Report - rplnd44.com/bot/1000/e0bf50871296df5a1e8bf89cf6922876/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=0/

Report Overview

Submitted URL
rplnd44.com/bot/1000/e0bf50871296df5a1e8bf89cf6922876/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=0/
IP
173.214.250.52
ASN
#15317 SERVEREL-AS
Submitted
2024-04-26 17:40:22
Access
public
Website Title
Нажмите Разрешить
Final URL
ptpios.ucoz.net/index.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-25	4.0 kB	4.7 kB	139.45.197.250
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-25	1.3 kB	1.9 kB	139.45.197.251
rexpush.club	unknown	2023-05-11	2023-05-11	2024-04-11	606 B	46 kB	199.182.164.165
choupsee.com	93673	2020-12-13	2020-12-19	2024-02-25	4.4 kB	110 kB	139.45.197.251
forlumineoner.com	298831	2020-04-08	2020-04-27	2024-04-18	3.5 kB	92 kB	139.45.197.229
nicksstevmark.com	unknown	unknown	2020-12-04	2023-03-14	426 B	46 kB	212.117.190.201
ilsilz.ucoz.org	unknown	2005-11-05	2022-08-05	2023-11-04	1.0 kB	47 kB	195.216.243.20
seofan.ucoz.ru	unknown	2005-08-20	2015-01-29	2015-06-15	904 B	16 kB	193.109.246.6
tmix.ucoz.net	unknown	unknown	No data	No data	937 B	16 kB	193.109.246.67
ptpios.ucoz.net	unknown	unknown	2022-11-30	2022-11-30	1.5 kB	22 kB	195.216.243.20
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-26	1.3 kB	94 kB	142.250.74.106
ahaurgoo.net	unknown	2022-10-03	2022-10-03	2024-04-18	1.0 kB	16 kB	139.45.197.251
firego.ucoz.net	unknown	2005-08-27	2021-02-03	2021-02-03	1.8 kB	20 kB	193.109.246.67
ghoop.ru	unknown	2021-01-26	2021-03-29	2023-09-30	1.9 kB	10 kB	87.236.16.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	ahaurgoo.net	Sinkholed
2024-04-26	medium	ahaurgoo.net	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	unknown	103 B	2024-04-26	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 19:40:29 Last Seen2024-04-26 19:40:29 Times Seen1 Hash c35db8cc29c7e715e01471221e545188 4660eee130a36dfc663617e515171075f8b9d7b8 a6fd2b46e5389a9d1bba836d8a771cfe1b7b76c62bab6146f6d432a3c3492a5d Loading...

	forlumineoner.com/pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var=	15 kB	2024-04-25	2024-05-07
Pretty URL forlumineoner.com/pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var= IP 139.45.197.229 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-07 19:13:53 Times Seen147 Hash ffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-05-07
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-07 19:41:40 Times Seen109342 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	unknown	73 kB	2024-04-26	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:23:45 Last Seen2024-05-02 19:12:43 Times Seen12 Hash 5bbe376b5677a5f07051dfa9c6f3221a fb0f0dbb4d45faeaf905d778949d9480f8c19d0a ab0af71125c64d7b60915222764907708423f47cf5ea23f54d7162127696485e Loading...

	ptpios.ucoz.net/index.html	0 B	2023-03-07	2024-05-07
Pretty URL ptpios.ucoz.net/index.html IP 195.216.243.20 ASN #57724 Ddos-Guard Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 19:53:28 Times Seen37416379 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nicksstevmark.com/pn07uscr/f/tr/zavbn/1808242/lib.js	28 kB	2024-04-26	2024-04-26
Pretty URL nicksstevmark.com/pn07uscr/f/tr/zavbn/1808242/lib.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 19:40:29 Last Seen2024-04-26 19:40:29 Times Seen1 Hash e79ce7e382451b5fe34febd664369294 46007d6e2b187d25473c35fd3b975aec18eab712 8c248452a408a2755267825be6896573a22754f079c2d43ef93a1eed0c190051 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 566a5e29812df4484062ac12f1fa31f6	80 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 19:40:29 Last Seen2024-04-26 19:40:29 Times Seen1 Hash 566a5e29812df4484062ac12f1fa31f6 7be6c3ea6d7af6745e4b0faa1137a0cefa2c54db 05bb73622700ed48d7087907a8474ac59ea521edad95bc301115bdfd97f943d7 Loading...

	#2 Eval - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-05-07
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 19:53:28 Times Seen37416379 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (51)

URL IP Response Size

ilsilz.ucoz.org/favicon.ico

195.216.243.20

15 kB

URL
ilsilz.ucoz.org/favicon.ico
IP
195.216.243.20:0
ASN
#57724 Ddos-Guard Ltd

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ilsilz.ucoz.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilsilz.ucoz.org/srz.html
Cookie: __ddg1_=4hr5NVHgGv4konCyrvtK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 26 Apr 2024 17:39:59 GMT
content-type: image/x-icon
content-length: 15086
last-modified: Tue, 23 Apr 2024 12:18:09 GMT
etag: "6627a701-3aee"
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

ghoop.ru/

87.236.16.239

274 B

URL
ghoop.ru/
IP
87.236.16.239:0
ASN
#198610 Beget LLC

File type
HTML document, ASCII text
Size
274 B (274 bytes)
Hash
dde72ae232dc63298465861482d7bb93
557c5dbebc35bc82280e2a744a03ce5e78b3e6fb
0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091

HTTP Headers

GET / HTTP/1.1
Host: ghoop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trel.do.am/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Fri, 26 Apr 2024 17:39:59 GMT
content-type: text/html
content-length: 274
last-modified: Mon, 27 May 2019 13:11:00 GMT
etag: "5cebe1e4-112"
accept-ranges: bytes
X-Firefox-Spdy: h2

ghoop.ru/arrow.png

87.236.16.239

1.4 kB

URL
ghoop.ru/arrow.png
IP
87.236.16.239:0
ASN
#198610 Beget LLC

File type
PNG image data, 100 x 170, 8-bit colormap, non-interlaced
Size
1.4 kB (1354 bytes)
Hash
54188b7a40cf4bede7f8b5f15726e9fa
298763c52fc42329204f0b60824011c54867f869
7001ee4fe402fd79c88f197d46843afadb035933299c80781217a7e9711875c1

HTTP Headers

GET /arrow.png HTTP/1.1
Host: ghoop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Cookie: beget=begetok
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Fri, 26 Apr 2024 17:40:00 GMT
content-type: image/png
content-length: 1354
last-modified: Thu, 24 Jun 2021 07:09:09 GMT
etag: "60d42f95-54a"
expires: Sun, 26 May 2024 17:40:00 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 11:06:17 GMT
expires: Fri, 25 Apr 2025 11:06:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 110023
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ghoop.ru/favicon.ico

87.236.16.239

163 B

URL
ghoop.ru/favicon.ico
IP
87.236.16.239:0
ASN
#198610 Beget LLC

File type
HTML document, ASCII text, with CRLF line terminators
Size
163 B (163 bytes)
Hash
565584cb0a6470ad17a7b8db7f7d21e2
9620dd5fe0e7f3933c12a781c1619765cd667d8b
3e8eb6f707697b440983f2db12d72fbdcee8b01e7ae5133484b88aa46905ea14

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ghoop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Cookie: beget=begetok
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx-reuseport/1.21.1
date: Fri, 26 Apr 2024 17:40:00 GMT
content-type: text/html
content-length: 163
X-Firefox-Spdy: h2

ahaurgoo.net/zone?&pub=0&zone_id=4025455&is_mobile=false&domain=ghoop.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=839ff464-3b83-4cde-897b-3dfdc4b31d34&action=prerequest

139.45.197.251

0 B

URL
ahaurgoo.net/zone?&pub=0&zone_id=4025455&is_mobile=false&domain=ghoop.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=839ff464-3b83-4cde-897b-3dfdc4b31d34&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=4025455&is_mobile=false&domain=ghoop.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=839ff464-3b83-4cde-897b-3dfdc4b31d34&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:00 GMT
content-length: 0
x-trace-id: 7ae68d17c28f6d0838406d880544b615
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

39 B

URL
jouteetu.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 231
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:00 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f3c56e1b2bafb445540d6d4e63885208
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

39 B

URL
jouteetu.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 233
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:00 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0f15d00b98073e7a733f8ff930006bf1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ahaurgoo.net/pfe/current/micro.tag.min.js?z=4025455&sw=/sw-check-permissions-a7b09.js

139.45.197.251

15 kB

URL
ahaurgoo.net/pfe/current/micro.tag.min.js?z=4025455&sw=/sw-check-permissions-a7b09.js
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
gzip compressed data, max speed, from Unix
Size
15 kB (14718 bytes)
Hash
79ab4f5f20178d8996c060bb397118cb
1c4b2573fec4c28a0fabe5f38102b69cac5b9e97
05c6f230d524bab329e3cd7e74295e02df901851cc6350c1759b308d2ee09038

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4025455&sw=/sw-check-permissions-a7b09.js HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:00 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ghoop.ru/
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
03a1a13715f0413fa0fa6874d19602e4
406fe48c087302ca18466c190d49e76a8b2c74ac
4cf2e9c25f23987b35f82efe530920f61f719d82a903572ee7b6cd42aaaa981e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ghoop.ru/
Content-Type: application/json
Content-Length: 860
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:01 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

39 B

URL
jouteetu.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 243
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:06 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0de5bdc23256e7fc39b5cc8b341bba55
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

rexpush.club/js/s_42b42be5dd09ac1b74e7ddb5d32b256e.min.js?tag=1000&attempt=0&rnd=520705204&lnd=bot&v=2&token=e0bf50871296df5a1e8bf89cf6922876&click_id=%24%7Bclick_id%7D&sub1=%24%7Bsub1%7D&sub2=%24%7Bsub2%7D&sub3=%24%7Bsub3%7D&tb=&t_rdr=

199.182.164.165

46 kB

URL
rexpush.club/js/s_42b42be5dd09ac1b74e7ddb5d32b256e.min.js?tag=1000&attempt=0&rnd=520705204&lnd=bot&v=2&token=e0bf50871296df5a1e8bf89cf6922876&click_id=%24%7Bclick_id%7D&sub1=%24%7Bsub1%7D&sub2=%24%7Bsub2%7D&sub3=%24%7Bsub3%7D&tb=&t_rdr=
IP
199.182.164.165:0
ASN
#15317 SERVEREL-AS

File type
gzip compressed data, max speed, from Unix
Size
46 kB (45816 bytes)
Hash
f674f88b65fbb8cd8b78fa5571207060
fffba7f313b8c2df18b60e046ba5c03631b11ee9
55a5321270d94de9722fe4af27694c47486f6b58a2e1a5c5503a7669bece32ad

HTTP Headers

GET /js/s_42b42be5dd09ac1b74e7ddb5d32b256e.min.js?tag=1000&attempt=0&rnd=520705204&lnd=bot&v=2&token=e0bf50871296df5a1e8bf89cf6922876&click_id=%24%7Bclick_id%7D&sub1=%24%7Bsub1%7D&sub2=%24%7Bsub2%7D&sub3=%24%7Bsub3%7D&tb=&t_rdr= HTTP/1.1
Host: rexpush.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rplnd44.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:39:58 GMT
content-type: text/javascript;charset=UTF-8
set-cookie: _f_30d9ff6106b5fe28d448dd5186c64932=1; expires=Mon, 24-Apr-2034 17:39:58 GMT; Max-Age=315360000; path=/; domain=.rexpush.club; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

ghoop.ru/

87.236.16.239

7.5 kB

URL
ghoop.ru/
IP
87.236.16.239:0
ASN
#198610 Beget LLC

File type
gzip compressed data, from Unix
Size
7.5 kB (7537 bytes)
Hash
245c3ff430538982b6077efe28f92ce0
6ce600a98f08746d418a4661937e2e35b1806a75
f5002c0b6d681323fa720f04eb97335a3bb2bf3b87f275e6f791a06f56c2f0f1

HTTP Headers

GET / HTTP/1.1
Host: ghoop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://trel.do.am/
DNT: 1
Connection: keep-alive
Cookie: beget=begetok
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Fri, 26 Apr 2024 17:39:59 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Fri, 08 Sep 2023 18:40:11 GMT
etag: W/"31a3-604dd4e7e408d"
content-encoding: gzip
X-Firefox-Spdy: h2

seofan.ucoz.ru/mo.html

193.109.246.6

144 B

URL
seofan.ucoz.ru/mo.html
IP
193.109.246.6:0
ASN
#204343 Compubyte Limited

File type
HTML document, ASCII text
Size
144 B (144 bytes)
Hash
6f0135ecd01848b505ec1bc13b13b642
8b882bd65341f230f34ad0a7d2e0353565eaaa9c
2e1c3b474b7f00f1bad15e429ce730312dd13b4878d7d7bd4c730a9dc4770b0c

HTTP Headers

GET /mo.html HTTP/1.1
Host: seofan.ucoz.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 17:40:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 16 May 2024 17:40:03 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

seofan.ucoz.ru/favicon.ico

193.109.246.6

15 kB

URL
seofan.ucoz.ru/favicon.ico
IP
193.109.246.6:0
ASN
#204343 Compubyte Limited

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: seofan.ucoz.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://seofan.ucoz.ru/mo.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 17:40:03 GMT
Content-Type: image/x-icon
Content-Length: 15086
Last-Modified: Tue, 23 Apr 2024 12:18:05 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "6627a6fd-3aee"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

firego.ucoz.net/index.html

193.109.246.67

1.5 kB

URL
firego.ucoz.net/index.html
IP
193.109.246.67:0
ASN
#204343 Compubyte Limited

File type
HTML document, Unicode text, UTF-8 text
Size
1.5 kB (1526 bytes)
Hash
2d949bbfa4e453fffffd664ecbbfa220
c37e3128272c7c31da545643ca5036ab25fad8d8
01137768be55711acdc3e72e46a9cfed5bc75434c3232fbddc21500a014ede53

HTTP Headers

GET /index.html HTTP/1.1
Host: firego.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://seofan.ucoz.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 17:40:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 16 May 2024 17:40:08 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 11:06:17 GMT
expires: Fri, 25 Apr 2025 11:06:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 110030
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

firego.ucoz.net/arrow.png

193.109.246.67

200 OK

1.4 kB

URL GET HTTP/1.1
firego.ucoz.net/arrow.png
IP
193.109.246.67:443
ASN
#204343 Compubyte Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
PNG image data, 100 x 170, 8-bit colormap, non-interlaced
Size
1.4 kB (1354 bytes)
Hash
54188b7a40cf4bede7f8b5f15726e9fa
298763c52fc42329204f0b60824011c54867f869
7001ee4fe402fd79c88f197d46843afadb035933299c80781217a7e9711875c1

HTTP Headers

GET /arrow.png HTTP/1.1
Host: firego.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 17:40:08 GMT
Content-Type: image/png
Content-Length: 1354
Last-Modified: Wed, 13 Jan 2021 20:14:11 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5fff5493-54a"
Expires: Thu, 16 May 2024 17:40:08 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

choupsee.com/zone?pub=0&zone_id=3859177&is_mobile=false&domain=firego.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.251

200 OK

880 B

URL GET HTTP/2
choupsee.com/zone?pub=0&zone_id=3859177&is_mobile=false&domain=firego.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JSON text data
Size
880 B (880 bytes)
Hash
ad92d3fc9c7f9ccdda222c3b94712208
8c6fc6f99eff90116db3ad15f3d969547c228437
20c838b89cbe1799a954b4e3bf8f08e53aad3fcf95392a5042c097800a1c0df8

HTTP Headers

GET /zone?pub=0&zone_id=3859177&is_mobile=false&domain=firego.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 0d2c6c0b1576c5d71ec01463b2bf82ea
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

firego.ucoz.net/favicon.ico

193.109.246.67

200 OK

15 kB

URL GET HTTP/1.1
firego.ucoz.net/favicon.ico
IP
193.109.246.67:443
ASN
#204343 Compubyte Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: firego.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 17:40:08 GMT
Content-Type: image/x-icon
Content-Length: 15086
Last-Modified: Tue, 23 Apr 2024 12:18:12 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "6627a704-3aee"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

choupsee.com/custom

139.45.197.251

200 OK

0 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

choupsee.com/custom

139.45.197.251

200 OK

0 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

firego.ucoz.net/sw.js

193.109.246.67

200 OK

1.2 kB

URL GET HTTP/1.1
firego.ucoz.net/sw.js
IP
193.109.246.67:443
ASN
#204343 Compubyte Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2734)
Size
1.2 kB (1184 bytes)
Hash
979c7c47d5dae394f79b315577cbe24e
119fd04fc5e95cd71ea33df083d0ca4bede99daa
b823ad4d4513c9acfe975b37f0ffb4f9d4e0b7cfb617640ede556ec568af97b2

HTTP Headers

GET /sw.js HTTP/1.1
Host: firego.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/index.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 17:40:09 GMT
Content-Type: text/javascript
Last-Modified: Wed, 13 Jan 2021 20:11:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5fff53e7-aaf"
Expires: Thu, 16 May 2024 17:40:09 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

choupsee.com/custom

139.45.197.251

200 OK

39 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Content-Type: application/json
Content-Length: 376
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b256327524dab7b34c6425ee12a629ff
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

choupsee.com/custom

139.45.197.251

200 OK

39 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Content-Type: application/json
Content-Length: 748
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c0c921e8bff69091c9da508b8990f453
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

choupsee.com/custom

139.45.197.251

200 OK

0 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

choupsee.com/custom

139.45.197.251

200 OK

39 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Content-Type: application/json
Content-Length: 385
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 70e58b4a8b0aca4c00d937b53fa0e6f3
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ilsilz.ucoz.org/dklg.html

195.216.243.20

31 kB

URL
ilsilz.ucoz.org/dklg.html
IP
195.216.243.20:0
ASN
#57724 Ddos-Guard Ltd

File type
HTML document, ASCII text, with very long lines (40608), with CRLF, LF line terminators
Size
31 kB (30991 bytes)
Hash
5f67fd7e97830e3a9a2bc02a001e92f4
f062bf8009720d486f2f562e6b841bed91ea1612
57dd445e205873542e1895c889a5dbf05c122ede7e4022208e2721e3ca01ff81

HTTP Headers

GET /dklg.html HTTP/1.1
Host: ilsilz.ucoz.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Cookie: __ddg1_=4hr5NVHgGv4konCyrvtK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 26 Apr 2024 17:40:07 GMT
content-type: text/html
expires: Thu, 16 May 2024 17:40:07 GMT
cache-control: max-age=1728000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
80746213a56ce0211b2ee74d54fef19a
bd06368a1b7e855bbe69d05d9f1daa8f19d09fd9
cf44bcbc519db501a562d3196fa15d29c52be66c37a1df52b92d109aab42b624

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Content-Type: application/json
Content-Length: 509
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

tmix.ucoz.net/ghr.html

193.109.246.67

151 B

URL
tmix.ucoz.net/ghr.html
IP
193.109.246.67:0
ASN
#204343 Compubyte Limited

File type
HTML document, Unicode text, UTF-8 (with BOM) text
Size
151 B (151 bytes)
Hash
50fefb93e88d48aa810eff6918930cf6
aea8bdf028d53c5bbfdf39bd4fb2a209cde1b7ab
a35cae6b46e4562f23955550b8d4209199a7a872499f738fd7b1e3db745563ae

HTTP Headers

GET /ghr.html HTTP/1.1
Host: tmix.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 17:40:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 16 May 2024 17:40:16 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

tmix.ucoz.net/favicon.ico

193.109.246.67

15 kB

URL
tmix.ucoz.net/favicon.ico
IP
193.109.246.67:0
ASN
#204343 Compubyte Limited

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tmix.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmix.ucoz.net/ghr.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 17:40:16 GMT
Content-Type: image/x-icon
Content-Length: 15086
Last-Modified: Tue, 23 Apr 2024 12:18:12 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "6627a704-3aee"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 11:06:17 GMT
expires: Fri, 25 Apr 2025 11:06:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 110038
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ptpios.ucoz.net/arrow.png

195.216.243.20

200 OK

1.4 kB

URL GET HTTP/2
ptpios.ucoz.net/arrow.png
IP
195.216.243.20:443
ASN
#57724 Ddos-Guard Ltd

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
PNG image data, 100 x 170, 8-bit colormap, non-interlaced
Size
1.4 kB (1354 bytes)
Hash
54188b7a40cf4bede7f8b5f15726e9fa
298763c52fc42329204f0b60824011c54867f869
7001ee4fe402fd79c88f197d46843afadb035933299c80781217a7e9711875c1

HTTP Headers

GET /arrow.png HTTP/1.1
Host: ptpios.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/index.html
Cookie: __ddg1_=FyeDB1UZ6dICB31jKpLy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: image/png
content-length: 1354
last-modified: Sat, 05 Dec 2020 17:04:16 GMT
etag: "5fcbbd90-54a"
expires: Thu, 16 May 2024 17:40:16 GMT
cache-control: max-age=1728000
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

ptpios.ucoz.net/favicon.ico

195.216.243.20

200 OK

15 kB

URL GET HTTP/2
ptpios.ucoz.net/favicon.ico
IP
195.216.243.20:443
ASN
#57724 Ddos-Guard Ltd

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ptpios.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/index.html
Cookie: __ddg1_=FyeDB1UZ6dICB31jKpLy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: image/x-icon
content-length: 15086
last-modified: Tue, 23 Apr 2024 12:18:09 GMT
etag: "6627a701-3aee"
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

forlumineoner.com/zone?pub=1&zone_id=1808242&is_mobile=false&domain=ptpios.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.229

200 OK

863 B

URL GET HTTP/2
forlumineoner.com/zone?pub=1&zone_id=1808242&is_mobile=false&domain=ptpios.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
JSON text data
Size
863 B (863 bytes)
Hash
da7f41bfe66e07d77818c9470ae1e254
33efa80c67c5db6261b5515f5402e2fed44cbfc6
db5d49be007ade2ac63bd1bce6d807de2b97e92dfa1ebde108da62f5966db31f

HTTP Headers

GET /zone?pub=1&zone_id=1808242&is_mobile=false&domain=ptpios.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:15 GMT
content-type: application/json; charset=utf-8
content-length: 863
x-trace-id: ded40ff300b5d69b310c4ecfffc9524a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 765
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0aa589bf42c701c1261b5184f2c885bd
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 393
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a35000dad661fe47f1d965f3fba6221e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

nicksstevmark.com/pn07uscr/f/tr/zavbn/1808242/lib.js

212.117.190.201

200 OK

45 kB

URL GET HTTP/2
nicksstevmark.com/pn07uscr/f/tr/zavbn/1808242/lib.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint88:6E:05:79:44:57:36:C0:D9:C9:0D:B3:2C:CC:DC:2E:09:0A:DC:C7
ValidityTue, 09 Jan 2024 12:40:58 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (37542)
Size
45 kB (44616 bytes)
Hash
6b3769a4d8df463d91e3aeee352105fe
6283c7a23f4b2413a04ff5019f55a71dd5e58bed
b7d18359ab6c5b6ef7f68322127109bc91617710cd78fbc79f923e66ab10a488

HTTP Headers

GET /pn07uscr/f/tr/zavbn/1808242/lib.js HTTP/1.1
Host: nicksstevmark.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:15 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: script
set-cookie: CHCK=1; Path=/; Expires=Fri, 30 May 2025 17:40:15 GMT; Secure; SameSite=None
UID=2404261240dd2a3054edcf4f479fe30c2832; Path=/; Expires=Fri, 30 May 2025 17:40:15 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
a5a4b4fbcb1c80bca0465367c6c4306d
d4b51267d876e0a16ef78ea34e9cf36c27217416
130f0608d6da7089a3daf7767db53716589a4fd0472bec104b14220c61d53de2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 509
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
03b6bc23f9b6815c3faeb7287e9da8d5
e581c96ed04e7ee46f81965df7db4c5d095b023a
ac96d7e212f2e496d021790af690f95bd5cac5fcb28bb8e254a635f81926abd8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 509
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
d2ea4a08dcba6767cbac0d42e246d3b0
0c5be561dd1dbe718e9cae50eaa5ef421dabb90d
1e359c3d7b99d8ac98ea8b83ae3b7637cb8c9c70c14ba5616d79f077906c8345

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 509
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

choupsee.com/pfe/current/tag.min.js?z=3859177

139.45.197.251

200 OK

15 kB

URL GET HTTP/2
choupsee.com/pfe/current/tag.min.js?z=3859177
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JavaScript source, ASCII text, with very long lines (14612), with no line terminators
Size
15 kB (14612 bytes)
Hash
ffdd38e0a5a1a47cb341a116a3318e0e
2fd730feff506cf56e14c531e9d89cdea2cca424
7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c

HTTP Headers

GET /pfe/current/tag.min.js?z=3859177 HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:07 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

choupsee.com/pfe/current/universal.min.js?v=3.1.504

139.45.197.251

200 OK

90 kB

URL GET HTTP/2
choupsee.com/pfe/current/universal.min.js?v=3.1.504
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (89850 bytes)
Hash
4caad44ecc6a13eba45b63ed7cf9e387
e67dfe90bebd5447495d8fe962d03e55f6d13071
66f95b5eb4bf3dc3a13643e3e6776b18a2b15e0b881328e2ee012c73e679ad00

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:08 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-15efa"
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

forlumineoner.com/pfe/current/standalone.min.js?v=3.1.504

139.45.197.229

200 OK

73 kB

URL GET HTTP/2
forlumineoner.com/pfe/current/standalone.min.js?v=3.1.504
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
73 kB (72757 bytes)
Hash
5bbe376b5677a5f07051dfa9c6f3221a
fb0f0dbb4d45faeaf905d778949d9480f8c19d0a
ab0af71125c64d7b60915222764907708423f47cf5ea23f54d7162127696485e

HTTP Headers

GET /pfe/current/standalone.min.js?v=3.1.504 HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:49 GMT
etag: W/"662a3511-11c35"
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

forlumineoner.com/pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var=

139.45.197.229

200 OK

15 kB

URL GET HTTP/2
forlumineoner.com/pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var=
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
JavaScript source, ASCII text, with very long lines (14612), with no line terminators
Size
15 kB (14612 bytes)
Hash
ffdd38e0a5a1a47cb341a116a3318e0e
2fd730feff506cf56e14c531e9d89cdea2cca424
7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c

HTTP Headers

GET /pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var= HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 17:40:15 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:49 GMT
etag: W/"662a3511-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ptpios.ucoz.net/index.html

195.216.243.20

200 OK

4.4 kB

URL User Request GET HTTP/2
ptpios.ucoz.net/index.html
IP
195.216.243.20:443
ASN
#57724 Ddos-Guard Ltd

Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4609), with no line terminators
Size
4.4 kB (4414 bytes)
Hash
3862d129c9ac2b40082a253187b151bc
63c312502de14539d3567f7f04c5f8e810362ab9
aba60d4c701dfac6034159843c66e9e27959fce7f26fbed04f4dbf0c2d2f7904

HTTP Headers

GET /index.html HTTP/1.1
Host: ptpios.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmix.ucoz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=FyeDB1UZ6dICB31jKpLy; Domain=.ucoz.net; HttpOnly; Path=/; Expires=Sat, 26-Apr-2025 17:40:15 GMT
date: Fri, 26 Apr 2024 17:40:16 GMT
content-type: text/html
expires: Thu, 16 May 2024 17:40:16 GMT
cache-control: max-age=1728000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (51)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash