Report - psnm4n1.multiservers.com/maya.exe

Report Overview

Submitted URL
psnm4n1.multiservers.com/maya.exe
IP
67.199.171.86
ASN
#36223 SPANISHFORK-COMMUNITY-NETWORK
Submitted
2024-05-05 13:31:30
Access
public
Website Title
Missing
Final URL
psnm4n1.multiservers.com/maya.exe
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ruthwoof.com	unknown	unknown	No data	No data	543 B	987 B	192.243.61.227
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-04	1.3 kB	846 B	192.243.61.227
electionmmdevote.com	unknown	2024-02-01	2024-02-01	2024-03-25	1.1 kB	60 kB	192.243.59.12
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-04	341 B	327 B	172.240.127.234
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-04	1.4 kB	1.2 kB	18.185.9.67
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-04	674 B	1.8 kB	104.21.35.227
gabblewhining.com	unknown	unknown	No data	No data	411 B	467 B	172.240.127.234
integralinstalledmoody.com	unknown	unknown	No data	No data	3.7 kB	4.8 kB	192.243.59.13
psnm4n1.multiservers.com	unknown	1999-11-09	2012-08-14	2024-03-26	1.0 kB	3.0 kB	67.199.171.86
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-04	338 B	942 B	143.204.53.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-05	medium	electionmmdevote.com	Sinkholed
2024-05-05	medium	electionmmdevote.com	Sinkholed
2024-05-05	medium	electionmmdevote.com	Sinkholed
2024-05-05	medium	ruthwoof.com	Sinkholed
2024-05-05	medium	unseenreport.com	Sinkholed
2024-05-05	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-18
Pretty URL capaciousdrewreligion.com/advertisers.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 22:17:42 Times Seen37802864 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 104.21.35.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	psnm4n1.multiservers.com/maya.exe	0 B	2023-03-07	2024-05-18
Pretty URL psnm4n1.multiservers.com/maya.exe IP 67.199.171.86 ASN #36223 SPANISHFORK-COMMUNITY-NETWORK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 22:17:42 Times Seen37802864 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	electionmmdevote.com/d2/d7/13/d2d7138fc2d23e1cb11edcf1517ffb2a.js	84 kB	2024-05-05	2024-05-05
Pretty URL electionmmdevote.com/d2/d7/13/d2d7138fc2d23e1cb11edcf1517ffb2a.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 15:31:36 Last Seen2024-05-05 15:31:37 Times Seen2 Hash 62312a6f39f171a6ca551cbd95bf65c5 d2fd4d2cbbc3b19fe39065682b3afa88dee4ccaf b9af12df7c4df74fe385388a32f1bcf57c501d47f382be939f1022812f52bb22 Loading...

	electionmmdevote.com/7d/03/9b/7d039b1ff511f75ec8815b9431b6f1d5.js	44 kB	2024-05-05	2024-05-05
Pretty URL electionmmdevote.com/7d/03/9b/7d039b1ff511f75ec8815b9431b6f1d5.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 15:31:37 Last Seen2024-05-05 15:31:37 Times Seen2 Hash cce08df0b83eb242c5d6985578c87178 7248f8e9ddbc0bdab5db12fa945ddce6d1495ad2 3c56ff66c0de96d9f0b236eec7e671bf4740ce9594dba00310690964ea79a66c Loading...

	electionmmdevote.com/63a4372b0bd78612ce12f3c476ee65ad/invoke.js	31 kB	2024-05-05	2024-05-05
Pretty URL electionmmdevote.com/63a4372b0bd78612ce12f3c476ee65ad/invoke.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 15:31:37 Last Seen2024-05-05 15:31:37 Times Seen2 Hash 2c8c670ba2663dd586da032839011010 10d68fb2b5d9f3d01087222bd8703be4fa0ee2a8 16a4e504f67373069fd7df34845276cdbdad1019410f249b7e0cdad26824682e Loading...

		Size	First Seen	Last Seen
	#1 Write - b22ea62bd1be1c7eca73ddfd649dad2b	112 B	2024-02-12	2024-05-05
Pretty Observations First Seen2024-02-12 18:47:02 Last Seen2024-05-05 15:31:37 Times Seen5 Hash b22ea62bd1be1c7eca73ddfd649dad2b 5c78518c00cca32c829ffc3349bd9e24489350be d0af4e8330ef8cb2e25bcd00e91593ac49e40ac85e9a5ef7a7cb6314e5693388 Loading...

HTTP Transactions (19)

URL IP Response Size

psnm4n1.multiservers.com/maya.exe

67.199.171.86

1.3 kB

URL
psnm4n1.multiservers.com/maya.exe
IP
67.199.171.86:0
ASN
#36223 SPANISHFORK-COMMUNITY-NETWORK

File type
HTML document, ASCII text
Size
1.3 kB (1309 bytes)
Hash
becb2d1847562aba963a949ed3e36575
270615bb150ca1d800f5ae89e321e2cf0a9ab70a
b361a873e40d8d0752d348bdeb6589cb2eef7bf1cb9a9a8fa71ae058c9633d31

HTTP Headers

GET /maya.exe HTTP/1.1
Host: psnm4n1.multiservers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 05 May 2024 13:31:06 GMT
Server: Apache/2.2.15 (CentOS)
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

electionmmdevote.com/63a4372b0bd78612ce12f3c476ee65ad/invoke.js

192.243.59.12

12 kB

URL
electionmmdevote.com/63a4372b0bd78612ce12f3c476ee65ad/invoke.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
JavaScript source, ASCII text, with very long lines (31278), with no line terminators
Size
12 kB (11815 bytes)
Hash
2c8c670ba2663dd586da032839011010
10d68fb2b5d9f3d01087222bd8703be4fa0ee2a8
16a4e504f67373069fd7df34845276cdbdad1019410f249b7e0cdad26824682e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /63a4372b0bd78612ce12f3c476ee65ad/invoke.js HTTP/1.1
Host: electionmmdevote.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 May 2024 13:31:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 98f60ec4de549d1e0e7365c700d90912
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

electionmmdevote.com/d2/d7/13/d2d7138fc2d23e1cb11edcf1517ffb2a.js

192.243.59.12

31 kB

URL
electionmmdevote.com/d2/d7/13/d2d7138fc2d23e1cb11edcf1517ffb2a.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30577 bytes)
Hash
62312a6f39f171a6ca551cbd95bf65c5
d2fd4d2cbbc3b19fe39065682b3afa88dee4ccaf
b9af12df7c4df74fe385388a32f1bcf57c501d47f382be939f1022812f52bb22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d2/d7/13/d2d7138fc2d23e1cb11edcf1517ffb2a.js HTTP/1.1
Host: electionmmdevote.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 May 2024 13:31:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e8876c30db3a460cc699beae21026eb0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

electionmmdevote.com/7d/03/9b/7d039b1ff511f75ec8815b9431b6f1d5.js

192.243.59.12

16 kB

URL
electionmmdevote.com/7d/03/9b/7d039b1ff511f75ec8815b9431b6f1d5.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
JavaScript source, ASCII text, with very long lines (44002), with no line terminators
Size
16 kB (15780 bytes)
Hash
cce08df0b83eb242c5d6985578c87178
7248f8e9ddbc0bdab5db12fa945ddce6d1495ad2
3c56ff66c0de96d9f0b236eec7e671bf4740ce9594dba00310690964ea79a66c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7d/03/9b/7d039b1ff511f75ec8815b9431b6f1d5.js HTTP/1.1
Host: electionmmdevote.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 May 2024 13:31:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Wed, 08 May 2024 16:31:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 62a904f03036b739003f9986249708e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
691c3f87e4fe41a736328d3c71e2dbdc
fd76f455b38ba18f00a6fb81e3585201eb3c43f6
8ac709de568d48e4c9e64b75afa6cd3fed58e2cf0c21e823af01ab342e6794b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 05 May 2024 13:31:07 GMT
Last-Modified: Sun, 05 May 2024 13:12:44 GMT
Server: ECAcc (ska/F7A7)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zpTwAt0zES3VosBk8YWE5fPZGslhVE8Jy-SxN3h5D5w5Ad1p99-22w==
Age: 1103

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
http://psnm4n1.multiservers.com/maya.exe
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2e510f3f29adb0da7e2e0b04fa0055e3
cf52d5ae288d3e2427b7d176eba3ac2d10b76ff3
6b47323c80597bec621875e512b3336a80355b0b0561d5a76decf26a4cf9b57b

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://psnm4n1.multiservers.com
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:31:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://psnm4n1.multiservers.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=bc8f0e90-758e-46c8-a212-b0d43a10a711:3:1; expires=Wed, 03 May 2034 13:31:07 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

301 Moved Permanently

167 B

URL GET HTTP/1.1
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:80
ASN
#13335 CLOUDFLARENET

Requested by
http://psnm4n1.multiservers.com/maya.exe

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 05 May 2024 13:31:07 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 May 2024 14:31:07 GMT
Location: https://downstairsnegotiatebarren.com/sfp.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=asl47Aa1muchxm8%2BnweDQQwTpBcdDjIcGGEO4sODKUGJqhA2BGbEtLrRX8yDxeX8QeXTGVMsY4RtR9pG1J3Lw%2BAzTcDy57qdZTeVUfVV3c07QihsxCiU%2BbAeXC7vgJ0AidPBrk9RfvAF%2F584shq4Kg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87f116c94a0656c5-OSL
alt-svc: h2=":443"; ma=60

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
http://psnm4n1.multiservers.com/maya.exe
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
6985e19ad8775b869f199448ee818a98
8d847074140ed37814718209dfee74939f59b2ed
776cea8541fc4d1bb4eef54a500c50e23e671b93100ec85fd6f09a817894c5ef

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://psnm4n1.multiservers.com
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:31:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://psnm4n1.multiservers.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=bc9f92f0-ad87-4b47-90d8-94e968346fdd:2:1; expires=Wed, 03 May 2034 13:31:07 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

301 Moved Permanently

167 B

URL GET HTTP/1.1
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:80
ASN
#13335 CLOUDFLARENET

Requested by
http://psnm4n1.multiservers.com/maya.exe

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 05 May 2024 13:31:07 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 May 2024 14:31:07 GMT
Location: https://downstairsnegotiatebarren.com/sfp.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=agZx3bSHFZFRd6u3CCCEZWmO76qdoo1GffL4f5OoE8SwTNM5dqTAquTlE%2FUearV2%2BFb4MMd8CO3TNuG%2FGatR8PeyUwYU3U4FXJl%2BmyziuzlXtSaQr1EDIgDRBb8fqrV2NEP6QiB0J0RZ3MLvEHvucw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87f116ca2b2556c5-OSL
alt-svc: h2=":443"; ma=60

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
http://psnm4n1.multiservers.com/maya.exe
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
2e510f3f29adb0da7e2e0b04fa0055e3
cf52d5ae288d3e2427b7d176eba3ac2d10b76ff3
6b47323c80597bec621875e512b3336a80355b0b0561d5a76decf26a4cf9b57b

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://psnm4n1.multiservers.com
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Cookie: uid_id2=bc8f0e90-758e-46c8-a212-b0d43a10a711:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:31:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://psnm4n1.multiservers.com
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

gabblewhining.com/pixel/purst?dl=0&th=0&sc=0&rs=1001&rd=1001&fd=598&bv=24.5.6485&tmpl=70

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
gabblewhining.com/pixel/purst?dl=0&th=0&sc=0&rs=1001&rd=1001&fd=598&bv=24.5.6485&tmpl=70
IP
172.240.127.234:80
ASN
#7979 SERVERS-COM

Requested by
http://psnm4n1.multiservers.com/maya.exe

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1001&rd=1001&fd=598&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: gabblewhining.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 13:31:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

capaciousdrewreligion.com/advertisers.js

172.240.127.234

0 B

URL
capaciousdrewreligion.com/advertisers.js
IP
172.240.127.234:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 13:31:07 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f9b5265798426186360fc334cf16f4f8
Strict-Transport-Security: max-age=0; includeSubdomains

integralinstalledmoody.com/watch.232646508014.js?key=63a4372b0bd78612ce12f3c476ee65ad&kw=%5B%22missing%22%5D&refer=http%3A%2F%2Fpsnm4n1.multiservers.com%2Fmaya.exe&tz=0&dev=e&res=14.2069&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1

192.243.59.13

0 B

URL
integralinstalledmoody.com/watch.232646508014.js?key=63a4372b0bd78612ce12f3c476ee65ad&kw=%5B%22missing%22%5D&refer=http%3A%2F%2Fpsnm4n1.multiservers.com%2Fmaya.exe&tz=0&dev=e&res=14.2069&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.232646508014.js?key=63a4372b0bd78612ce12f3c476ee65ad&kw=%5B%22missing%22%5D&refer=http%3A%2F%2Fpsnm4n1.multiservers.com%2Fmaya.exe&tz=0&dev=e&res=14.2069&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1 HTTP/1.1
Host: integralinstalledmoody.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://psnm4n1.multiservers.com
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 May 2024 13:31:08 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81a9dd5265d6b06d61ec82af12541af5
Strict-Transport-Security: max-age=0; includeSubdomains

ruthwoof.com/sbar.json?key=7d039b1ff511f75ec8815b9431b6f1d5&psid=CF-3448_0&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
ruthwoof.com/sbar.json?key=7d039b1ff511f75ec8815b9431b6f1d5&psid=CF-3448_0&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://psnm4n1.multiservers.com/maya.exe
Certificate
IssuerLet's Encrypt
Subjectruthwoof.com
Fingerprint9A:2B:D2:48:F4:EB:82:59:65:9A:1D:6D:22:D5:EE:05:7E:BF:1E:86
ValiditySun, 28 Apr 2024 09:50:01 GMT - Sat, 27 Jul 2024 09:50:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=7d039b1ff511f75ec8815b9431b6f1d5&psid=CF-3448_0&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1 HTTP/1.1
Host: ruthwoof.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://psnm4n1.multiservers.com
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 13:31:08 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://psnm4n1.multiservers.com
Access-Control-Allow-Origin: http://psnm4n1.multiservers.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22264997; expires=Mon, 06 May 2024 13:31:08 GMT; secure; SameSite=None
uid_id2=bc8f0e90-758e-46c8-a212-b0d43a10a711:3:1; expires=Sun, 12 May 2024 13:31:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4ded6ba43084205621996c8d42c30b2f
Strict-Transport-Security: max-age=0; includeSubdomains

integralinstalledmoody.com/watch.232646508014?key=63a4372b0bd78612ce12f3c476ee65ad&kw=%5B%22missing%22%5D&refer=http%3A%2F%2Fpsnm4n1.multiservers.com%2Fmaya.exe&tz=0&dev=e&res=14.2069&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1

192.243.61.227

200 OK

1.4 kB

URL GET HTTP/1.1
integralinstalledmoody.com/watch.232646508014?key=63a4372b0bd78612ce12f3c476ee65ad&kw=%5B%22missing%22%5D&refer=http%3A%2F%2Fpsnm4n1.multiservers.com%2Fmaya.exe&tz=0&dev=e&res=14.2069&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://psnm4n1.multiservers.com/maya.exe
Certificate
IssuerLet's Encrypt
Subjectintegralinstalledmoody.com
FingerprintBA:F0:D6:A1:F2:33:C4:76:E7:FD:24:84:AF:E1:DA:4D:74:57:87:AC
ValiditySun, 28 Apr 2024 09:45:47 GMT - Sat, 27 Jul 2024 09:45:46 GMT

File type
HTML document, ASCII text, with very long lines (622)
Size
1.4 kB (1387 bytes)
Hash
4234bdd4237bef635d96f3f480b1ccc7
09da3f7fc8db344c5726cdc0c09440aa8aa9771c
156e2f444eda18d263d4c83b8905f90eeb0e2f6768b896e66b22a6b25a9f5b73

HTTP Headers

GET /watch.232646508014?key=63a4372b0bd78612ce12f3c476ee65ad&kw=%5B%22missing%22%5D&refer=http%3A%2F%2Fpsnm4n1.multiservers.com%2Fmaya.exe&tz=0&dev=e&res=14.2069&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1 HTTP/1.1
Host: integralinstalledmoody.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 13:31:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=22262561; expires=Mon, 06 May 2024 13:31:08 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjI2MjU2MSwiayI6IjYzYTQzNzJiMGJkNzg2MTJjZTEyZjNjNDc2ZWU2NWFkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNTIyNzM1LCJwaWQiOjE2MzM2MDAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjcsInB0Ijo0LCJwayI6ImRqY3R0OTBlIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9wc25tNG4xLm11bHRpc2VydmVycy5jb20vbWF5YS5leGUiLCJhciI6W119fQ.Sun-tCOyif54wZDMpBqYuizdGCTeJmEnyUdxZodmlIk; expires=Sun, 05 May 2024 13:32:08 GMT; secure; SameSite=None
uid_id2=bc8f0e90-758e-46c8-a212-b0d43a10a711:3:1; expires=Sun, 12 May 2024 13:31:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 27f9cbca213748d02412aad8f604aef2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

integralinstalledmoody.com/api/users?token=L3dhdGNoLjIzMjY0NjUwODAxND9kZXY9ZSZrZXk9NjNhNDM3MmIwYmQ3ODYxMmNlMTJmM2M0NzZlZTY1YWQma3c9JTVCJTIybWlzc2luZyUyMiU1RCZwc3Q9MTcxNDkxNTkyOCZyZWZlcj1odHRwJTNBJTJGJTJGcHNubTRuMS5tdWx0aXNlcnZlcnMuY29tJTJGbWF5YS5leGUmcmVzPTE0LjIwNjkmcm10Yz10JnNodT0wZWM3ZDkxYTc4ZjRiMzlkNWFkMWFkZjIyZjhkMjM3OTM2NTdkYTMwYjhlMTE5OWIzZjZhNWYzODRmMWE3Mjk4NjI2OTU1N2Y4ZTExMzc3MjFiNjA2NTY1MGI0Y2E4MmVmMGIyZWFjYmFhYmJkYzBhZjU5N2RkYTVkZTcxMmFlNDI2ZmYzZjIzOTZmZDhjMGMzMjc2ODNkZTFkMWFmNDZhMWQ2OTU4Njk3NmY1YzI4Nzk3NjY1Y2VjMTNkNjMyJnR6PTAmdXVpZD1iYzhmMGU5MC03NThlLTQ2YzgtYTIxMi1iMGQ0M2ExMGE3MTElM0EzJTNBMQ&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1&pii=&in=false

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
integralinstalledmoody.com/api/users?token=L3dhdGNoLjIzMjY0NjUwODAxND9kZXY9ZSZrZXk9NjNhNDM3MmIwYmQ3ODYxMmNlMTJmM2M0NzZlZTY1YWQma3c9JTVCJTIybWlzc2luZyUyMiU1RCZwc3Q9MTcxNDkxNTkyOCZyZWZlcj1odHRwJTNBJTJGJTJGcHNubTRuMS5tdWx0aXNlcnZlcnMuY29tJTJGbWF5YS5leGUmcmVzPTE0LjIwNjkmcm10Yz10JnNodT0wZWM3ZDkxYTc4ZjRiMzlkNWFkMWFkZjIyZjhkMjM3OTM2NTdkYTMwYjhlMTE5OWIzZjZhNWYzODRmMWE3Mjk4NjI2OTU1N2Y4ZTExMzc3MjFiNjA2NTY1MGI0Y2E4MmVmMGIyZWFjYmFhYmJkYzBhZjU5N2RkYTVkZTcxMmFlNDI2ZmYzZjIzOTZmZDhjMGMzMjc2ODNkZTFkMWFmNDZhMWQ2OTU4Njk3NmY1YzI4Nzk3NjY1Y2VjMTNkNjMyJnR6PTAmdXVpZD1iYzhmMGU5MC03NThlLTQ2YzgtYTIxMi1iMGQ0M2ExMGE3MTElM0EzJTNBMQ&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1&pii=&in=false
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://psnm4n1.multiservers.com/maya.exe
Certificate
IssuerLet's Encrypt
Subjectintegralinstalledmoody.com
FingerprintBA:F0:D6:A1:F2:33:C4:76:E7:FD:24:84:AF:E1:DA:4D:74:57:87:AC
ValiditySun, 28 Apr 2024 09:45:47 GMT - Sat, 27 Jul 2024 09:45:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/users?token=L3dhdGNoLjIzMjY0NjUwODAxND9kZXY9ZSZrZXk9NjNhNDM3MmIwYmQ3ODYxMmNlMTJmM2M0NzZlZTY1YWQma3c9JTVCJTIybWlzc2luZyUyMiU1RCZwc3Q9MTcxNDkxNTkyOCZyZWZlcj1odHRwJTNBJTJGJTJGcHNubTRuMS5tdWx0aXNlcnZlcnMuY29tJTJGbWF5YS5leGUmcmVzPTE0LjIwNjkmcm10Yz10JnNodT0wZWM3ZDkxYTc4ZjRiMzlkNWFkMWFkZjIyZjhkMjM3OTM2NTdkYTMwYjhlMTE5OWIzZjZhNWYzODRmMWE3Mjk4NjI2OTU1N2Y4ZTExMzc3MjFiNjA2NTY1MGI0Y2E4MmVmMGIyZWFjYmFhYmJkYzBhZjU5N2RkYTVkZTcxMmFlNDI2ZmYzZjIzOTZmZDhjMGMzMjc2ODNkZTFkMWFmNDZhMWQ2OTU4Njk3NmY1YzI4Nzk3NjY1Y2VjMTNkNjMyJnR6PTAmdXVpZD1iYzhmMGU5MC03NThlLTQ2YzgtYTIxMi1iMGQ0M2ExMGE3MTElM0EzJTNBMQ&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1&pii=&in=false HTTP/1.1
Host: integralinstalledmoody.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://integralinstalledmoody.com/watch.232646508014?key=63a4372b0bd78612ce12f3c476ee65ad&kw=%5B%22missing%22%5D&refer=http%3A%2F%2Fpsnm4n1.multiservers.com%2Fmaya.exe&tz=0&dev=e&res=14.2069&uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1
Cookie: u_pl=22262561; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjI2MjU2MSwiayI6IjYzYTQzNzJiMGJkNzg2MTJjZTEyZjNjNDc2ZWU2NWFkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNTIyNzM1LCJwaWQiOjE2MzM2MDAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjcsInB0Ijo0LCJwayI6ImRqY3R0OTBlIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9wc25tNG4xLm11bHRpc2VydmVycy5jb20vbWF5YS5leGUiLCJhciI6W119fQ.Sun-tCOyif54wZDMpBqYuizdGCTeJmEnyUdxZodmlIk; uid_id2=bc8f0e90-758e-46c8-a212-b0d43a10a711:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 13:31:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://psnm4n1.multiservers.com/maya.exe
Access-Control-Allow-Origin: http://psnm4n1.multiservers.com/maya.exe
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=bc8f0e90-758e-46c8-a212-b0d43a10a711:3:1; expires=Sun, 12 May 2024 13:31:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 376199c0a8c375f8f418dca8215a70f6
Strict-Transport-Security: max-age=0; includeSubdomains

psnm4n1.multiservers.com/favicon.ico

67.199.171.86

404 Not Found

1.3 kB

URL GET HTTP/1.1
psnm4n1.multiservers.com/favicon.ico
IP
67.199.171.86:80
ASN
#36223 SPANISHFORK-COMMUNITY-NETWORK

Requested by
http://psnm4n1.multiservers.com/maya.exe

File type
HTML document, ASCII text
Size
1.3 kB (1312 bytes)
Hash
9711c2cf866e1c49adfa0deaa43d08e7
2ddab792c2437289f2e345c7632069e994a21b61
eea3a5bdfb9d0ded00716b16a1f245dc93f22ebcf9cf1ecb84b14296e0c74459

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: psnm4n1.multiservers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/maya.exe
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=bc8f0e90-758e-46c8-a212-b0d43a10a711%3A3%3A1; pp_main_d2d7138fc2d23e1cb11edcf1517ffb2a=1; sb_main_7d039b1ff511f75ec8815b9431b6f1d5=1; sb_count_7d039b1ff511f75ec8815b9431b6f1d5=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=ruthwoof.com
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 05 May 2024 13:31:08 GMT
Server: Apache/2.2.15 (CentOS)
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

unseenreport.com/pxf.gif?uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=d2d7138fc2d23e1cb11edcf1517ffb2a&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=d2d7138fc2d23e1cb11edcf1517ffb2a&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13
IP
192.243.61.227:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://psnm4n1.multiservers.com/maya.exe

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=d2d7138fc2d23e1cb11edcf1517ffb2a&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 13:31:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5339bfe75f15d261a4fe6d9e841052c7
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=7d039b1ff511f75ec8815b9431b6f1d5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=7d039b1ff511f75ec8815b9431b6f1d5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13
IP
192.243.61.227:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://psnm4n1.multiservers.com/maya.exe

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=bc8f0e90-758e-46c8-a212-b0d43a10a711&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2069&b_frame=0&pk=7d039b1ff511f75ec8815b9431b6f1d5&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://psnm4n1.multiservers.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 13:31:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 74233a58bcb19aa3ab13f4552858bc9a
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (19)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP