize.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 05:54:53 GMT
Content-Type: text/html
Content-Length: 62695
Connection: keep-alive
set-cookie: sid=t2~hhiok1sfx0hc10qfw04gx0en; path=/
sid=t2~hhiok1sfx0hc10qfw04gx0en; path=/
p1=https://hellsixfirm.live/uxsvyhae/; path=/
s1=p6ieewibpw24neyi; path=/
cache-control: private, no-transform
|
|
| gainscoreprize.life/favicon.ico | 185.155.184.32 | | 0 B |
URL gainscoreprize.life/favicon.ico IP185.155.184.32:0
CertificateIssuerLet's Encrypt Subjectgainscoreprize.life FingerprintD7:09:53:E2:0E:98:A1:06:57:AF:33:F1:68:82:73:7A:6B:25:36:92 ValidityMon, 22 Apr 2024 12:31:22 GMT - Sun, 21 Jul 2024 12:31:21 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: gainscoreprize.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gainscoreprize.life/?u=4dkpaew&o=81yk607&t=offerms
Cookie: sid=t2~hhiok1sfx0hc10qfw04gx0en; p1=https://hellsixfirm.live/uxsvyhae/; s1=p6ieewibpw24neyi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 10 May 2024 05:54:54 GMT
Connection: keep-alive
Cache-Control: no-transform
|
|
| weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D | 185.155.186.25 | 200 OK | 17 kB |
URL User Request GET HTTP/1.1weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D IP185.155.186.25:443
CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeHTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (562) Hash6dd67067c16fded41ff42ca58e35b446 b093426799194dfce800d045fdfd2f6064f5ba8c e64a5d93584ff1f2ca073e95c0bb3dc25128414d42d49b63e7c30400f1dc06c4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gainscoreprize.life/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/html
Content-Length: 16903
Connection: keep-alive
cache-control: private
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/bootstrap-mini.css | 185.155.186.25 | 200 OK | 10 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/bootstrap-mini.css IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeASCII text, with very long lines (571), with CRLF line terminators Hashf0a842b8b8a52bb05e6c729828fbb40e f1fe8a76db92bc9bd3f9d70f3867f03d51ebbae5 eb9fe798331b592bd8fc54d5ede3ac19e961b5aa7c2dffb3dbb17ce5fcb88e01
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/bootstrap-mini.css HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/css
Content-Length: 10214
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "f0a842b8b8a52bb05e6c729828fbb40e"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EE3CF59A79
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#911577422/gid:0/gname:root/mode:33279/mtime:1653412343#213095000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:23.213095Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/font-awesome-mini.css | 185.155.186.25 | 200 OK | 1.9 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/font-awesome-mini.css IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeASCII text, with very long lines (1857), with no line terminators Hash8b2fe9dcd9e31f21056ebc3d6667123c 49e6a844f0085d9f653faab8a451742be82ecdf7 e7eb3ba41e31f5d9710bb64a87a5e9e7664143a95f68d0f357fe0d4252bb58d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/font-awesome-mini.css HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/css
Content-Length: 1857
Connection: keep-alive
ETag: "8b2fe9dcd9e31f21056ebc3d6667123c"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EE3BAA898F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#300024630/gid:0/gname:root/mode:33279/mtime:1653412350#393111000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:30.393111Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/2.js | 185.155.186.25 | 200 OK | 15 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/2.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (15146), with no line terminators Hash0bddd3bcca2df107ca5b8187b8e2a3f8 8bb441d73dfd233f8db6bbaffc2b0227a329a0f7 03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/2.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 15146
Connection: keep-alive
ETag: "0bddd3bcca2df107ca5b8187b8e2a3f8"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EE6A4941EF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806892#746902194/gid:0/gname:root/mode:33188/mtime:1708809290#939090444/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.967Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/3.js | 185.155.186.25 | 200 OK | 15 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/3.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (14971), with no line terminators Hash55bab18cf6adc22fc3d91e30c20ce0e6 0f18ff18d3db09841c930241460d61bc136e5a34 b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/3.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 14971
Connection: keep-alive
ETag: "55bab18cf6adc22fc3d91e30c20ce0e6"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09D731F41863
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#30902711/gid:0/gname:root/mode:33188/mtime:1708809291#171090831/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.198Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/main-like.css | 185.155.186.25 | 200 OK | 7.2 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/main-like.css IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeASCII text, with very long lines (7181), with no line terminators Hash30d4bbfa0a8fa6727a9edb23be989598 39bc311daad791b9c7377e11fbb6f9b24c6b3d46 f2ead250f003ad44fad41af0a1554922e31ab930fa86d90a8f2df62c048c2843
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/main-like.css HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/css
Content-Length: 7181
Connection: keep-alive
ETag: "30d4bbfa0a8fa6727a9edb23be989598"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EE48644DE4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223406#63752192/gid:0/gname:root/mode:33279/mtime:1653412366#569146000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:46.569146Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/1.js | 185.155.186.25 | 200 OK | 12 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/1.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (12181), with no line terminators Hash4c0b32d32b0b7317afb94deba5cabeac ee478251de9e6c4046a72ae0dff93ba1ac06c85a b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/1.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 12181
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4c0b32d32b0b7317afb94deba5cabeac"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EE54C6AC90
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806892#370901510/gid:0/gname:root/mode:33279/mtime:1708809290#731090096/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.756Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/no/8.js | 185.155.186.25 | 200 OK | 1.2 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/no/8.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
Hashdbdb981f8658c845968ec8226f81d1d8 d679b7bf47f71cd55b6c307cf96146a95660d667 5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/no/8.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 20 Sep 2023 15:23:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0AE6E8F28480
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#312024668/gid:0/gname:root/mode:33279/mtime:1653412375#277166000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:55.277166Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/4.js | 185.155.186.25 | 200 OK | 5.8 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/4.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (5828), with no line terminators Hash8c7a2e36533feed8cd5fbca8b8f91114 854cdef22953f1eab3d94eb6b421c433ad34f4c7 f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/4.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: application/javascript
Content-Length: 5828
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8c7a2e36533feed8cd5fbca8b8f91114"
Last-Modified: Mon, 20 Feb 2023 09:33:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EEC91C1CF9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#911577422/gid:0/gname:root/mode:33279/mtime:1653412338#153083000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.153083Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/5.js | 185.155.186.25 | 200 OK | 12 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/5.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (11920), with no line terminators Hashde362f15f5232df7747f7e741f587fcd 6353ff9bb0db73da818f1bc7250866f3d56bc8f8 e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/5.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 11920
Connection: keep-alive
ETag: "de362f15f5232df7747f7e741f587fcd"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EEC6D45F3A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#798904105/gid:0/gname:root/mode:33279/mtime:1708809291#359091145/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.387Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/7.js | 185.155.186.25 | 200 OK | 7.9 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/7.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (7936), with no line terminators Hash114f0be35fbff35e205c5f0bc146d864 dad256468614b8bb885233a71b31751edc222c5d 7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/7.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 7936
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "114f0be35fbff35e205c5f0bc146d864"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EECC0CEC0A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806894#614905586/gid:0/gname:root/mode:33279/mtime:1708809291#543091452/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.568Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/jquery.min.js | 185.155.186.25 | 200 OK | 87 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/jquery.min.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (32058) Hashc9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jquery.min.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: application/javascript
Content-Length: 86659
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c9f5aeeca3ad37bf2aa006139b935f0a"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09EE4B292917
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412360#809134000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.809134Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/u.js | 185.155.186.25 | 200 OK | 24 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/u.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (24389), with no line terminators Hash89ed4b592ab506a6fca18e95657dfc4f 179998ad5741d669e75521fb943850a808917924 4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/u.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 24389
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "89ed4b592ab506a6fca18e95657dfc4f"
Last-Modified: Sun, 25 Feb 2024 11:59:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09D71E425E3F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809189#0/gid:0/gname:root/mode:33188/mtime:1708862369#235249424/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-25T11:59:29.279Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/6.js | 185.155.186.25 | 200 OK | 29 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/6.js IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJavaScript source, ASCII text, with very long lines (28941) Hashba847811448ef90d98d272aeccef2a95 5814e91bb6276f4de8b7951c965f2f190a03978d 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/6.js HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:54 GMT
Content-Type: text/javascript
Content-Length: 29110
Connection: keep-alive
ETag: "ba847811448ef90d98d272aeccef2a95"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EEC91D711E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223404#223748054/gid:0/gname:root/mode:33279/mtime:1653412338#597084000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.597084Z
Expires: Sat, 10 May 2025 05:54:54 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img1.jpg | 185.155.186.25 | 200 OK | 1.3 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img1.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3 Hashc3c59916d3b4977017c89125dc42b664 c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img1.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A103ADCB829
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412354#865120000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.86512Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| xcycle.ro/wp-content/uploads/2017/04/DSCF4072-min.jpg | 185.92.194.160 | | 329 kB |
URL xcycle.ro/wp-content/uploads/2017/04/DSCF4072-min.jpg IP185.92.194.160:0 ASN#44043 H88 Web Hosting S.r.l.
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 5813x3875, components 3 Size329 kB (328780 bytes) Hash62b3937cbcd3eeaa06569b6bf477ca92 cc53823b5eff8a4fb23b63c16325641c9ac385c9 93bb09e0705cc1c318e1dea2adb8c2ebc20ae1c7175f3362f7988e719687869c
GET /wp-content/uploads/2017/04/DSCF4072-min.jpg HTTP/1.1
Host: xcycle.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcycle.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=10368000
expires: max-age=A10368000, public
content-type: image/jpeg
last-modified: Thu, 13 Jul 2017 10:54:31 GMT
accept-ranges: bytes
content-length: 841904
date: Fri, 10 May 2024 05:54:51 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img3.jpg | 185.155.186.25 | 200 OK | 2.3 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img3.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, baseline, precision 8, 50x50, components 3 Hash5edf4db493423ac10c72a27ad5c4a618 5c535d00eaeaa725b39e3e1167a12de5bd66a1f2 a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img3.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A104BBA7066
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#363750618/gid:0/gname:root/mode:33279/mtime:1653412355#109121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.109121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/iphone15pro.png | 185.155.186.25 | 200 OK | 46 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/iphone15pro.png IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typePNG image data, 300 x 351, 8-bit colormap, non-interlaced Hash901fdfedb54cf1297edd1de54a893cf8 c9cd3908f28908392b45e1a54e7b350993eee53c f30ac8920f3a3ab6621abad202e015353d46b61233549dfabe927234a9a5b3c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/iphone15pro.png HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/png
Content-Length: 46124
Connection: keep-alive
ETag: "901fdfedb54cf1297edd1de54a893cf8"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09EF006859B2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1697145024#950103503/gid:0/gname:root/mode:33188/mtime:1697144761#0/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2023-10-12T21:06:01Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img6.jpg | 185.155.186.25 | 200 OK | 2.1 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img6.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, baseline, precision 8, 50x50, components 3 Hashf48aa7778890400e3be6131e64cd4236 9341d039b9f7de4eac9070c36fecac2772cc1ba0 388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img6.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A105B33A979
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#383750663/gid:0/gname:root/mode:33279/mtime:1653412355#293121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.293121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img4.jpg | 185.155.186.25 | 200 OK | 1.2 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img4.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3 Hasha848711320a9df61e6457f65b0dfa9fb 68a62a84d89f4f9e1e831a6cef920797c7f2e7d5 aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img4.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE0A104E3833C8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#181121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.181121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img5.jpg | 185.155.186.25 | 200 OK | 2.0 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img5.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, baseline, precision 8, 50x50, components 3 Hash6d02d5cf49120718501b9a6629290c48 a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1 84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img5.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A105B058932
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#241121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.241121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img9.jpg | 185.155.186.25 | 200 OK | 1.4 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img9.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hasha2dbd5c25807fbad37aceb676e90cd66 6972c6df94b50dd66111d5a555bdf2907b6f3e7e 6592c5497d79980109ee577663beac8d709726a63329f893775f89083cc8858e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img9.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
ETag: "a2dbd5c25807fbad37aceb676e90cd66"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A10618E2473
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#461122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.461122Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img8.jpg | 185.155.186.25 | 200 OK | 1.6 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img8.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3 Hash5da3831556c780010e0e5c5b967e43ce 574623afde349258b91d44849ef16d483b61e223 45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img8.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A105F86BF95
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#395750690/gid:0/gname:root/mode:33279/mtime:1653412355#405122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.405122Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img7.jpg | 185.155.186.25 | 200 OK | 2.3 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img7.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, baseline, precision 8, 50x50, components 3 Hash7364bf39dcf0941d3a1760e46a562710 a358405162193128cceae8551e14648798bd4254 ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img7.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE0A105FF22935
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#349122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.349122Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/logo_f01.png | 185.155.186.25 | 200 OK | 6.8 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/logo_f01.png IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typePNG image data, 130 x 126, 8-bit colormap, non-interlaced Hash192b810ba6ed4b80611aef274d85948d 2835cc503efcd77d03613293dbc33c4cc7b6b5b9 91e5c1968eee9298437a097fd47978a077d667e086593ab0fd7988ef60d2ddf4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/logo_f01.png HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/png
Content-Length: 6763
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "192b810ba6ed4b80611aef274d85948d"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE09D71F68CF5C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412365#157143000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:45.157143Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img11.jpg | 185.155.186.25 | 200 OK | 1.6 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img11.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hash14ca7a7e1bb1db7a31af7c44a0ae9062 7293947d75065f3def42439f32138127d605bc8f d8d2b0e0baad97e943838712911352a8c9dd0d5bf2114e78c3d1649bcc0d634a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img11.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1610
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "14ca7a7e1bb1db7a31af7c44a0ae9062"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE0A106DD7B6AF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412354#997121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.997121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img10.jpg | 185.155.186.25 | 200 OK | 1.5 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img10.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3 Hash0d0f29abfcedc7dfffe3811a5100a6cd 19567e85aab4fd05d752cfa86f88087465042b0a e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img10.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0A106B50DF12
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#347750582/gid:0/gname:root/mode:33279/mtime:1653412354#925121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.925121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/media/mainstream/us/wap/mobsurvey/ff.png | 185.155.186.25 | 200 OK | 11 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/us/wap/mobsurvey/ff.png IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typePNG image data, 245 x 253, 8-bit colormap, non-interlaced Hash2f5710ee40aba475e1d0cd9c9c953407 93ac36daaed5f1b86a2f301faddca673393996aa 38450abe3fe9fdc0c5c281fa3bc6532f9ffcd7632d6924f154444fba265a39f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/us/wap/mobsurvey/ff.png HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/png
Content-Length: 10691
Connection: keep-alive
ETag: "2f5710ee40aba475e1d0cd9c9c953407"
Last-Modified: Tue, 21 Nov 2023 12:30:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE0AE70AE5ECD8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695324012#424606891/gid:0/gname:root/mode:33279/mtime:1655387479#482644706/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:51:19.482644706Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weapkd4.hellsixfirm.live/favicon.ico | 185.155.186.25 | 204 No Content | 0 B |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/favicon.ico IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Connection: keep-alive
|
|
| weapkd4.hellsixfirm.live/media/mainstream/alert.mp3 | 185.155.186.25 | 200 OK | 8.8 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/alert.mp3 IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural Hash6d2d3da2ea28ace816fa4a138829dc18 606e0ec3d7fb05c69f16233cfe1ff0a0ee760505 d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/alert.mp3 HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE09D7C073EAC0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695324533#997523934/gid:0/gname:root/mode:33279/mtime:1655387452#802583242/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.802583242Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| jsontdsexit2.com/ExtService.svc/getextparams | 136.243.216.235 | 200 OK | 537 B |
URL GET HTTP/2jsontdsexit2.com/ExtService.svc/getextparams IP136.243.216.235:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjectjsontdsexit2.com Fingerprint48:31:DD:61:15:18:42:C5:25:8C:3D:8D:29:32:35:54:12:C1:59:1C ValidityTue, 19 Mar 2024 13:03:39 GMT - Mon, 17 Jun 2024 13:03:38 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (628), with no line terminators Hashf0ff9519ad22b8b518b843ffb173ccc7 2a756d59ca73ebca175cfe427486b7c2b7c18b2f bfc8dedb9d5109a40b1efa76f59438c1e54993399d2a8a01aff0c1a46d7574a5
GET /ExtService.svc/getextparams HTTP/1.1
Host: jsontdsexit2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://weapkd4.hellsixfirm.live
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 05:54:55 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| weapkd4.hellsixfirm.live/media/mainstream/all/mb/img2.jpg | 185.155.186.25 | 200 OK | 1.3 kB |
URL GET HTTP/1.1weapkd4.hellsixfirm.live/media/mainstream/all/mb/img2.jpg IP185.155.186.25:443
Requested byhttps://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint82:08:8F:0B:5D:9A:14:41:31:A9:00:4A:E1:B3:AA:FF:2E:36:65:B9 ValidityThu, 09 May 2024 05:02:53 GMT - Wed, 07 Aug 2024 05:02:52 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3 Hash92b944714cea3e478a8e50dea1a80b26 f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5 fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img2.jpg HTTP/1.1
Host: weapkd4.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weapkd4.hellsixfirm.live/uxsvyhae/?u=4dkpaew&o=81yk607&t=offerms&f=1&sid=t2~hhiok1sfx0hc10qfw04gx0en&fp=yp7jXVzCcNoTXPcyjnIqdQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 05:54:55 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE0A104D5B3522
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#53121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.053121Z
Expires: Sat, 10 May 2025 05:54:55 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|