Report - wws.brstej.com/

Report Overview

Visited public
2023-11-27 23:15:30
Tags
URL
wws.brstej.com/
Finishing URL
wws.brstej.com/ind5
IP / ASN
104.21.56.199
#13335 CLOUDFLARENET
Title
موقع برستيج - مسلسلات عربية تركية

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rndskittytor.com	31865	2021-08-09	2021-08-10 15:00:55	2023-11-23 10:00:43	2.3 kB	85 kB	139.45.197.238
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-11-27 20:10:22	523 B	481 B	139.45.197.250
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-11-27 08:05:55	451 B	39 kB	104.18.11.207
cdn.uponelectabuzzor.club	unknown	2020-07-24	2022-03-10 07:30:29	2023-11-26 21:45:14	5.6 kB	224 kB	139.45.197.239
netdna.bootstrapcdn.com	3413	2012-05-25	2012-09-07 17:11:00	2023-11-27 10:29:42	468 B	28 kB	104.18.11.207
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-27 07:17:39	486 B	13 kB	142.250.74.106
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-11-27 08:05:54	1.3 kB	67 kB	151.101.2.137
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-27 06:40:38	898 B	146 kB	142.250.74.168
d3x2.myfastcdn.com	123688	2019-06-03	2019-10-29 13:16:08	2023-11-24 15:20:22	484 B	44 kB	172.66.40.155
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-27 07:14:04	533 B	17 kB	216.58.207.227
woafoame.net	unknown	2022-10-26	2022-10-26 14:50:26	2023-11-22 17:09:29	1.5 kB	89 kB	139.45.197.239
gishejuy.com	unknown	2023-10-25	2023-10-25 15:14:32	2023-11-25 21:49:25	5.6 kB	47 kB	139.45.197.242
abdurantom.com	568169	2020-03-17	2020-03-19 19:37:38	2023-11-18 14:28:52	434 B	742 B	139.45.197.236
pushagim.com	176755	2019-04-15	2019-04-19 23:47:42	2023-11-24 16:57:59	961 B	19 kB	139.45.197.250
offerimage.com	304078	2019-06-10	2019-06-10 13:11:53	2023-11-26 14:12:53	1.9 kB	232 kB	104.22.33.172
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-11-27 22:42:23	409 B	20 kB	104.21.11.245
wws.brstej.com	unknown	2018-07-27	2023-08-20 19:03:15	2023-11-17 23:57:03	16 kB	4.0 MB	172.67.156.10
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-11-27 05:11:40	529 B	75 kB	172.64.141.13
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-27 07:34:07	452 B	22 kB	104.17.25.14
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-27 18:56:26	1.0 kB	1.5 kB	139.45.195.8
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-11-25 20:52:26	539 B	484 B	139.45.195.254

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-27	medium	gishejuy.com	Sinkholed
2023-11-27	medium	gishejuy.com	Sinkholed
2023-11-27	medium	amunfezanttor.com	Sinkholed
2023-11-27	medium	gishejuy.com	Sinkholed
2023-11-27	medium	gishejuy.com	Sinkholed
2023-11-27	medium	gishejuy.com	Sinkholed
2023-11-27	medium	gishejuy.com	Sinkholed
2023-11-27	medium	woafoame.net	Sinkholed
2023-11-27	medium	fleraprt.com	Sinkholed
2023-11-27	medium	woafoame.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (51)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	2.3 kB	2023-04-11	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 10:43 Last Seen2025-04-15 09:26 Times Seen32 Hash 88a3609b3cde3749a15811e4b27418ea c5efa44f160d3903c48966c3f5623b8c4e2d8192 aa902b3d2c7b40b2750ed80b9f205f9258c71582a98441efcd5c469d02e3d97a Loading...

	wws.brstej.com/templates/echo/js/jquery.cropit.js	ScriptElement	28 kB	2023-03-07	2025-05-03
Pretty URL wws.brstej.com/templates/echo/js/jquery.cropit.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2025-05-03 14:30 Times Seen230 Hash cd82e0edbcecf087be901e8e7ed0d035 2cedce9f87501152efa36eb1949d95c0ca4ff200 b8a0d09df5a79e5e9494b3061eeff55883870c66714879886348c5095faa7840 Loading...

	www.googletagmanager.com/gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c	ScriptElement	281 kB	2023-11-28	2023-11-28
Pretty URL www.googletagmanager.com/gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 00:15 Last Seen2023-11-28 00:15 Times Seen1 Hash a2b91ff02d0617b70bf7a127e4c7cec6 4ff3c96a09b14820194c4ecba252972616e21cb4 e5476a2e004c447f74c29686c2ed554a220d4815e5c6bb3b8a9a742a3fa44c89 Loading...

	unknown	ScriptElement	591 B	2023-11-14	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 04:37 Last Seen2024-08-20 19:40 Times Seen7 Hash b7926e44676801e2b8fef864204d29ed fd5ed175593ac49eeea0b494662d76877431eab1 5fda879f1bfa53a85533e09707d64bfee1e57e593c20f21696469146810a0ad7 Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js	ScriptElement	21 kB	2023-03-07	2025-05-11
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-11 08:09 Times Seen9725 Hash 56456db9d72a4b380ed3cb63095e6022 6dbce88aee15b42f29083df7a07513cf3b486ba0 66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2 Loading...

	unknown	ScriptElement	439 B	2023-03-07	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-15 09:26 Times Seen173 Hash 86a6965e541a781a37d669b260561c55 d507b1712d0947c35ca109d78453ad0706543594 d08064727885699b455486366ac7a1b6e9e298d7cb1d94d4e491088d0bb8ab94 Loading...

	unknown	ScriptElement	180 B	2023-04-16	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 02:35 Last Seen2024-08-21 06:41 Times Seen19 Hash f52b6e87c6805e527d4acbea1780ceae 018050b0e8de823cf42cd39ed43724c41e9a217f 0af3bb7df105fd4f7bacd0edcc9655dc6530f064a494d305a405850cc1666b98 Loading...

	cdn.uponelectabuzzor.club/27/b7af9eee900df9a8aa2af9ad8ee46174	ScriptElement	413 kB	2023-11-24	2024-08-20
Pretty URL cdn.uponelectabuzzor.club/27/b7af9eee900df9a8aa2af9ad8ee46174 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-24 13:48 Last Seen2024-08-20 18:04 Times Seen548 Hash 1dc3ebe1459db3cde0597b21156f2665 0e5a8c7b79a34f4fffaeab7c7eb4f3a19b0d75f6 1a3f7f2cfe5fba958e9df1a38c0980aab5bb21225601ea849f9e6df4afe09f2e Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js	ScriptElement	81 kB	2023-03-07	2025-05-08
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01 Last Seen2025-05-08 20:08 Times Seen494 Hash 21f815ff6d1883c4e81d821d38ff4070 386ea8bd17f21149c4e3a2303665fe6398e4e7d0 f67b782ec5a62c8fcedb89535bcf48cc02ae06a119e3b97fe2b875fad1ff358f Loading...

	wws.brstej.com/templates/echo/js/jasny-bootstrap.min.js	ScriptElement	20 kB	2023-03-07	2025-05-03
Pretty URL wws.brstej.com/templates/echo/js/jasny-bootstrap.min.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-05-03 14:30 Times Seen200 Hash f6b6e524d29d54ada53e4172b9d91cf7 427153c7a2d83d2ca800e397779f29b857801ad2 e7ad856551c720cb7c6a24a8bf4a9d6b6b24c24f07109cde96366338e53a4ff8 Loading...

	unknown	ScriptElement	3.1 kB	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 567c56db1eaf725e91ff651665f8ffd0 a4a822f432d3ca1d9e2e0463cbfc33f28f967c53 439bfa53f6302ce0bae04b334fa4d1e60a422f14203aea9cf1ef7b2db5b623ce Loading...

	wws.brstej.com/js/melody.dev.js	ScriptElement	16 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/js/melody.dev.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen97 Hash f2bf056198be59f92547935fd4c968f0 cba85174a3d6d68fcff3a2e6238f1d6150b58fce 244926b75ad193faf7a694c602d5819576e2d953dc43849395dedfa841f5ea53 Loading...

	cdn.uponelectabuzzor.club/1?z=3360966&var=3002587	ScriptElement	43 kB	2023-11-28	2023-11-28
Pretty URL cdn.uponelectabuzzor.club/1?z=3360966&var=3002587 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 00:15 Last Seen2023-11-28 00:15 Times Seen1 Hash 0cd979ffa6e239dd5d51181b5aa52bab d9d6eec44be26bfb2804f413a46d0a71f1195576 1c9281c2a66d704fde46889fe2f9731441c52ffe0bf6e19e94b12b640bd65c29 Loading...

	gishejuy.com/400/6521330?var=2617099	ScriptElement	82 kB	2024-08-20	2024-08-20
Pretty URL gishejuy.com/400/6521330?var=2617099 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:40 Last Seen2024-08-20 17:40 Times Seen1 Hash f97a3b586edcfa457ff46f1fe55d5388 37a430455ee211a24e24dac65e4da4143858a406 de4086fd9afeb941dec2a209a29ab549b4382d27c1032ab5c90c2a34d5dbe155 Loading...

	wws.brstej.com/js/bootstrap-notify.min.js	ScriptElement	8.2 kB	2023-03-07	2025-04-25
Pretty URL wws.brstej.com/js/bootstrap-notify.min.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-25 00:46 Times Seen179 Hash 5ba070af9d1b1a2782851940de30879f d33390fc88bf68bd23eb182d7dbc77f5227081b2 a13a07b242c80b57e0cbbacc6cfedb538d4d331ff1f9dff370519ec57407e450 Loading...

	unknown	ScriptElement	216 B	2023-03-07	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-15 09:26 Times Seen174 Hash 901d05a394689754b24c53a14ff0bb94 16e6750d0db26beda439d20147af2cdf6ee85f6c c8d34bfa528cee7507080fac65baab9a6eacb046b4c097cc3201ff3bba0d09c1 Loading...

	unknown	ScriptElement	154 B	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 5fb6eed987d024f66e98ec9d643c9fba 1882cd85d8c4a56b242db3fb6438b208f14aeb65 734681277b32e5c7e12c82816f5484c4eb0ef0edc86e5bc4131cfbb814fa2324 Loading...

	unknown	ScriptElement	6.0 kB	2023-03-07	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15 Last Seen2025-04-15 09:26 Times Seen25 Hash fab201b7e2ce45bb184bc92980933ab5 bf6e3c5ee82842f422a7304159483bf5f906df95 7b7204ab22a1542b8bd6ee294de6fdddf03fb8f5af75d1b492c976f4aab5f311 Loading...

	unknown	ScriptElement	158 B	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 6637a3430b1fbb9f84840327d6bb2936 23cb2f20e77a711f6efb99178e61ad934f5354fe a7a95128c31365eaaa0c936444fe59ad0736ff8d1380b9d6fd8edde2d9ba7231 Loading...

	unknown	ScriptElement	291 B	2023-03-07	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-15 09:26 Times Seen155 Hash 0b5c6ecfd31b214438c017f7840cab7d 5b0d464bbab33735e654f6d0b47dd2bcd47f8e5c e0d679f66eea8fae589016f89ff238618cabb4b802add68fcbf4d70498356ea1 Loading...

	pushagim.com/pfe/current/extra.min.js?z=3475873&var=3002587	ScriptElement	18 kB	2023-11-04	2024-08-20
Pretty URL pushagim.com/pfe/current/extra.min.js?z=3475873&var=3002587 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 06:40 Last Seen2024-08-20 20:59 Times Seen40 Hash d2b5377db87e56c74bc3c5e251087c27 522da126538d1db8adb63807d015bcc1fdea7a08 4eb3196601dab0886c740cde2fa9adf527e06b9e7c58c3dce8ad46dba0bb8b07 Loading...

	tzegilo.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL tzegilo.com/stattag.js IP 104.21.11.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 20:07 Last Seen2024-08-21 07:20 Times Seen2395 Hash 89e89aea544ea2785d49cc4cd9cf26f6 7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b 86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9 Loading...

	unknown	EventHandler	0 B	0001-01-01	2025-05-11
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 10:34 Times Seen4653365 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	ScriptElement	741 B	2023-03-07	2025-04-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15 Last Seen2025-04-04 09:24 Times Seen41 Hash 555d825ab99c88537a92b5047dd8566a 3d347dd34a7394335011a8d814e2c8fd05bfe4f5 2e59ae140fed734cacb9d5af9e7b172bba04bd369d812d80fd9ea9a12602a50d Loading...

	wws.brstej.com/js/jquery.typewatch.js	ScriptElement	1.4 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/js/jquery.typewatch.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen93 Hash 127426292630387dbe0c8b903229a7d3 fe62c30bb3a0e02f549ee6323d55bfac5cf32239 04fd6ef5911c31cc109fa5cc24010a975df2fae28d156ccbfc849b7e844c11c8 Loading...

	wws.brstej.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-05-11
Pretty URL wws.brstej.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 10:29 Times Seen31305 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 10:23 Times Seen108934 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	unknown	ScriptElement	847 B	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 72d25878fedecc47db13727b2243e44f 0805dffe81598f8ef432948c7fa5ac445dcef8cd 14a819fb8126b2e4c1d87486ec8dbd5476421aff2dffe2305eae08b7a0a238d9 Loading...

	wws.brstej.com/templates/echo/js/theme.js	ScriptElement	44 kB	2023-03-10	2024-10-19
Pretty URL wws.brstej.com/templates/echo/js/theme.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2024-10-19 22:59 Times Seen33 Hash ec936f32dd9f5e2c8e3881703aa1ee95 48efb6cdbb051954b9265273247ea6675ddc15cb 35ff635a9e7b42762a78b36632593544829e2573d6ee8045aa14d01a7622b0fb Loading...

	unknown	EventHandler	56 B	2023-04-16	2025-04-28
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-16 10:54 Last Seen2025-04-28 03:03 Times Seen128 Hash cae6f8624c66f13833c0cb65d1a7d4f3 38913a239bfe49bb031bc0bba5130fdde4a9dddd 41557c099d9a65a2febcf471b7cc43a2fc76a213f40eb129e19d06c2f3d64ce0 Loading...

	wws.brstej.com/templates/echo/js/jquery.readmore.js	ScriptElement	3.4 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/templates/echo/js/jquery.readmore.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:21 Last Seen2024-10-23 22:55 Times Seen90 Hash 9831a2bda29ff5d836acf4aca465c0cd 44deda013554c85237ddc16793a2065f5551249b e75fb4b26aa2ded1e757268828d3d759c05a85d92db75cd6b491f3f4cb6af769 Loading...

	unknown	Function	1.4 kB	2023-06-07	2024-11-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-06-07 22:16 Last Seen2024-11-10 17:49 Times Seen561 Hash a4951040210c1a13f3006d506c750587 38552c656ef4fbf104ec652c3ad3a4a76062f501 c444e5aeffcc46c5b62dd11508eecaec8227b0d29ce4c098cd43f7d076a00aa1 Loading...

	unknown	Function	2.4 kB	2024-08-20	2024-08-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-20 17:40 Last Seen2024-08-20 17:40 Times Seen1 Hash b87f0a5922ef5435e80b9f2be4445957 e80d96b9b31e9205cbc19e4694a95d8999bf7290 add873a460aa061606a0c155c870a5e754e9f9bb2a6a33600fe961b0f93f9eb2 Loading...

	unknown	ScriptElement	330 B	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash bf4a3bccbd0242ef08b1261d2e131d7c 0c01f8286e8ada2d15ca2ec46031c33219ae1e47 105fbcb3b9f3ed97a199fc68c149b864c1f25304db740f27a7251465445c5b28 Loading...

	code.jquery.com/jquery-migrate-1.2.1.min.js	ScriptElement	7.2 kB	2023-03-07	2025-05-10
Pretty URL code.jquery.com/jquery-migrate-1.2.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 20:58 Times Seen4935 Hash eb05d8d73b5b13d8d84308a4751ece96 743052320809514fb788fe1d3df37fc87ce90452 1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d Loading...

	wws.brstej.com/templates/echo/js/jquery.plugins.a.js	ScriptElement	9.5 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/templates/echo/js/jquery.plugins.a.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen90 Hash 7edd7d96ee453442900875aa72c595c4 a09a3c791e560866562f26d8ac7f9621f369cfa2 d36a4d2e1e3ec14aa6fd41115d053a533999f0337d0f48859de361199f7359cb Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-11
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 10:33 Times Seen341078 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	wws.brstej.com/sandbox%20eval%20code		147 B	2023-04-11	2025-05-11
Pretty URL wws.brstej.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 10:33 Times Seen341880 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	EventHandler	79 B	2023-04-16	2025-04-28
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-16 10:54 Last Seen2025-04-28 03:03 Times Seen128 Hash c0cc0fb0141f52b9fc5bf5bf281531ac 29942c5675c543f8d2edc686e80cf4bf0e10bb70 74c38e29231738f71a0b9ebec39d21fcb041847dad58079457731f0481a6e7ea Loading...

	wws.brstej.com/templates/echo/js/jquery.plugins.b.js	ScriptElement	9.1 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/templates/echo/js/jquery.plugins.b.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen91 Hash 8ac43cab1939c54d6bc974726fec41ca 8c44a11ac313388d254b30c162a6f1353074296d 9ea6b351a675e3bc0e648d6d41bafd700a5944f6e54778fe6beac548210c241a Loading...

	wws.brstej.com/ind5	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL wws.brstej.com/ind5 IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 10:34 Times Seen4653365 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	wws.brstej.com/templates/echo/js/slick.min.js	ScriptElement	40 kB	2023-03-07	2025-05-03
Pretty URL wws.brstej.com/templates/echo/js/slick.min.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-05-03 14:30 Times Seen74 Hash ed79a524576de38d04a004a482b42724 e7fb1cc9bdad19cf7296f90e23fa7c4b19b91880 34e8e27e1679a10fa7dd6192389f38fb491e89a482aea9690dd4c10538cc10bf Loading...

	rndskittytor.com/400/3002587	ScriptElement	82 kB	2023-11-28	2023-11-28
Pretty URL rndskittytor.com/400/3002587 IP 139.45.197.238 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 00:15 Last Seen2023-11-28 00:15 Times Seen1 Hash c7ee6ede6251aa6159d3ad5c8817e674 d9e722b0346571eb104eeaf535a96eb29ad32c9f fc15ccc14597d60bfef83afceda64122bf5e4f1d38daa045defbaac47b5a8964 Loading...

	unknown	ScriptElement	247 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:40 Last Seen2024-08-20 17:40 Times Seen1 Hash 505cb006fef45ff224a0a526a11e7a70 0c900c131c62afa6076eb750f96adb275d02fcec e0c39e62c7ebbe22b4e16d16a1ff796f5b5ff901e05f5a66cec14f0b9d1ce810 Loading...

	wws.brstej.com/templates/echo/js/melody.dev.js	ScriptElement	5.5 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/templates/echo/js/melody.dev.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen90 Hash 0465c9d8d0bd0da2a8a2a7a8945fb9fb 1cc25de2074cacb7cfb51e925be19510d8fefdfc c112a7633fcc9bf504030e0b6ac650aba21ed1198a5db17d74ddfd38ab3e248d Loading...

	unknown	ScriptElement	1.8 kB	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 8857c34f55218cbdc7ad1eca7374132d 5a559ef7c7cb00b014dffb34e585248fd14c3e75 980d7ced3b35e90d43fb4ac16110f045f42de893f173dcbda2f3e22e6ff098d4 Loading...

	wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.3 kB	2023-11-27	2023-11-28
Pretty URL wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 23:53 Last Seen2023-11-28 00:15 Times Seen5 Hash fb920bba24a837e90e6a144bbd889f23 882929616692b26a30692ad1a797f6da845f727e f3bf500ac438ba72a7d76cb661e9fee8b4cae3a2d8b92b61fe320620f46442f0 Loading...

	woafoame.net/5/2617099	ScriptElement	85 kB	2023-11-28	2023-11-28
Pretty URL woafoame.net/5/2617099 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 00:15 Last Seen2023-11-28 00:15 Times Seen1 Hash d11d6febb0c68c83a429f96b385a5075 acfbc9740d8c0e9bf6656fc65daeedc7ecef383a 93cc95e7f72aa59ebc64241af2100caea8f84612bc9571a3851f8767a7586c4b Loading...

	wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.3 kB	2024-08-20	2024-08-20
Pretty URL wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:40 Last Seen2024-08-20 17:40 Times Seen1 Hash 2e8bc75d5a9e3bad1bd498792acb2fc7 9e0dbed857ba03ea9f59c0ace67214008624cd02 18142341d5568718d96d619e7fa157feee0b483a46d0392d0c23dffd295fb8c6 Loading...

	unknown	ScriptElement	4.3 kB	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash a7cdb65896aa57bcc3d21b22a79f3c32 d3abc4766b6ae26723415f85b0b6d345d4958058 d8eb5851a400e09f8d9e10c603844ffcd25dcf4c60c13be08e422cb6866507a0 Loading...

	www.googletagmanager.com/gtag/js?id=UA-61820443-1	ScriptElement	135 kB	2023-11-28	2023-11-28
Pretty URL www.googletagmanager.com/gtag/js?id=UA-61820443-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 00:15 Last Seen2023-11-28 00:15 Times Seen1 Hash f40f6f6aeb3a5f217c341051fde74d86 48b3c6d018ac23f186d2e67d30d7cd6108b98183 e9d45aefeafc5630bdca6161dc0100f0d42a6729b0503c9d371a863d41a957c4 Loading...

HTTP Transactions (72)

URL IP Response Size

wws.brstej.com/22.png

172.67.156.10

200 OK

7.7 kB

URL GET HTTP/3
wws.brstej.com/22.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
PNG image data, 154 x 76, 8-bit/color RGBA, non-interlaced\012- data
Size
7.7 kB (7680 bytes)
Hash
f4c0a41fb57d2b80a773283ff7eb0b28
a96333eded453d3eb644d125b5a84b1c6dbe9c6e
d837675d97b03d4ec8ef632453cffc2d031c949a16a17641d03dd6c3ae1fa1b2

HTTP Headers

GET /22.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/png
content-length: 7680
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sun, 07 Jan 2024 02:40:58 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 409442
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xf90L7DAmDaUQ%2BPW1CPgHqbdULzeknTGSgHtLvk3YUXbJt2t4%2F7rU000n2G%2FEul6bTFT8QHzR6ZxpxRew7ObtGhmsOlDFWvfxq%2Blg97XkE7jkxswUSk2D8MTDGboneUnhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12502900b4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/3f4a1374.jpg

172.67.156.10

200 OK

124 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/3f4a1374.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.0 (Windows), datetime=2023:11:19 20:39:49], progressive, precision 8, 1280x720, components 3\012- data
Size
124 kB (123973 bytes)
Hash
5e59526fd2eb12887176e42aaf15b5ef
e3b9c2d33ae43f720af91e9f1cbadcdbafa73208
aaa909d64a779dc6d617562cd6b0b9c78aa55c4694abf04bdb4c988b9e0241c3

HTTP Headers

GET /uploads/articles/3f4a1374.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/jpeg
content-length: 123973
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Thu, 18 Jan 2024 18:40:01 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 400831
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mr%2Bz9AhM0KSNR2VRvgIGF2Ywv5Hn%2BWH9prZPdckNcBW4BMA927vyZMJrN6VI%2F6s08%2BkTUe5PCl%2BpsD%2B3mTXL5zaiibcVddd25%2Fxi3wofQJ1rkF18dgBVq7XPVvx4DZWkvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12502905b4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/cbd0f675.jpg

172.67.156.10

200 OK

83 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/cbd0f675.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.0 (Windows), datetime=2023:11:25 19:38:27], progressive, precision 8, 1280x720, components 3\012- data
Size
83 kB (82600 bytes)
Hash
1a897ed733bbecd800c1b83939127d46
8f955b364aca07e254ac27368f25633e47dd64a9
ab52e466e686565365a16c4de9c89199c789541ed97113ffbf128eaf23ff4600

HTTP Headers

GET /uploads/articles/cbd0f675.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/jpeg
content-length: 82600
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Wed, 24 Jan 2024 17:38:49 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 192254
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SeNaeRwE%2BMcyhET0JSm7w3wVfIBJEjzMAX3cLcxg50fM9msJ0F6mBvYwHa5xx2wRV%2B%2FV56HEfqJyGg6Xyt6wDzgo7WU12B6Uz8FgtHlls1dmwqkX0ewyKXpJBKFsVUzBuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12503906b4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/3305df69.jpg

172.67.156.10

200 OK

125 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/3305df69.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.0 (Windows), datetime=2023:10:14 21:03:13], baseline, precision 8, 1920x1080, components 3\012- data
Size
125 kB (125367 bytes)
Hash
11cd332d717c6989292808a4ec57d0db
685ce5aa1746f09cbc6c061922512a5ce8398762
7d792c722e1c8868e257135228a74636286fc40b283c3bcc06511b0c093a85e8

HTTP Headers

GET /uploads/articles/3305df69.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/jpeg
content-length: 125367
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 13 Jan 2024 12:36:44 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 233402
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKRLi9mcMKmbrv7F0SpaDlk4bWNz3wWuglAwfmo9REhKBEbmCYml6TfynHldBOzc2dFturLA25%2Bix6gMEhH2AaIwm8%2By9YMtcmoHOhY48Cqp6z8wMxn3r7jdRzYvrcASeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12503908b4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/801000ef.jpg

172.67.156.10

200 OK

163 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/801000ef.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
163 kB (163434 bytes)
Hash
77c12d289c5ca51d4a71591e4bed9ced
7f89ba63b43f42e95a2026861223627d9ea19b5a
91f89cbc9891fa67715ea8c2d58e6cc886d3d0d7a77e6851afb8a7c7f25ff1a2

HTTP Headers

GET /uploads/articles/801000ef.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/jpeg
content-length: 163434
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Mon, 08 Jan 2024 07:29:01 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 493291
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1J5whUaT0yFJQoE4K14CFgPAjvc9mUDObjPbAKnxrt7mPai1%2F%2F6x3sacH6p0eOq9s3UzVgIwagMM%2FwQJRaJmiSZjh%2BfIjd2gfIxi8mTA4b2cpeYxssK2Vl7agAsoCSpJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12503909b4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/img/icon-play-32.png

172.67.156.10

200 OK

795 B

URL GET HTTP/3
wws.brstej.com/templates/echo/img/icon-play-32.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
795 B (795 bytes)
Hash
f3653d1fc8de9d6101eee0f1437a54d5
3be0d1b3e5901913f8b229175fbde76235933260
8962429449a13955dc953a619a622a96dbf2a727718cf2c9c2e572558f7f0070

HTTP Headers

GET /templates/echo/img/icon-play-32.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/png
content-length: 795
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sun, 31 Dec 2023 02:12:01 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 235943
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0zgcISVSy6Rd4vn93%2Bt5I507%2BjT1w6L5I9Zd5wT76Mk0%2FunjXx7bWawGHsPae%2FR7Jz5kQ6c1ncTuI%2FFr7mqHVmiLtIyBBGLJLyau4We9de55Z6kd%2BcpC0qNx68f6AvW59A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce1250f988b4f1-OSL
alt-svc: h3=":443"; ma=86400

use.fontawesome.com/releases/v5.8.2/webfonts/fa-solid-900.woff2

172.64.141.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.2/webfonts/fa-solid-900.woff2
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74328, version 329.-17695\012- data
Size
74 kB (74328 bytes)
Hash
64b3e814a66c2719b15abf8f7998bd73
fa5c5d34c7c375aa3e101f0b8104b6cdbcacd6a6
0fe6a4357505cb0d3ca8ba0671ad57df6b7410ca02cb8065eed58e2c0381e640

HTTP Headers

GET /releases/v5.8.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: font/woff2
content-length: 74328
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "64b3e814a66c2719b15abf8f7998bd73"
last-modified: Fri, 22 Sep 2023 01:45:59 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1456922
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2F1XnSJLeiMnr0mtU6sJxeSoE8DIJn%2FecPEhkCgAMpU6x0DOnDlvCiC4vmprp8uH9eNYTII%2BCYTHq1ZwRk7blV4x%2BR1bscrd65QbZoxHXTlbo%2BlUq7QJ5HL9TRJ9N0TXOP8w%2Bi1x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce1251ebc46569-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wws.brstej.com/uploads/thumbs/ee2f9956a-1.jpg

172.67.156.10

200 OK

41 kB

URL GET HTTP/3
wws.brstej.com/uploads/thumbs/ee2f9956a-1.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 800x450, components 3\012- data
Size
41 kB (41361 bytes)
Hash
077ea662fd485bd3bd7cdbb428ebe906
b859cac2a92925b909107654b201933fdbe2da75
8c9114b661c67a855184d7dbd9035faaa316e8e792c01639f48c07be52fae55c

HTTP Headers

GET /uploads/thumbs/ee2f9956a-1.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/jpeg
content-length: 41361
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 30 Dec 2023 10:46:53 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 313522
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uYlu3Ukh%2FGMObf%2FsYHaTzrjtro9f3Vk37Ey4Fe1LgObqJPQgeQpSPdvQso%2BScpixDH7Sl2q3CmaArZihc5QOqKqj7QBC7N%2FYmWGsl8wMH9fX%2Bd0EtoSSa551%2BnkvO0UsiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce1252bac7b4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/d4341bbf.jpg

172.67.156.10

200 OK

288 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/d4341bbf.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
288 kB (288365 bytes)
Hash
06aaf2386b0fe1f3878b51e94587b1e0
f2d5d810c3cffb586447d51d20735aac7c6f2b36
af8949e586a0fee77a369c116f64bc9787ca4cbb3491c88dfe4d19e6e8553c57

HTTP Headers

GET /uploads/articles/d4341bbf.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/jpeg
content-length: 288365
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Thu, 04 Jan 2024 19:13:20 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 371855
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2aj%2BPALOSLmIZh6f%2FawPshUPk0ZoG4r%2FZpVNmg6LNPOjEV137EgNuvMBKCbIedP7hOdInzufdCDTJ0X8ky33i8NQSXcFrXsULrmboAhkUckXsIFFgOFB3DLJx5CEt4cCwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce1252bac9b4f1-OSL
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-migrate-1.2.1.min.js

151.101.2.137

200 OK

3.1 kB

URL GET HTTP/2
code.jquery.com/jquery-migrate-1.2.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7085)
Size
3.1 kB (3063 bytes)
Hash
eb05d8d73b5b13d8d84308a4751ece96
743052320809514fb788fe1d3df37fc87ce90452
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

HTTP Headers

GET /jquery-migrate-1.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1c1f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 27 Nov 2023 23:15:09 GMT
age: 6223112
x-served-by: cache-lga21931-LGA, cache-bma1652-BMA
x-cache: HIT, HIT
x-cache-hits: 26, 327624
x-timer: S1701126910.997089,VS0,VE0
vary: Accept-Encoding
content-length: 3063
X-Firefox-Spdy: h2

wws.brstej.com/

172.67.156.10

302 Found

39 kB

URL User Request GET HTTP/2
wws.brstej.com/
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
39 kB (38892 bytes)
Hash
97aea8d3e5bb6940ca38ccf88255d460
5772671e939a32cb11080bb1612d28e1ac0671cd
8aaf22cb6071d82390b1128a938c543f56662d3bac18743ac7ebf5beee4ce8c3

HTTP Headers

GET / HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 27 Nov 2023 23:15:08 GMT
content-type: text/html; charset=UTF-8
location: /index_old.php
cache-control: max-age=2592000
expires: Tue, 28 Nov 2023 19:53:57 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yuKqlxyWJgMcpfAFe34I0tS51G%2FWrvUajoqqmMz%2BreS6KTpXJRLuBH1msB9GquCrANhjgTUMzjnJLZN77DMfdalK7OnDJi4Tb%2BKQMzodHt4wWqF2pYBab23YVVYUG6qCzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce124add4d712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 27 Nov 2023 23:15:09 GMT
age: 2672222
x-served-by: cache-lga13628-LGA, cache-bma1659-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 355162
x-timer: S1701126910.997853,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-61820443-1

142.250.74.168

200 OK

52 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-61820443-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
52 kB (51501 bytes)
Hash
f40f6f6aeb3a5f217c341051fde74d86
48b3c6d018ac23f186d2e67d30d7cd6108b98183
e9d45aefeafc5630bdca6161dc0100f0d42a6729b0503c9d371a863d41a957c4

HTTP Headers

GET /gtag/js?id=UA-61820443-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Nov 2023 23:15:10 GMT
expires: Mon, 27 Nov 2023 23:15:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51501
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wws.brstej.com/templates/echo/js/jquery.cropit.js

172.67.156.10

200 OK

7.6 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jquery.cropit.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (27266)
Size
7.6 kB (7628 bytes)
Hash
cd82e0edbcecf087be901e8e7ed0d035
2cedce9f87501152efa36eb1949d95c0ca4ff200
b8a0d09df5a79e5e9494b3061eeff55883870c66714879886348c5095faa7840

HTTP Headers

GET /templates/echo/js/jquery.cropit.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
expires: Fri, 24 Nov 2023 20:28:28 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1765615
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zM1QQZ0CgRjgSS3tJxWgqm4VUQ2ze60QMU%2F6irGrSldhao2VW0LVpFuUZ%2BWIIet0Cv54QaG9QewPktinORYdMRIyDnqMRilj5puO%2FYttFyuLU0dZ%2Bhq7fm6Fsgy%2BQeiYyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce1252faf3b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=83e5bcd6d2ab4116b2d8c287040b8a48

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=83e5bcd6d2ab4116b2d8c287040b8a48
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
b8a77b1862db53b6906450e741ebc3e0
25b771a2cad1d2cbc78d44e92d562db16e95aa3d
aa83abbc9ad49fc004965aab145fcea787888b925f106cd080eacbf4055a8114

HTTP Headers

GET /gid.js?userId=83e5bcd6d2ab4116b2d8c287040b8a48 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=83e5bcd6d2ab4116b2d8c287040b8a48; expires=Tue, 26 Nov 2024 23:15:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

wws.brstej.com/templates/echo/img/azpple-touch-icon.png

172.67.156.10

200 OK

4.4 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/img/azpple-touch-icon.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
PNG image data, 116 x 73, 8-bit/color RGBA, non-interlaced\012- data
Size
4.4 kB (4380 bytes)
Hash
103f4ecf53114bcc8f93ae36529c4f09
44a0fcb9df587157f7ac86b44481ce170150715d
ecca4c221950231379c89c45ffe8580621f9e80e1d77a453861502f61a01db7a

HTTP Headers

GET /templates/echo/img/azpple-touch-icon.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: image/png
content-length: 4380
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sun, 24 Dec 2023 20:28:28 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 1757930
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UyWB2JXZ%2BQxR1KGs%2B24Q3ODDmyn7XRJoSB0kMdq%2FdQR2y1P%2Fz7wxCJmZxdIx3KwmdF2xC2cbGyu79%2FINxkuQezUlAIxX7hQ2yxQydzbph5VLLBfx1y4FdxO6XtIa0TrzKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12560cf5b4f1-OSL
alt-svc: h3=":443"; ma=86400

gishejuy.com/400/6521330?var=2617099

139.45.197.242

200 OK

36 kB

URL GET HTTP/2
gishejuy.com/400/6521330?var=2617099
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
36 kB (35834 bytes)
Hash
365dbd0c8d595237e99c5863d8b56923
a4dcc1b2a9fd080044a9cc2efdb22a095032537c
ae651d58f1c415ef76bad687c7010c48ce93acebee3aec43b57f667c36aedf26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/6521330?var=2617099 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: application/javascript
x-trace-id: 69c148e3923b2c12262aa683b8387898
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=6dcc86e62fbb41e193e70e0ca385acfe; expires=Tue, 26 Nov 2024 23:15:10 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 27 Nov 2023 23:15:10 GMT
age: 2672223
x-served-by: cache-lga13628-LGA, cache-bma1659-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 355163
x-timer: S1701126911.614686,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

wws.brstej.com/js/bootstrap-notify.min.js

172.67.156.10

200 OK

3.2 kB

URL GET HTTP/3
wws.brstej.com/js/bootstrap-notify.min.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (595)
Size
3.2 kB (3188 bytes)
Hash
5ba070af9d1b1a2782851940de30879f
d33390fc88bf68bd23eb182d7dbc77f5227081b2
a13a07b242c80b57e0cbbacc6cfedb538d4d331ff1f9dff370519ec57407e450

HTTP Headers

GET /js/bootstrap-notify.min.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 02 Dec 2023 01:39:02 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 507537
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttN%2BKRlCvBlOWzCtE3m%2FSQqX1NBK6qUE%2BgbNRipqRd6rkBxD2E%2Bi%2FU%2Fn8M%2BLsnSdhwWUzKpDIhOzmPkwJ%2BreVupfOzlKVHMIpYG4kDaZ8rV6k9YhM%2BB4mFzsqVle2bNBPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce12530b0ab4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/js/jquery.plugins.b.js

172.67.156.10

200 OK

3.6 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jquery.plugins.b.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (8918)
Size
3.6 kB (3634 bytes)
Hash
8ac43cab1939c54d6bc974726fec41ca
8c44a11ac313388d254b30c162a6f1353074296d
9ea6b351a675e3bc0e648d6d41bafd700a5944f6e54778fe6beac548210c241a

HTTP Headers

GET /templates/echo/js/jquery.plugins.b.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=9509
expires: Fri, 08 Dec 2023 03:46:08 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 235943
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6WX%2FN7xqqaBNiDs0tIpavzoe%2FNYJrF1%2Fe96Nvz%2Bfu7OwVdbiHNUqEn5av%2BTlgnDnmBvUltbjBz4TM5LgQxm4x5%2F36YNLWae2eYbeiliZnuC6MHhQQS9QFU6ABAQ6kgF5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce1252faf8b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gishejuy.com/500/6521330?excludes=&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/6521330?excludes=&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6521330?excludes=&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

wws.brstej.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js

172.67.156.10

200 OK

214 kB

URL GET HTTP/3
wws.brstej.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7333), with no line terminators
Size
214 kB (213659 bytes)
Hash
fb920bba24a837e90e6a144bbd889f23
882929616692b26a30692ad1a797f6da845f727e
f3bf500ac438ba72a7d76cb661e9fee8b4cae3a2d8b92b61fe320620f46442f0

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515; cf_clearance=HtFWWLHrNINZffGeMM5vvy9YydXFVwJxbUXw2_SYRsM-1701126910-0-1-730ca2d2.73a07051.5b213570-0.2.1701126910; prefetchAd_2617099=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5JPD9aQx984i9PYvvTVio8HGWnhn29jaee%2Fx1ziBQw1Bu4t1mcDYRmSPg2A9VOtO8i3NZf6BVwpR5ZlYbHCU%2BzPEVkjmnzdEhpn8a2LVieIsYc%2B2Ub9isYYKbxBN1gueA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce12588ebbb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/cdn-cgi/challenge-platform/h/g/jsd/r/82ce124c7eeeb4f1

172.67.156.10

200 OK

280 kB

URL POST HTTP/3
wws.brstej.com/cdn-cgi/challenge-platform/h/g/jsd/r/82ce124c7eeeb4f1
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
data
Size
280 kB (280538 bytes)
Hash
79bfbca83172c62c8597dd01c55bcdcd
6bc25042b2b8e752d48559c0b632482380ff35c5
9be7174bf0154970ec581ab46d7b1a35f2556031a9a84a31a5908d9444b8c9f5

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/82ce124c7eeeb4f1 HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12181
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515; cf_clearance=HtFWWLHrNINZffGeMM5vvy9YydXFVwJxbUXw2_SYRsM-1701126910-0-1-730ca2d2.73a07051.5b213570-0.2.1701126910; prefetchAd_2617099=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=hsfLX0RvgKqYX38VsN8SLzEaEDrtRbj9TtggiGPFBRw-1701126911-0-1-730ca2d2.73a07051.5b213570-0.2.1701126911; path=/; expires=Tue, 26-Nov-24 23:15:11 GMT; domain=.brstej.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVkGGX7JzgNfGJx4X7R0LaECIfK6KURrXyNSbqD1aZ%2BOCKLc8MbrcYz6GNk%2FDdgY%2FDwd6qhorBIq0TYN48tJsfLBLc64TOFxEdKJqRsPXHxE%2BfN8ES4fNOu5e8F8WecmOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce125a0fa0b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/ajax.php?p=stats&do=show&aid=904&at=1

172.67.156.10

200 OK

94 kB

URL GET HTTP/3
wws.brstej.com/ajax.php?p=stats&do=show&aid=904&at=1
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
data
Size
94 kB (93597 bytes)
Hash
49517d50b9c5b334428d404c26e8dffe
650881276554c4295417f6c084bc51ac3253efcb
e67da011929bf68171d189e3109c1d08b0ac7a3e58acae886544e70727fa5abb

HTTP Headers

GET /ajax.php?p=stats&do=show&aid=904&at=1 HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: image/gif
pragma: no-cache
x-frame-options: SAMEORIGIN
expires: Wed, 5 Feb 1986 06:06:06 GMT
cache-control: must-revalidate
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2Z0MuIGZjVsoFNgWb0QwEjSKvAV5zdyflaJ3URUk8Irwpw85W4HJQID5SKv9%2FmocVFN0Rk5Hgs7yinkKtU081CBkVc4ifsfXI%2FoPKvdFQzXsbWRutJvo3i84nh9RPo67g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce1250390ab4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/js/slick.min.js

172.67.156.10

200 OK

11 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/slick.min.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32012)
Size
11 kB (10799 bytes)
Hash
ed79a524576de38d04a004a482b42724
e7fb1cc9bdad19cf7296f90e23fa7c4b19b91880
34e8e27e1679a10fa7dd6192389f38fb491e89a482aea9690dd4c10538cc10bf

HTTP Headers

GET /templates/echo/js/slick.min.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 02 Dec 2023 04:56:28 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 142901
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r7pDCXw4iVCWtKuVCyeH8mmAfZS0xY551%2BQzVr71vorLbx8XJZOkHolXWHil9F32IP%2BrbgR8Qd%2FyPi6edDihOsbSelnBobq%2FmK1yMNJlH9aFvEhU%2FG7%2BR5Aa6gZb9FCZVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce12531b0eb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

abdurantom.com/apu.php?zoneid=3390705&var=3002587

139.45.197.236

403 Forbidden

7 B

URL GET HTTP/2
abdurantom.com/apu.php?zoneid=3390705&var=3002587
IP
139.45.197.236:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectabdurantom.com
Fingerprint86:ED:E7:08:BD:8B:F3:C3:02:7E:68:46:54:BB:3B:BA:F2:D8:46:63
ValiditySun, 26 Nov 2023 20:30:50 GMT - Sat, 24 Feb 2024 20:30:49 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
758ff964ee78d0c90f3a14d8d4af8ab3
f248d30ac9849b0ead400537632beb02c9c703d1
00e3fbbf542561da72fdc5ea89cfd1405c17739dd49210252e611c3122018efe

HTTP Headers

GET /apu.php?zoneid=3390705&var=3002587 HTTP/1.1
Host: abdurantom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: text/plain; charset=utf-8
content-length: 7
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c

142.250.74.168

200 OK

93 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
93 kB (92812 bytes)
Hash
a2b91ff02d0617b70bf7a127e4c7cec6
4ff3c96a09b14820194c4ecba252972616e21cb4
e5476a2e004c447f74c29686c2ed554a220d4815e5c6bb3b8a9a742a3fa44c89

HTTP Headers

GET /gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Nov 2023 23:15:11 GMT
expires: Mon, 27 Nov 2023 23:15:11 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92812
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

my.rtmark.net/gid.js?pub=0&userId=&zoneId=3475873&checkDuplicate=true&ymid=&var=3002587

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=3475873&checkDuplicate=true&ymid=&var=3002587
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
b8a77b1862db53b6906450e741ebc3e0
25b771a2cad1d2cbc78d44e92d562db16e95aa3d
aa83abbc9ad49fc004965aab145fcea787888b925f106cd080eacbf4055a8114

HTTP Headers

GET /gid.js?pub=0&userId=&zoneId=3475873&checkDuplicate=true&ymid=&var=3002587 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Cookie: ID=83e5bcd6d2ab4116b2d8c287040b8a48
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=83e5bcd6d2ab4116b2d8c287040b8a48; expires=Tue, 26 Nov 2024 23:15:11 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

pushagim.com/zone?pub=0&zone_id=3475873&is_mobile=false&domain=wws.brstej.com&var=3002587&ymid=&var_3=

139.45.197.250

200 OK

949 B

URL GET HTTP/2
pushagim.com/zone?pub=0&zone_id=3475873&is_mobile=false&domain=wws.brstej.com&var=3002587&ymid=&var_3=
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectpushagim.com
Fingerprint4E:CB:50:CB:A3:58:61:9D:E9:C7:EC:16:25:D6:65:A7:30:39:68:FC
ValidityMon, 06 Nov 2023 16:36:27 GMT - Sun, 04 Feb 2024 16:36:26 GMT

File type
JSON data\012- , ASCII text, with very long lines (948)
Size
949 B (949 bytes)
Hash
0a265cc966e3a76177d53aca5f900d90
70cec946b2797423db1c1bbe7e06968d93dd7709
854c06ba01eddf0abac06fcc558de50e2a92d9f9ec2194d1752680030ffa1914

HTTP Headers

GET /zone?pub=0&zone_id=3475873&is_mobile=false&domain=wws.brstej.com&var=3002587&ymid=&var_3= HTTP/1.1
Host: pushagim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: application/json; charset=utf-8
content-length: 949
x-trace-id: 560e82d05e3028418c50ce9d04a34149
access-control-allow-origin: https://wws.brstej.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

rndskittytor.com/500/3002587?excludes=&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0

139.45.197.238

200 OK

0 B

URL OPTIONS HTTP/2
rndskittytor.com/500/3002587?excludes=&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrndskittytor.com
FingerprintAC:9B:9A:F0:9C:CB:23:E1:7C:C9:2E:F8:51:13:30:5E:E9:82:25:70
ValidityMon, 11 Sep 2023 14:17:26 GMT - Sun, 10 Dec 2023 14:17:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/3002587?excludes=&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint94:5D:BD:F9:F6:55:6B:83:55:25:90:4A:5F:E4:CF:19:5E:6B:A2:51
ValidityWed, 22 Nov 2023 20:33:33 GMT - Tue, 20 Feb 2024 20:33:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://wws.brstej.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js

104.18.11.207

200 OK

38 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65299)
Size
38 kB (38201 bytes)
Hash
21f815ff6d1883c4e81d821d38ff4070
386ea8bd17f21149c4e3a2303665fe6398e4e7d0
f67b782ec5a62c8fcedb89535bcf48cc02ae06a119e3b97fe2b875fad1ff358f

HTTP Headers

GET /bootstrap/4.5.2/js/bootstrap.bundle.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 11/06/2021 00:04:39
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 755
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 31d256f3999b18c8e812450d8250f285
cdn-cache: HIT
cf-cache-status: HIT
age: 1757831
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ce12536bc7b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

offerimage.com/www/images/d6ce6c6417cc5862dcccfd511cea77f1.jpg

104.22.33.172

200 OK

5.1 kB

URL GET HTTP/2
offerimage.com/www/images/d6ce6c6417cc5862dcccfd511cea77f1.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
5.1 kB (5130 bytes)
Hash
d6ce6c6417cc5862dcccfd511cea77f1
02ba470ebbce695845f4d4a574c047d8b02c4f0f
c4212fb4e763e54989235e3be6e99f06a7cebc76dce08b825e896b2b2ccee16e

HTTP Headers

GET /www/images/d6ce6c6417cc5862dcccfd511cea77f1.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: image/jpeg
content-length: 5130
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6528417b-140a"
expires: Tue, 28 Nov 2023 09:40:23 GMT
last-modified: Thu, 12 Oct 2023 18:56:59 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 48888
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce125fad1a2d95-ARN
X-Firefox-Spdy: h2

cdn.uponelectabuzzor.club/9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=83e5bcd6d2ab4116b2d8c287040b8a48

139.45.197.239

204 No Content

0 B

URL OPTIONS HTTP/2
cdn.uponelectabuzzor.club/9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=83e5bcd6d2ab4116b2d8c287040b8a48
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectuponelectabuzzor.club
Fingerprint66:71:5C:D8:AF:E5:DB:07:DA:19:17:92:2D:4D:26:2C:62:C6:30:A6
ValidityTue, 24 Oct 2023 23:42:37 GMT - Mon, 22 Jan 2024 23:42:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=83e5bcd6d2ab4116b2d8c287040b8a48 HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 27 Nov 2023 23:15:12 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

139.45.197.239

204 No Content

46 kB

URL OPTIONS HTTP/2
cdn.uponelectabuzzor.club/9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=83e5bcd6d2ab4116b2d8c287040b8a48
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectuponelectabuzzor.club
Fingerprint66:71:5C:D8:AF:E5:DB:07:DA:19:17:92:2D:4D:26:2C:62:C6:30:A6
ValidityTue, 24 Oct 2023 23:42:37 GMT - Mon, 22 Jan 2024 23:42:36 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
46 kB (45485 bytes)
Hash
1678376eab748a06b12d2a0c6016600d
dd81b7902555f9b41093c0210068e4989b4351e8
07846f42cfb85fb538ab44701126622d5ca243c91625f558a9ad28ce77e3e1bb

HTTP Headers

POST /9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=83e5bcd6d2ab4116b2d8c287040b8a48 HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1263
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=a6d49c9df296470c9f0a9d41de411994; oaidts=1701126911
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:12 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 51af413672ea78a631f15816ec21f201
access-control-expose-headers: X-Sc
set-cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48; expires=Tue, 26 Nov 2024 23:15:12 GMT; secure; SameSite=None
oaidts=1701126911; expires=Tue, 26 Nov 2024 23:15:12 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.uponelectabuzzor.club/27/b7af9eee900df9a8aa2af9ad8ee46174

139.45.197.239

200 OK

130 kB

URL GET HTTP/2
cdn.uponelectabuzzor.club/27/b7af9eee900df9a8aa2af9ad8ee46174
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectuponelectabuzzor.club
Fingerprint66:71:5C:D8:AF:E5:DB:07:DA:19:17:92:2D:4D:26:2C:62:C6:30:A6
ValidityTue, 24 Oct 2023 23:42:37 GMT - Mon, 22 Jan 2024 23:42:36 GMT

File type
ASCII text, with very long lines (65523)
Size
130 kB (130445 bytes)
Hash
1dc3ebe1459db3cde0597b21156f2665
0e5a8c7b79a34f4fffaeab7c7eb4f3a19b0d75f6
1a3f7f2cfe5fba958e9df1a38c0980aab5bb21225601ea849f9e6df4afe09f2e

HTTP Headers

GET /27/b7af9eee900df9a8aa2af9ad8ee46174 HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=a6d49c9df296470c9f0a9d41de411994; oaidts=1701126911
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 9a4162f050dd95498d138dd6ec7d10b0
cache-control: max-age:290304000, public
last-modified: Fri, 24 Nov 2023 06:46:08 GMT
expires: Fri, 24 Dec 2083 06:46:08 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

gishejuy.com/impression/o_03r3ze0OxoDuQvonq-Ck8ZIWcAJn0sY9ozwkhVrPSygKaASC-EElOw10mwj0q9yarxCenTX6VYH4j603E_Gr7nCu0t6Yohjyyp9PlQgYe3By0NUjp5zIF-wxaukJnSSTay35DkUkq2e6316Cozz5Jb1r1Tznecap5nDg2RaXjhw8mNqCqbxhFyyqEX-cx1-lC6gUos_ibDBzDxJs-DnwxTbPVz_Bs3rXiVHZpXRxortrtw0JpvdkWW33EuItfFVoKZ0rRBhlOZ0fyJHVQfyl4dZoT7Tz_tfR2cdYksqNtiEi6Cc-Ss9VbfbyTjhEsnabbFPUW0BXtXeCYtlQPeWIONAiPdZXjvpnkcxt6mXwDEQneXhjRFx67gXUt1G_RQrkprpF4HiLcNz8_NP8EYvMfQWwyp9e4e-xjK55RG29JSX-JQ1v4d4OGWg8G7Q5GB8EOZTIgl89AtYJbxDZRsCJjD4ty1LaLfANMP-RK-2zj9A702mWqIz9MGTVL8fVQ76OwjWeXImUXADZGdy44JojKMBejeeHkx5IgKW5_0u-CbLlbE2F5B7w3CamgYhpDPrpY5JfkGolsY38XdtzB5PjDUTMm_tIFCn1igiEMru2h3yJHwWDcbRlcs1a2sVA76vIFNk_WVxZMUYiCA?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/o_03r3ze0OxoDuQvonq-Ck8ZIWcAJn0sY9ozwkhVrPSygKaASC-EElOw10mwj0q9yarxCenTX6VYH4j603E_Gr7nCu0t6Yohjyyp9PlQgYe3By0NUjp5zIF-wxaukJnSSTay35DkUkq2e6316Cozz5Jb1r1Tznecap5nDg2RaXjhw8mNqCqbxhFyyqEX-cx1-lC6gUos_ibDBzDxJs-DnwxTbPVz_Bs3rXiVHZpXRxortrtw0JpvdkWW33EuItfFVoKZ0rRBhlOZ0fyJHVQfyl4dZoT7Tz_tfR2cdYksqNtiEi6Cc-Ss9VbfbyTjhEsnabbFPUW0BXtXeCYtlQPeWIONAiPdZXjvpnkcxt6mXwDEQneXhjRFx67gXUt1G_RQrkprpF4HiLcNz8_NP8EYvMfQWwyp9e4e-xjK55RG29JSX-JQ1v4d4OGWg8G7Q5GB8EOZTIgl89AtYJbxDZRsCJjD4ty1LaLfANMP-RK-2zj9A702mWqIz9MGTVL8fVQ76OwjWeXImUXADZGdy44JojKMBejeeHkx5IgKW5_0u-CbLlbE2F5B7w3CamgYhpDPrpY5JfkGolsY38XdtzB5PjDUTMm_tIFCn1igiEMru2h3yJHwWDcbRlcs1a2sVA76vIFNk_WVxZMUYiCA?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/o_03r3ze0OxoDuQvonq-Ck8ZIWcAJn0sY9ozwkhVrPSygKaASC-EElOw10mwj0q9yarxCenTX6VYH4j603E_Gr7nCu0t6Yohjyyp9PlQgYe3By0NUjp5zIF-wxaukJnSSTay35DkUkq2e6316Cozz5Jb1r1Tznecap5nDg2RaXjhw8mNqCqbxhFyyqEX-cx1-lC6gUos_ibDBzDxJs-DnwxTbPVz_Bs3rXiVHZpXRxortrtw0JpvdkWW33EuItfFVoKZ0rRBhlOZ0fyJHVQfyl4dZoT7Tz_tfR2cdYksqNtiEi6Cc-Ss9VbfbyTjhEsnabbFPUW0BXtXeCYtlQPeWIONAiPdZXjvpnkcxt6mXwDEQneXhjRFx67gXUt1G_RQrkprpF4HiLcNz8_NP8EYvMfQWwyp9e4e-xjK55RG29JSX-JQ1v4d4OGWg8G7Q5GB8EOZTIgl89AtYJbxDZRsCJjD4ty1LaLfANMP-RK-2zj9A702mWqIz9MGTVL8fVQ76OwjWeXImUXADZGdy44JojKMBejeeHkx5IgKW5_0u-CbLlbE2F5B7w3CamgYhpDPrpY5JfkGolsY38XdtzB5PjDUTMm_tIFCn1igiEMru2h3yJHwWDcbRlcs1a2sVA76vIFNk_WVxZMUYiCA?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:20 GMT
content-type: image/gif
content-length: 43
x-trace-id: a169ae0e40efdca760b532b2f9b03aa2
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

rndskittytor.com/impression/UzF7iIV4V9YdfI-RMlmFVy3qGHxFegXhZBV4bYDcuiqpg7hRDcDWopM1OKv64XUGaOwhVKw_VM72uZxTF-GApvnb20Ss0MWopgqhku3wB1_KKyB3AXYwnNuL7myO6MTQu9nv6CZEL8jUgfBXpcXYPjjIRzkgG-BekjSGhc5OiAZOBc1H51IYvlfojAgcGsP0cLel8dFZChSF5WAktet4QjgJPVYNWJDrO4g07jKOEQ1yIgUq9wqfHBBVqd1eSwujsQJDoeFYP72Tnb2YLQkdwejnU08uBDRpH_n2DwqEok-UnnPvVNsvrlvXgzDZCP-bMx8zDWE2IgIdvnV8Ol-MHWT0FublSsfM1oNuQ2l-x3KhaV6LUcr-vqyKLFGFE3lb?_z=3002587&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0

139.45.197.238

200 OK

43 B

URL GET HTTP/2
rndskittytor.com/impression/UzF7iIV4V9YdfI-RMlmFVy3qGHxFegXhZBV4bYDcuiqpg7hRDcDWopM1OKv64XUGaOwhVKw_VM72uZxTF-GApvnb20Ss0MWopgqhku3wB1_KKyB3AXYwnNuL7myO6MTQu9nv6CZEL8jUgfBXpcXYPjjIRzkgG-BekjSGhc5OiAZOBc1H51IYvlfojAgcGsP0cLel8dFZChSF5WAktet4QjgJPVYNWJDrO4g07jKOEQ1yIgUq9wqfHBBVqd1eSwujsQJDoeFYP72Tnb2YLQkdwejnU08uBDRpH_n2DwqEok-UnnPvVNsvrlvXgzDZCP-bMx8zDWE2IgIdvnV8Ol-MHWT0FublSsfM1oNuQ2l-x3KhaV6LUcr-vqyKLFGFE3lb?_z=3002587&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrndskittytor.com
FingerprintAC:9B:9A:F0:9C:CB:23:E1:7C:C9:2E:F8:51:13:30:5E:E9:82:25:70
ValidityMon, 11 Sep 2023 14:17:26 GMT - Sun, 10 Dec 2023 14:17:25 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/UzF7iIV4V9YdfI-RMlmFVy3qGHxFegXhZBV4bYDcuiqpg7hRDcDWopM1OKv64XUGaOwhVKw_VM72uZxTF-GApvnb20Ss0MWopgqhku3wB1_KKyB3AXYwnNuL7myO6MTQu9nv6CZEL8jUgfBXpcXYPjjIRzkgG-BekjSGhc5OiAZOBc1H51IYvlfojAgcGsP0cLel8dFZChSF5WAktet4QjgJPVYNWJDrO4g07jKOEQ1yIgUq9wqfHBBVqd1eSwujsQJDoeFYP72Tnb2YLQkdwejnU08uBDRpH_n2DwqEok-UnnPvVNsvrlvXgzDZCP-bMx8zDWE2IgIdvnV8Ol-MHWT0FublSsfM1oNuQ2l-x3KhaV6LUcr-vqyKLFGFE3lb?_z=3002587&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:20 GMT
content-type: image/gif
content-length: 43
x-trace-id: 17f39ccd5cf966fe08b9d77f5b5d7bd4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/b89a854cfb66584b3f5fef24e571e8b5.png

104.22.33.172

200 OK

93 kB

URL GET HTTP/2
offerimage.com/www/images/b89a854cfb66584b3f5fef24e571e8b5.png
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
93 kB (92662 bytes)
Hash
b89a854cfb66584b3f5fef24e571e8b5
9bb5f94bcc641c8cfbc2e24f0a2af5bd07a3a1ea
7228a1274993f4e608b4f0952b2197db136917df3d8ae95ea16a9a34769945e7

HTTP Headers

GET /www/images/b89a854cfb66584b3f5fef24e571e8b5.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:20 GMT
content-type: image/png
content-length: 92662
last-modified: Thu, 10 Dec 2020 16:03:56 GMT
etag: "5fd246ec-169f6"
expires: Tue, 28 Nov 2023 15:02:23 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 29577
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12969cd32d95-ARN
X-Firefox-Spdy: h2

139.45.197.242

200 OK

6.4 kB

URL GET HTTP/2
gishejuy.com/500/6521330?excludes=&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
6.4 kB (6355 bytes)
Hash
21cf817ffc2080c7f51be2a663cc0c1c
97431c60c5732ed3affd4474c5e946f73be766fa
7e96422c3c4deef59da86ecd03ff461689dcca52c567b60e47b8be7fe04e0fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/6521330?excludes=&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: OAID=6dcc86e62fbb41e193e70e0ca385acfe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: application/javascript
x-trace-id: c8635e80b37a1897fd040308479a5ca5
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://wws.brstej.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48; expires=Tue, 26 Nov 2024 23:15:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

gishejuy.com/500/6521330?excludes=10242831&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/6521330?excludes=10242831&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6521330?excludes=10242831&oaid=83e5bcd6d2ab4116b2d8c287040b8a48&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:20 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png

104.22.33.172

200 OK

66 kB

URL GET HTTP/2
offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
66 kB (66121 bytes)
Hash
3d08aacb36c7474e0d13b60f8f4adc14
e4af2de372b5e3a2211579a5973ef7ed160e7be4
54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c

HTTP Headers

GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:20 GMT
content-type: image/png
content-length: 66121
last-modified: Mon, 12 Oct 2020 05:50:58 GMT
etag: "5f83eec2-10249"
expires: Tue, 28 Nov 2023 15:03:52 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 29488
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce1297bd512d95-ARN
X-Firefox-Spdy: h2

gishejuy.com/impression/7imzaDmG03yg8wmDG7k-ln7JwZjGQ1ut1DIwFEXLCjziuPymY7KOkpLU1Fp6my2DbMOiJticf2iww5wpdlUCLyrT6GLwMqLxa_klKs1eZl-nLmFJABTDrjchzdpOFCdxbzfIOhKComCIg6k0GbW0nwErJKdASwk-6tvWOQ_u1KwS_F8Q9MtnVhjpyGHKpewyRoWsS0cxl7SSDDkwmVb0VDOMcAXvjOc_zvIFHF1TvVsNJjBKZZYoGgO2LWWOvZOV3NiTx3EzzTFCjyzNkXYDVytKhpglLRXtuxBPzBEbRn7UQ0zj24iOe8QCPvqeNG_nQExKz3rn1eVHZJP9iQ7ffaAteBbrlQ48VuyBYG_07TFl0C1zJmWMEkZtxJI-yXW7wHPJ2QrvusQlE1LQn9zTTXau-NlMmF1A8_7iwM7UL2s9AIQLyvM9RPVWD49WGagsnnHowxlvdGYjtX2z9SOyjhAR2X0LOdei40lOsZIZJnRuuG_knhek66OgX8BXxF-WIE8qOA_AqeqDeJ4FQhQb-vf4CdlKJDhRJqr9x46UCz7t_M6wuVMpjnIS02mfNe7rkBHLpGZj3KFfiP6YLeQiQXlrkIkQjhJjlVHfl9Yx9YDVTPKBpLSZdhZEBy7VLftZmUHF6qNqC0obRizY?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0

139.45.197.242

43 B

URL
gishejuy.com/impression/7imzaDmG03yg8wmDG7k-ln7JwZjGQ1ut1DIwFEXLCjziuPymY7KOkpLU1Fp6my2DbMOiJticf2iww5wpdlUCLyrT6GLwMqLxa_klKs1eZl-nLmFJABTDrjchzdpOFCdxbzfIOhKComCIg6k0GbW0nwErJKdASwk-6tvWOQ_u1KwS_F8Q9MtnVhjpyGHKpewyRoWsS0cxl7SSDDkwmVb0VDOMcAXvjOc_zvIFHF1TvVsNJjBKZZYoGgO2LWWOvZOV3NiTx3EzzTFCjyzNkXYDVytKhpglLRXtuxBPzBEbRn7UQ0zj24iOe8QCPvqeNG_nQExKz3rn1eVHZJP9iQ7ffaAteBbrlQ48VuyBYG_07TFl0C1zJmWMEkZtxJI-yXW7wHPJ2QrvusQlE1LQn9zTTXau-NlMmF1A8_7iwM7UL2s9AIQLyvM9RPVWD49WGagsnnHowxlvdGYjtX2z9SOyjhAR2X0LOdei40lOsZIZJnRuuG_knhek66OgX8BXxF-WIE8qOA_AqeqDeJ4FQhQb-vf4CdlKJDhRJqr9x46UCz7t_M6wuVMpjnIS02mfNe7rkBHLpGZj3KFfiP6YLeQiQXlrkIkQjhJjlVHfl9Yx9YDVTPKBpLSZdhZEBy7VLftZmUHF6qNqC0obRizY?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0
IP
139.45.197.242:0
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/7imzaDmG03yg8wmDG7k-ln7JwZjGQ1ut1DIwFEXLCjziuPymY7KOkpLU1Fp6my2DbMOiJticf2iww5wpdlUCLyrT6GLwMqLxa_klKs1eZl-nLmFJABTDrjchzdpOFCdxbzfIOhKComCIg6k0GbW0nwErJKdASwk-6tvWOQ_u1KwS_F8Q9MtnVhjpyGHKpewyRoWsS0cxl7SSDDkwmVb0VDOMcAXvjOc_zvIFHF1TvVsNJjBKZZYoGgO2LWWOvZOV3NiTx3EzzTFCjyzNkXYDVytKhpglLRXtuxBPzBEbRn7UQ0zj24iOe8QCPvqeNG_nQExKz3rn1eVHZJP9iQ7ffaAteBbrlQ48VuyBYG_07TFl0C1zJmWMEkZtxJI-yXW7wHPJ2QrvusQlE1LQn9zTTXau-NlMmF1A8_7iwM7UL2s9AIQLyvM9RPVWD49WGagsnnHowxlvdGYjtX2z9SOyjhAR2X0LOdei40lOsZIZJnRuuG_knhek66OgX8BXxF-WIE8qOA_AqeqDeJ4FQhQb-vf4CdlKJDhRJqr9x46UCz7t_M6wuVMpjnIS02mfNe7rkBHLpGZj3KFfiP6YLeQiQXlrkIkQjhJjlVHfl9Yx9YDVTPKBpLSZdhZEBy7VLftZmUHF6qNqC0obRizY?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.311.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:23 GMT
content-type: image/gif
content-length: 43
x-trace-id: fa952fa4586fbedeb70dced6227593b9
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png

104.22.33.172

200 OK

66 kB

URL GET HTTP/2
offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
66 kB (66121 bytes)
Hash
3d08aacb36c7474e0d13b60f8f4adc14
e4af2de372b5e3a2211579a5973ef7ed160e7be4
54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c

HTTP Headers

GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:23 GMT
content-type: image/png
content-length: 66121
last-modified: Mon, 12 Oct 2020 05:50:58 GMT
etag: "5f83eec2-10249"
expires: Tue, 28 Nov 2023 15:03:52 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 29491
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12a95cd32d95-ARN
X-Firefox-Spdy: h2

cdn.uponelectabuzzor.club/11?rnd=2344286588&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=0&rcvdbc=0&btp=1&rb=AMlBOBN6jnnwPsQCKvOZKwyvW5PteKIpMGeXernMHimDSyvZ1UQzN8Koess8PoiTiE2leV5ojkPgSW504sV592mermGYnoPdiL9F3C9M-a1Wdb5XFHPcRqOOYg-x7BEaG_6tPiImzoI_Ezd-4i-agkWWA0PSqAUq7Mo_YzVt049BK7y4h_O_OEBlwxry5PuuqRGo4x9YWFh-4XLAC3bHnfaExCLatTmnOrob3pzKTK5orW2CIq5mUq_TgyF7mzhiPem_5drUEfhlXzoMfAw-d4jIaJen2YnniEu5dV1E2uqr9yZyLNRm81qQxG61On-x2-FXDLBZt0fZC7FA-v6pHw45WzpKyZQW9tBs_CqsvS1PPF0HMaCXU4qNfctuJwmkh2bnE0UhZyA5IWeJvj-u2wX_Q_X8yKRIi05KBQ3ENPoifIXEXAymawZuHal0C15GttQdSU6DdvEzCALZ9OgFyqJrKVejSq1I_FXbJmw7DO4Dyrqoo7lyBOSj4Kv8CwiUk1bpOFfWE00s42dHRgUnNJjhdJNQfVR2XaIAQHZ08xEPRGppWRooFz-gDb2bLSRjKSL2J95ij0b_4ZctbTZF8JB9cDhNTtCqXsD9lIrDziUsr4aLNKZwx_3GfaFYYyUuHiKhs2cTZcrEIk5qQV1pbPVfLR2r61HT5tT_Tg==&ruid=34dcecc4-312c-470e-a196-97a0461c5326&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.239

0 B

URL
cdn.uponelectabuzzor.club/11?rnd=2344286588&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=0&rcvdbc=0&btp=1&rb=AMlBOBN6jnnwPsQCKvOZKwyvW5PteKIpMGeXernMHimDSyvZ1UQzN8Koess8PoiTiE2leV5ojkPgSW504sV592mermGYnoPdiL9F3C9M-a1Wdb5XFHPcRqOOYg-x7BEaG_6tPiImzoI_Ezd-4i-agkWWA0PSqAUq7Mo_YzVt049BK7y4h_O_OEBlwxry5PuuqRGo4x9YWFh-4XLAC3bHnfaExCLatTmnOrob3pzKTK5orW2CIq5mUq_TgyF7mzhiPem_5drUEfhlXzoMfAw-d4jIaJen2YnniEu5dV1E2uqr9yZyLNRm81qQxG61On-x2-FXDLBZt0fZC7FA-v6pHw45WzpKyZQW9tBs_CqsvS1PPF0HMaCXU4qNfctuJwmkh2bnE0UhZyA5IWeJvj-u2wX_Q_X8yKRIi05KBQ3ENPoifIXEXAymawZuHal0C15GttQdSU6DdvEzCALZ9OgFyqJrKVejSq1I_FXbJmw7DO4Dyrqoo7lyBOSj4Kv8CwiUk1bpOFfWE00s42dHRgUnNJjhdJNQfVR2XaIAQHZ08xEPRGppWRooFz-gDb2bLSRjKSL2J95ij0b_4ZctbTZF8JB9cDhNTtCqXsD9lIrDziUsr4aLNKZwx_3GfaFYYyUuHiKhs2cTZcrEIk5qQV1pbPVfLR2r61HT5tT_Tg==&ruid=34dcecc4-312c-470e-a196-97a0461c5326&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.239:0
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectuponelectabuzzor.club
Fingerprint66:71:5C:D8:AF:E5:DB:07:DA:19:17:92:2D:4D:26:2C:62:C6:30:A6
ValidityTue, 24 Oct 2023 23:42:37 GMT - Mon, 22 Jan 2024 23:42:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /11?rnd=2344286588&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=0&rcvdbc=0&btp=1&rb=AMlBOBN6jnnwPsQCKvOZKwyvW5PteKIpMGeXernMHimDSyvZ1UQzN8Koess8PoiTiE2leV5ojkPgSW504sV592mermGYnoPdiL9F3C9M-a1Wdb5XFHPcRqOOYg-x7BEaG_6tPiImzoI_Ezd-4i-agkWWA0PSqAUq7Mo_YzVt049BK7y4h_O_OEBlwxry5PuuqRGo4x9YWFh-4XLAC3bHnfaExCLatTmnOrob3pzKTK5orW2CIq5mUq_TgyF7mzhiPem_5drUEfhlXzoMfAw-d4jIaJen2YnniEu5dV1E2uqr9yZyLNRm81qQxG61On-x2-FXDLBZt0fZC7FA-v6pHw45WzpKyZQW9tBs_CqsvS1PPF0HMaCXU4qNfctuJwmkh2bnE0UhZyA5IWeJvj-u2wX_Q_X8yKRIi05KBQ3ENPoifIXEXAymawZuHal0C15GttQdSU6DdvEzCALZ9OgFyqJrKVejSq1I_FXbJmw7DO4Dyrqoo7lyBOSj4Kv8CwiUk1bpOFfWE00s42dHRgUnNJjhdJNQfVR2XaIAQHZ08xEPRGppWRooFz-gDb2bLSRjKSL2J95ij0b_4ZctbTZF8JB9cDhNTtCqXsD9lIrDziUsr4aLNKZwx_3GfaFYYyUuHiKhs2cTZcrEIk5qQV1pbPVfLR2r61HT5tT_Tg==&ruid=34dcecc4-312c-470e-a196-97a0461c5326&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=83e5bcd6d2ab4116b2d8c287040b8a48; oaidts=1701126911
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:27 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 1d98df2a67a3a7218481aa52b1b5f3dc
access-control-expose-headers: X-Sc
set-cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48; expires=Tue, 26 Nov 2024 23:15:27 GMT; secure; SameSite=None
oaidts=1701126911; expires=Tue, 26 Nov 2024 23:15:27 GMT; secure; SameSite=None
oaidvc=1; expires=Tue, 26 Nov 2024 23:15:27 GMT; secure; SameSite=None
CNT=1_v1_Z94GAQEAAADoTAAA; expires=Tue, 28 Nov 2023 00:15:27 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 04:53:27 GMT
expires: Fri, 22 Nov 2024 04:53:27 GMT
cache-control: public, max-age=31536000
age: 411720
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css

104.18.11.207

200 OK

27 kB

URL GET HTTP/3
netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (26548)
Size
27 kB (26711 bytes)
Hash
0831cba6a670e405168b84aa20798347
05ea25bc9b3ac48993e1fee322d3bc94b49a6e22
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

HTTP Headers

GET /font-awesome/4.4.0/css/font-awesome.min.css HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"0831cba6a670e405168b84aa20798347"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 11/18/2022 06:19:10
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 863
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2562857f0a167db0963d48453a4431f8
cdn-cache: HIT
cf-cache-status: HIT
age: 417192
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ce12585e0cb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tzegilo.com/stattag.js

104.21.11.245

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
104.21.11.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint52:B8:ED:73:BB:55:6F:9C:F8:97:7C:04:34:2B:AD:DB:55:0A:C9:6A
ValidityThu, 05 Oct 2023 17:59:18 GMT - Wed, 03 Jan 2024 17:59:17 GMT

File type
ASCII text, with very long lines (18369)
Size
19 kB (19019 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2885
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTLDnrCnS8yLkYo9UWzaRNah44o76cQCC2MdyVI6ir3z0coW0Vd0ZHSp4mhhkwZSvRnZIg6uljUB0cIof2xnG9JkXenM0lwS8kvGuFIPvFsdou6TOmhGmtsP9nqsMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce1256ff89b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wws.brstej.com/index_old.php

172.67.156.10

302 Found

935 kB

URL User Request GET HTTP/3
wws.brstej.com/index_old.php
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type

Size
935 kB (935203 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index_old.php HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Mon, 27 Nov 2023 23:15:08 GMT
content-type: text/html; charset=UTF-8
location: /ind5
cache-control: max-age=2592000
expires: Tue, 28 Nov 2023 19:53:57 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H24BmGJ%2F1DJH3j6NPJ7yxd32naBiTH9KnGmv%2BdlSoTt%2Ff4KG1x5Le7QbqfmXUmxEFUTn0txKyVzfDFLdAz%2BxrI88VYL2JmTeZLHs7dzIX3LWAyLl28b9CO%2BCbtnIf%2BEI1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce124b5e3eb4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/54fa3880.jpg

172.67.156.10

200 OK

210 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/54fa3880.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
210 kB (210293 bytes)
Hash
19bac9d84db9b44f1fab55070817c890
62824211e345a07ba9b8ecd7d602c2188d411cc2
45eb28c2a99aa08a548095828266311cb551ce80fcb94b61d17c309b640db83e

HTTP Headers

GET /uploads/articles/54fa3880.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515; cf_clearance=hsfLX0RvgKqYX38VsN8SLzEaEDrtRbj9TtggiGPFBRw-1701126911-0-1-730ca2d2.73a07051.5b213570-0.2.1701126911; prefetchAd_2617099=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: image/jpeg
content-length: 210293
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sun, 24 Dec 2023 20:28:36 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 398182
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=554zQI7FGrQsovW%2FoCtzhreaB568cQFZ1QawZTdUMuzlLUWR9QA57UnlgYcVYjYRB11%2BtIkwL30zk%2Bx4kmkCAaLaEWcwt3w%2F9fnJrQlvXF3Jotx%2F9WZhwbqDzgPyBsdtVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce125a5fcfb4f1-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700

142.250.74.106

200 OK

12 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text
Size
12 kB (11978 bytes)
Hash
06596cfa2dee431129c328e050b9fb2a
1a991c51ab2b2da5647e83f481e7d18d60a45b3b
bf6fe0ffee1d57731da4d1cf3cfe88e1effa9b36c51a85018a91ed43b91c3de6

HTTP Headers

GET /css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 27 Nov 2023 23:15:10 GMT
date: Mon, 27 Nov 2023 23:15:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wws.brstej.com/templates/echo/js/jquery.readmore.js

172.67.156.10

200 OK

3.4 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jquery.readmore.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3525), with no line terminators
Size
3.4 kB (3399 bytes)
Hash
c6979ecdd1afd6a79e4c9d8b62bfd064
e5e8f421833447bee665616bfc9fda7bc705d78f
8ba9cdb40fceabda5c5ad2269d4546003256e4c0a770687343cee216fe267cb0

HTTP Headers

GET /templates/echo/js/jquery.readmore.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=3422
expires: Fri, 08 Dec 2023 08:39:13 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 235943
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OcjccS4I0ir92XlYPiA3oK1dnFN%2BKvwMKrLFivx9IV3LdR6ZEkimO8hrX8lo82%2FK%2FnT1GktEqTDxoGVEjbCotKBvZeM5Egw45YLER7y3E1n9K%2FZ8aPFzYMP2XRPV9JV3lg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce1252faf4b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/js/melody.dev.js

172.67.156.10

200 OK

16 kB

URL GET HTTP/3
wws.brstej.com/js/melody.dev.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2302)
Size
16 kB (15865 bytes)
Hash
f2bf056198be59f92547935fd4c968f0
cba85174a3d6d68fcff3a2e6238f1d6150b58fce
244926b75ad193faf7a694c602d5819576e2d953dc43849395dedfa841f5ea53

HTTP Headers

GET /js/melody.dev.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=23108
expires: Sat, 02 Dec 2023 04:53:32 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1765615
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h0nmVLLWmxdi599qjm3UU5hXQMxJB5whjvsBH2r6EKgw1rudBLvBUjIdj%2FMgiL6I%2BqqXZ%2BDUoqwlWF8IsxYwJWvWT8Q8%2FZMv98%2BTC3PhNN1ZdoDzj4OWLxyX0ZX8FHxQdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce12530b00b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/js/jquery.plugins.a.js

172.67.156.10

200 OK

9.5 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jquery.plugins.a.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9736), with no line terminators
Size
9.5 kB (9490 bytes)
Hash
4983c6c466a34742eab06d54aa11c249
4f14efc4cbf9f23228dea8e955bd14247111d5df
6f05eefe0dec7b5f620b6af01a87efeb1d59dd64f912abb4bbd7468b314d0a26

HTTP Headers

GET /templates/echo/js/jquery.plugins.a.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=9792
expires: Fri, 08 Dec 2023 08:39:13 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 232777
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p6ZElfbK3UADltuAljNAwJBY8JjWit%2FlfvkRCF48ews4KqK6NQs2oRq8UAahYF1C%2BqKBXNRvlzgTzfruy%2FaiefLDj0VJjPtKFiKP3Zt%2BrcZC9H5n8rVAa%2Fj92KbzuBuDnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce12530b0cb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

woafoame.net/5/2617099

139.45.197.239

200 OK

85 kB

URL GET HTTP/2
woafoame.net/5/2617099
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectwoafoame.net
FingerprintE3:2F:7A:22:82:C1:58:3E:ED:8E:C3:CB:C7:B7:63:74:00:74:85:61
ValidityMon, 11 Sep 2023 05:16:15 GMT - Sun, 10 Dec 2023 05:16:14 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
85 kB (84875 bytes)
Hash
d11d6febb0c68c83a429f96b385a5075
acfbc9740d8c0e9bf6656fc65daeedc7ecef383a
93cc95e7f72aa59ebc64241af2100caea8f84612bc9571a3851f8767a7586c4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/2617099 HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: application/javascript
x-trace-id: 749b95aaefcdf0705381fb61b3f253b9
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48; expires=Tue, 26 Nov 2024 23:15:09 GMT; path=/; secure; SameSite=None
oaidts=1701126909; expires=Tue, 26 Nov 2024 23:15:09 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

wws.brstej.com/templates/echo/js/jasny-bootstrap.min.js

172.67.156.10

200 OK

20 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jasny-bootstrap.min.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (343)
Size
20 kB (20042 bytes)
Hash
f6b6e524d29d54ada53e4172b9d91cf7
427153c7a2d83d2ca800e397779f29b857801ad2
e7ad856551c720cb7c6a24a8bf4a9d6b6b24c24f07109cde96366338e53a4ff8

HTTP Headers

GET /templates/echo/js/jasny-bootstrap.min.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Thu, 30 Nov 2023 04:51:08 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 507537
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0vxQipvjXKoS%2Fx2dZMcQq%2F%2Frl8Y2vST3au%2Fl%2BWXqPIaIPOQehBD3L7870Iye0iTrMvXeRJNPq%2FgcKzYwRLp%2BnBgCdgwSg%2Br1WWbb5KkPEnZuRzrjZkcAVd8CxOQTN6NBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce1252fafab4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
FingerprintA4:AF:A0:00:99:C9:85:E5:30:F6:F3:F2:B5:4F:AE:4F:D0:46:74:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
6949f52318584a4b51c719a9b84a7287
9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905
72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1357
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 27 Nov 2023 23:15:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://wws.brstej.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

wws.brstej.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

172.67.156.10

200 OK

12 kB

URL GET HTTP/3
wws.brstej.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (12331)
Size
12 kB (12332 bytes)
Hash
88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: application/javascript
last-modified: Thu, 16 Nov 2023 21:55:48 GMT
etag: W/"65568fe4-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnpUhvBTTS7z4whm6XbKFJFjkwBdV65Up9ulQ53vZSlohHu7gitzq7iaKAix0QCCmBuwoMXtTlLoTAdAgh3qa%2BzqkPtb%2BWiPw8dB4vP%2BWa%2Fq0f6I4%2FtTe%2BH5C%2FTn0Z%2BoKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce1250390cb4f1-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Wed, 29 Nov 2023 23:15:09 GMT
cache-control: max-age=172800, public
content-encoding: gzip

d3x2.myfastcdn.com/www/images/f15dbe580a237f0d067aa9c11c74f177.png?width=984

172.66.40.155

200 OK

43 kB

URL GET HTTP/2
d3x2.myfastcdn.com/www/images/f15dbe580a237f0d067aa9c11c74f177.png?width=984
IP
172.66.40.155:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint9B:E0:88:3B:1B:31:56:B9:D9:94:4F:4F:54:13:FB:0B:2F:17:37:7F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
43 kB (42760 bytes)
Hash
30dfa8f99fd1b894a13124afca5d3f0b
1a633e0cd811da1c79144281db3e4cb1fa0b758a
4e1e68518abbc63ade654c8b3c511879445421873579cf422c60c70808807881

HTTP Headers

GET /www/images/f15dbe580a237f0d067aa9c11c74f177.png?width=984 HTTP/1.1
Host: d3x2.myfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:12 GMT
content-type: image/webp
content-length: 42760
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
edge-cache-tag: 614095050190827332879261464066804609414,613570411217116831189459287628353010494,29ecf9b93bbf306179626feeda1fab70
etag: "a1772a76de23e0060a65906211d11fee"
last-modified: Thu, 26 Oct 2023 12:46:23 GMT
req-referer: https://sportshub.stream/
status: 200 OK
surrogate-reporting: width=900,height=600,bytes=78438,owidth=900,oheight=600,obytes=322865
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 2072
x-backend-name: LA_nlb204
cache-control: max-age=86400
age: 48728
vary: ImageFormat, Accept-Encoding
x-vcl-time-ms: 1
expires: Tue, 28 Nov 2023 09:43:04 GMT
timing-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 82ce1261dde9b4f1-OSL
X-Firefox-Spdy: h2

cdn.uponelectabuzzor.club/11?rnd=2344286588&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=AMlBOBN6jnnwPsQCKvOZKwyvW5PteKIpMGeXernMHimDSyvZ1UQzN8Koess8PoiTiE2leV5ojkPgSW504sV592mermGYnoPdiL9F3C9M-a1Wdb5XFHPcRqOOYg-x7BEaG_6tPiImzoI_Ezd-4i-agkWWA0PSqAUq7Mo_YzVt049BK7y4h_O_OEBlwxry5PuuqRGo4x9YWFh-4XLAC3bHnfaExCLatTmnOrob3pzKTK5orW2CIq5mUq_TgyF7mzhiPem_5drUEfhlXzoMfAw-d4jIaJen2YnniEu5dV1E2uqr9yZyLNRm81qQxG61On-x2-FXDLBZt0fZC7FA-v6pHw45WzpKyZQW9tBs_CqsvS1PPF0HMaCXU4qNfctuJwmkh2bnE0UhZyA5IWeJvj-u2wX_Q_X8yKRIi05KBQ3ENPoifIXEXAymawZuHal0C15GttQdSU6DdvEzCALZ9OgFyqJrKVejSq1I_FXbJmw7DO4Dyrqoo7lyBOSj4Kv8CwiUk1bpOFfWE00s42dHRgUnNJjhdJNQfVR2XaIAQHZ08xEPRGppWRooFz-gDb2bLSRjKSL2J95ij0b_4ZctbTZF8JB9cDhNTtCqXsD9lIrDziUsr4aLNKZwx_3GfaFYYyUuHiKhs2cTZcrEIk5qQV1pbPVfLR2r61HT5tT_Tg==&ruid=34dcecc4-312c-470e-a196-97a0461c5326&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=89

139.45.197.239

200 OK

0 B

URL GET HTTP/2
cdn.uponelectabuzzor.club/11?rnd=2344286588&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=AMlBOBN6jnnwPsQCKvOZKwyvW5PteKIpMGeXernMHimDSyvZ1UQzN8Koess8PoiTiE2leV5ojkPgSW504sV592mermGYnoPdiL9F3C9M-a1Wdb5XFHPcRqOOYg-x7BEaG_6tPiImzoI_Ezd-4i-agkWWA0PSqAUq7Mo_YzVt049BK7y4h_O_OEBlwxry5PuuqRGo4x9YWFh-4XLAC3bHnfaExCLatTmnOrob3pzKTK5orW2CIq5mUq_TgyF7mzhiPem_5drUEfhlXzoMfAw-d4jIaJen2YnniEu5dV1E2uqr9yZyLNRm81qQxG61On-x2-FXDLBZt0fZC7FA-v6pHw45WzpKyZQW9tBs_CqsvS1PPF0HMaCXU4qNfctuJwmkh2bnE0UhZyA5IWeJvj-u2wX_Q_X8yKRIi05KBQ3ENPoifIXEXAymawZuHal0C15GttQdSU6DdvEzCALZ9OgFyqJrKVejSq1I_FXbJmw7DO4Dyrqoo7lyBOSj4Kv8CwiUk1bpOFfWE00s42dHRgUnNJjhdJNQfVR2XaIAQHZ08xEPRGppWRooFz-gDb2bLSRjKSL2J95ij0b_4ZctbTZF8JB9cDhNTtCqXsD9lIrDziUsr4aLNKZwx_3GfaFYYyUuHiKhs2cTZcrEIk5qQV1pbPVfLR2r61HT5tT_Tg==&ruid=34dcecc4-312c-470e-a196-97a0461c5326&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=89
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectuponelectabuzzor.club
Fingerprint66:71:5C:D8:AF:E5:DB:07:DA:19:17:92:2D:4D:26:2C:62:C6:30:A6
ValidityTue, 24 Oct 2023 23:42:37 GMT - Mon, 22 Jan 2024 23:42:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /11?rnd=2344286588&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=AMlBOBN6jnnwPsQCKvOZKwyvW5PteKIpMGeXernMHimDSyvZ1UQzN8Koess8PoiTiE2leV5ojkPgSW504sV592mermGYnoPdiL9F3C9M-a1Wdb5XFHPcRqOOYg-x7BEaG_6tPiImzoI_Ezd-4i-agkWWA0PSqAUq7Mo_YzVt049BK7y4h_O_OEBlwxry5PuuqRGo4x9YWFh-4XLAC3bHnfaExCLatTmnOrob3pzKTK5orW2CIq5mUq_TgyF7mzhiPem_5drUEfhlXzoMfAw-d4jIaJen2YnniEu5dV1E2uqr9yZyLNRm81qQxG61On-x2-FXDLBZt0fZC7FA-v6pHw45WzpKyZQW9tBs_CqsvS1PPF0HMaCXU4qNfctuJwmkh2bnE0UhZyA5IWeJvj-u2wX_Q_X8yKRIi05KBQ3ENPoifIXEXAymawZuHal0C15GttQdSU6DdvEzCALZ9OgFyqJrKVejSq1I_FXbJmw7DO4Dyrqoo7lyBOSj4Kv8CwiUk1bpOFfWE00s42dHRgUnNJjhdJNQfVR2XaIAQHZ08xEPRGppWRooFz-gDb2bLSRjKSL2J95ij0b_4ZctbTZF8JB9cDhNTtCqXsD9lIrDziUsr4aLNKZwx_3GfaFYYyUuHiKhs2cTZcrEIk5qQV1pbPVfLR2r61HT5tT_Tg==&ruid=34dcecc4-312c-470e-a196-97a0461c5326&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=89 HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=83e5bcd6d2ab4116b2d8c287040b8a48; oaidts=1701126911
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:12 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 6c112fd90c68ecad7aebe83c13310191
access-control-expose-headers: X-Sc
set-cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48; expires=Tue, 26 Nov 2024 23:15:12 GMT; secure; SameSite=None
oaidts=1701126911; expires=Tue, 26 Nov 2024 23:15:12 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

wws.brstej.com/templates/echo/css/fonts/Droid.Arabic.Kufi.ttf

172.67.156.10

200 OK

82 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/css/fonts/Droid.Arabic.Kufi.ttf
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Digitized data copyright \251 2010, Google Corporation.RegularDroid Arabic Kufi:Version 1.00Vers\012- data
Size
82 kB (81544 bytes)
Hash
a0c3e1769ab6afabe688540dfa7047cd
d50de62714d47f0175a0468ce3693358b87fb286
31c6665135ae41b092153cd6480be82fad706ca9bd465784be70c00b8643308d

HTTP Headers

GET /templates/echo/css/fonts/Droid.Arabic.Kufi.ttf HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: font/ttf
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
access-control-allow-origin: *
expires: Mon, 01 Jan 2024 02:09:07 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 1765761
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0BDZvqlaeRJy%2BqMY0dxsFiI%2FPgRI%2FKBk0Xidaz%2Fa%2FDV7BrzaBjpRhnI9DcWIXIV%2Bkf%2B632C9XONndy0bXNyh62xYrBXzQMxVEcLmSF4NpPSwhkx6%2BCA2dlFG4Ms5od%2FywQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce1250f98ab4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/img/favicon-16x16.png

172.67.156.10

200 OK

4.4 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/img/favicon-16x16.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
PNG image data, 116 x 73, 8-bit/color RGBA, non-interlaced\012- data
Size
4.4 kB (4380 bytes)
Hash
103f4ecf53114bcc8f93ae36529c4f09
44a0fcb9df587157f7ac86b44481ce170150715d
ecca4c221950231379c89c45ffe8580621f9e80e1d77a453861502f61a01db7a

HTTP Headers

GET /templates/echo/img/favicon-16x16.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: image/png
content-length: 4380
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Thu, 11 Jan 2024 05:09:13 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 414571
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1owQjl7w6xHYqHRA%2Bo1CcVO9%2F0JZ0n%2BsAeNZiuCQvJlAWCWrq77E7KY0dbR3gVoXK5XUz7DrNptd7%2BUly%2FJkMVm9u%2F%2BNH6%2Fc%2FHY70PEIBrsJmqLqUHtXcu1nHqr8IUUhYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce12560cf9b4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/play.png

172.67.156.10

404 Not Found

315 B

URL GET HTTP/3
wws.brstej.com/play.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /play.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: HIT
age: 83
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FT5DwkDRWUwwnTEBAeyGCwcOG1dJXIzuoMDMepONHsUbn3W5ZNgDkZmuu%2Bg1K94jY51MzXKEL1dvS%2BcngtTQd%2FrHafF1mJOokkv85lkWVTY%2FgIhcov9PXYSSHaPIKkb%2BUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce1250f989b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/js/melody.dev.js

172.67.156.10

200 OK

5.5 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/melody.dev.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5563), with no line terminators
Size
5.5 kB (5480 bytes)
Hash
b9e7f1086ce052fb015b62ba9b802cc8
028189983cce5f22f346b9f9a944ee97eb19e9bd
b437704f63a38076015a3c20504d59e6fd292e14e7267eec35715621c05c36a9

HTTP Headers

GET /templates/echo/js/melody.dev.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=7677
expires: Mon, 11 Dec 2023 06:23:58 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 317919
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmULaz9g3pNQNFsRFj4Cmft%2BnbUJmhwQ0Er0S0b7dlQk6YO0i9lna5BHw3iTrwxTDaTWziJWR8c9KW0mfBUBHGUU9odXoQRXep8xI%2Bt%2BqSPknFI3lUSiuVUNt0RQLY4B%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce1252fafcb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/js/jquery.typewatch.js

172.67.156.10

200 OK

1.4 kB

URL GET HTTP/3
wws.brstej.com/js/jquery.typewatch.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1476), with no line terminators
Size
1.4 kB (1440 bytes)
Hash
f3989a1b6fad291e198cac5399cb0bd7
4e98f0e4f6c96bef7e8d95be4af3b772895ca1ff
d9ee03f77286531633c2ea6bc7dcc3141322ecb2967e57990a280ad719c2d5c8

HTTP Headers

GET /js/jquery.typewatch.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=1745
expires: Thu, 30 Nov 2023 11:09:27 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 73755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yFF2PNGoF3EdBj7PdTjC2JpGAHj6fTOacyC6kPgdPTtrjoWacpnHDxOvx8L7pyCD%2BXkiYc8wPcN2lUbMxY9%2FneNi4FpjOuYT3OsHOIDgoLg%2F%2Bt7zMOvMnqoPlJFEWuxW8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce12530b0bb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

104.17.25.14

200 OK

21 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20831)
Size
21 kB (21004 bytes)
Hash
56456db9d72a4b380ed3cb63095e6022
6dbce88aee15b42f29083df7a07513cf3b486ba0
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

HTTP Headers

GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 6646
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-520c"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 247835
expires: Sat, 16 Nov 2024 23:15:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o3n53OjCg0vYAgfVd2WpqTfkqvosaMc1bKqJN%2BSviPvKlNTP8yxqYQwFMY%2B1AedRlTGx0vNWpW52gHrLFsBanT2DL7XXStVaQjRNU61B3Q0p6%2B%2FXqgSg%2FKIvPoNfNu826jgne3tR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82ce12536aaf712f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

rndskittytor.com/400/3002587

139.45.197.238

200 OK

82 kB

URL GET HTTP/2
rndskittytor.com/400/3002587
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrndskittytor.com
FingerprintAC:9B:9A:F0:9C:CB:23:E1:7C:C9:2E:F8:51:13:30:5E:E9:82:25:70
ValidityMon, 11 Sep 2023 14:17:26 GMT - Sun, 10 Dec 2023 14:17:25 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
82 kB (82325 bytes)
Hash
c7ee6ede6251aa6159d3ad5c8817e674
d9e722b0346571eb104eeaf535a96eb29ad32c9f
fc15ccc14597d60bfef83afceda64122bf5e4f1d38daa045defbaac47b5a8964

HTTP Headers

GET /400/3002587 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: application/javascript
x-trace-id: ef3efbd1a77aa55e5e0102d9c4563952
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=b3dac12ca3484d8d825ea9cc7e5b8ed8; expires=Tue, 26 Nov 2024 23:15:10 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

woafoame.net/?rb=_cLonrKzrvZGTkDkW8IvL8ts2zb_x1J7vK0m6GvO8PF0H57SNxxVBpWbjhEQus1OXudUv3irzIfw6ssTAs26QQFk9PTEnSV-8wHukgbsLVaJrKWDOwj_pHUhmJbJojPMTlYZeq5QQRxjEiBqyJiclwrcyoZ5h9sj2Ttbjb5--BvN63jlnSPOdsbBdrnLQqaOKouLnUUEiP37PCtdOskT4SYN6Q-M2A_jzSc894ZEO68%3D&request_ab2=0&zoneid=2617099&js_build=iclick-v1.633.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.633.0&bs=836f80bb-ea02-40e1-86ac-db477b03033e&userId=83e5bcd6d2ab4116b2d8c287040b8a48&m=link

139.45.197.239

200 OK

2.1 kB

URL GET HTTP/2
woafoame.net/?rb=_cLonrKzrvZGTkDkW8IvL8ts2zb_x1J7vK0m6GvO8PF0H57SNxxVBpWbjhEQus1OXudUv3irzIfw6ssTAs26QQFk9PTEnSV-8wHukgbsLVaJrKWDOwj_pHUhmJbJojPMTlYZeq5QQRxjEiBqyJiclwrcyoZ5h9sj2Ttbjb5--BvN63jlnSPOdsbBdrnLQqaOKouLnUUEiP37PCtdOskT4SYN6Q-M2A_jzSc894ZEO68%3D&request_ab2=0&zoneid=2617099&js_build=iclick-v1.633.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.633.0&bs=836f80bb-ea02-40e1-86ac-db477b03033e&userId=83e5bcd6d2ab4116b2d8c287040b8a48&m=link
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectwoafoame.net
FingerprintE3:2F:7A:22:82:C1:58:3E:ED:8E:C3:CB:C7:B7:63:74:00:74:85:61
ValidityMon, 11 Sep 2023 05:16:15 GMT - Sun, 10 Dec 2023 05:16:14 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2128), with no line terminators
Size
2.1 kB (2099 bytes)
Hash
717e04e6cabc846d90fa1b855ba68a5a
d62f7127694fc3de4cd7c730c27f528743e518cf
a194ed1b0930c45145e6662ac3e8ccd680e06eafbcc29c66a7d0604352c7c564

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=_cLonrKzrvZGTkDkW8IvL8ts2zb_x1J7vK0m6GvO8PF0H57SNxxVBpWbjhEQus1OXudUv3irzIfw6ssTAs26QQFk9PTEnSV-8wHukgbsLVaJrKWDOwj_pHUhmJbJojPMTlYZeq5QQRxjEiBqyJiclwrcyoZ5h9sj2Ttbjb5--BvN63jlnSPOdsbBdrnLQqaOKouLnUUEiP37PCtdOskT4SYN6Q-M2A_jzSc894ZEO68%3D&request_ab2=0&zoneid=2617099&js_build=iclick-v1.633.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.633.0&bs=836f80bb-ea02-40e1-86ac-db477b03033e&userId=83e5bcd6d2ab4116b2d8c287040b8a48&m=link HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48; oaidts=1701126909
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:10 GMT
content-type: application/json
x-trace-id: 1c1e27af0cb14fe3c29404aaeb12a473
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://wws.brstej.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=83e5bcd6d2ab4116b2d8c287040b8a48; expires=Tue, 26 Nov 2024 23:15:10 GMT; path=/; secure; SameSite=None
oaidts=1701126910; expires=Tue, 26 Nov 2024 23:15:10 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 04 Dec 2023 23:15:10 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

pushagim.com/pfe/current/extra.min.js?z=3475873&var=3002587

139.45.197.250

200 OK

18 kB

URL GET HTTP/2
pushagim.com/pfe/current/extra.min.js?z=3475873&var=3002587
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectpushagim.com
Fingerprint4E:CB:50:CB:A3:58:61:9D:E9:C7:EC:16:25:D6:65:A7:30:39:68:FC
ValidityMon, 06 Nov 2023 16:36:27 GMT - Sun, 04 Feb 2024 16:36:26 GMT

File type
ASCII text, with very long lines (17550), with no line terminators
Size
18 kB (17550 bytes)
Hash
d2b5377db87e56c74bc3c5e251087c27
522da126538d1db8adb63807d015bcc1fdea7a08
4eb3196601dab0886c740cde2fa9adf527e06b9e7c58c3dce8ad46dba0bb8b07

HTTP Headers

GET /pfe/current/extra.min.js?z=3475873&var=3002587 HTTP/1.1
Host: pushagim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2023 17:44:23 GMT
etag: W/"6564d577-448e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

wws.brstej.com/uploads/articles/5e7e25c0.jpg

172.67.156.10

200 OK

280 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/5e7e25c0.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
280 kB (280537 bytes)
Hash
b31bbb98e174cae3b7201cddae560788
056f522a98455017ce8dc5c4dde47c9f228f5c59
b3b6b93919e597533a5edf15bdf1847a40f53f1fd2cc144d8e7ff26ef67721a1

HTTP Headers

GET /uploads/articles/5e7e25c0.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515; cf_clearance=hsfLX0RvgKqYX38VsN8SLzEaEDrtRbj9TtggiGPFBRw-1701126911-0-1-730ca2d2.73a07051.5b213570-0.2.1701126911; prefetchAd_2617099=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: image/jpeg
content-length: 280537
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 30 Dec 2023 10:21:26 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 219528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d4Y6H3TYup%2FuKJyGv%2BN5Y%2F9PK%2BEmGJF43C%2BtkhwZWF%2BlW3hHUPTlRdPtDeC72RfXHhcYGaCDI9R2aflbyt8n9pmPLxM%2BQ1%2FO18pEIW%2BQ7L8SkIJX%2FRt3dZXv3pgbn5jFlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ce125a5fd0b4f1-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/ind5

172.67.156.10

200 OK

935 kB

URL User Request GET HTTP/3
wws.brstej.com/ind5
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type

Size
935 kB (935203 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ind5 HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Nov 2023 23:15:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
set-cookie: PHPSESSID=2fdb5ead5325c8c7d7dd612f0ec4c515; path=/
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxIFGJVxN6uRrktJDQszQfGUGc658wfhVI%2BcHIqSeGG4qJ6kmLoAqNkfXtJQCJKrNq%2BrLKRMzeWeZiEiKtwoy2mzmQZ640oWBDdUaaBO0Y0Qol1cPXzaiUm8U8VmsG1PaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ce124c7eeeb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.uponelectabuzzor.club/1?z=3360966&var=3002587

139.45.197.239

200 OK

43 kB

URL GET HTTP/2
cdn.uponelectabuzzor.club/1?z=3360966&var=3002587
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectuponelectabuzzor.club
Fingerprint66:71:5C:D8:AF:E5:DB:07:DA:19:17:92:2D:4D:26:2C:62:C6:30:A6
ValidityTue, 24 Oct 2023 23:42:37 GMT - Mon, 22 Jan 2024 23:42:36 GMT

File type
ASCII text, with very long lines (41880)
Size
43 kB (42953 bytes)
Hash
0cd979ffa6e239dd5d51181b5aa52bab
d9d6eec44be26bfb2804f413a46d0a71f1195576
1c9281c2a66d704fde46889fe2f9731441c52ffe0bf6e19e94b12b640bd65c29

HTTP Headers

GET /1?z=3360966&var=3002587 HTTP/1.1
Host: cdn.uponelectabuzzor.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Nov 2023 23:15:11 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 2f4855dea5560da9e4b028bb26e30578
access-control-expose-headers: X-Sc
x-sc: xZtx93pi3qI_Y1m8FxZ-tYYP_ECz2Dbn1Y8gkm57OPCJa0CqAyfrPS6IOibJZLH1JoW1ow40U-AzaaJwK2sLq2OSWnU=
set-cookie: scm=1; expires=Tue, 26 Nov 2024 23:15:11 GMT; secure; SameSite=None
OAID=a6d49c9df296470c9f0a9d41de411994; expires=Tue, 26 Nov 2024 23:15:11 GMT; secure; SameSite=None
oaidts=1701126911; expires=Tue, 26 Nov 2024 23:15:11 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (51)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML