Report - nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck

Report Overview

Visited public
2023-12-04 05:32:21
Tags
URL
nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Finishing URL
nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
IP / ASN
172.67.165.184
#13335 CLOUDFLARENET
Title
Регистрация - Quantum System

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nagtrfplwe.com	unknown	unknown	No data	No data	22 kB	5.5 MB	104.21.11.97
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-03 05:09:21	420 B	22 kB	151.101.129.229
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	934 B	3.3 kB	142.250.74.106
spoochihuahuaha.com	unknown	2023-07-07	2023-07-07 12:16:51	2023-11-08 04:47:29	414 B	1.9 kB	79.137.202.232
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	3.3 kB	81 kB	216.58.207.227
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-03 05:10:51	1.0 kB	131 kB	172.64.141.13

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed
2023-12-04	medium	nagtrfplwe.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	nagtrfplwe.com/lander/kvantum/bundles/modernizr.js	ScriptElement	11 kB	2023-03-07	2025-05-01
Pretty URL nagtrfplwe.com/lander/kvantum/bundles/modernizr.js IP 104.21.11.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-01 12:03 Times Seen302 Hash efeac4bcc64c045f413f90ceba3f836e f6e4af16612d2c740e0d62440fce784290eab928 9e83216908224ffbc39992a5e60f93ca21b8e2240ba28025ba679c4b70f7112d Loading...

	unknown	EventHandler	21 B	2023-04-10	2025-05-09
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 22:51 Last Seen2025-05-09 09:44 Times Seen5385 Hash e56ddbb05a974a6bc5ea44661e509a21 448d4cb69f9441e10731b1ff4aa9dc81502589bd 1759e8c6c2ce9c987245281cd33bb9260ce82e31b604131a5da486db89369913 Loading...

	spoochihuahuaha.com/art07w.js	ScriptElement	5.0 kB	2023-12-04	2023-12-04
Pretty URL spoochihuahuaha.com/art07w.js IP 79.137.202.232 ASN #12695 LLC Digital Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 06:32 Last Seen2023-12-04 06:32 Times Seen1 Hash e81e33be0555f791d491904b77945b02 67f6a847f378ce2ecfbae1b030f7ed30200a75d5 70e08fdbf985c4bfeec5321dcdb6eb812ae195c80d27f4af422871d304ad0d05 Loading...

	nagtrfplwe.com/lander/kvantum/bundles/bootstrap.js	ScriptElement	41 kB	2023-03-08	2025-04-29
Pretty URL nagtrfplwe.com/lander/kvantum/bundles/bootstrap.js IP 104.21.11.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:55 Last Seen2025-04-29 15:55 Times Seen123 Hash 81addfa1ce4fb9bfdebbc6f5dd2971fb d6a8d3b5e8001aa6a4ccb9a7a655febe3f9fd380 e5840bc1fc5ecf2ce08305f4eddf2fd9444ac3a2d79e541ae6775a6011ac4531 Loading...

	nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq IP 104.21.11.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 10:51 Times Seen4635455 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	nagtrfplwe.com/lander/kvantum/bundles/jquery.js	ScriptElement	353 kB	2023-03-08	2024-10-15
Pretty URL nagtrfplwe.com/lander/kvantum/bundles/jquery.js IP 104.21.11.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:24 Last Seen2024-10-15 10:47 Times Seen2 Hash 1847ff793d318630c3fcebe6748606b1 7cec9e59c90af9ba5f345612919957cfbb1b4a20 1a0c049106bae02aa9513789efc1f9ae8888e42e1f513e44f58c2fc2547df4d7 Loading...

	nagtrfplwe.com/lander/kvantum/bundles/utils.js	ScriptElement	361 kB	2023-12-04	2024-10-15
Pretty URL nagtrfplwe.com/lander/kvantum/bundles/utils.js IP 104.21.11.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 06:32 Last Seen2024-10-15 10:47 Times Seen2 Hash cc70241146195f2eb6e5c07964101e56 46ee8151f0c38243672c79d0fa788c4e3fbafd4d cb3d802b772ce657409af6f0d146e54ee5fd27fd16ef741bcf49ebddca7df41f Loading...

	nagtrfplwe.com/lander/kvantum/bundles/jquery.mask.min.js	ScriptElement	15 kB	2023-12-04	2024-10-15
Pretty URL nagtrfplwe.com/lander/kvantum/bundles/jquery.mask.min.js IP 104.21.11.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 06:32 Last Seen2024-10-15 10:47 Times Seen2 Hash 935452f6a94dfbcee86ce2a5496d38d7 f2e3caa0d6517044c504eb03f2f09907cc1082d4 f86c982903937f59bf305285767f252bc0e3904e28c73a8be31be655e8e24b5c Loading...

	cdn.jsdelivr.net/npm/sweetalert2@11	ScriptElement	77 kB	2023-11-19	2025-05-05
Pretty URL cdn.jsdelivr.net/npm/sweetalert2@11 IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 16:44 Last Seen2025-05-05 18:19 Times Seen255 Hash f95effdb9191d542a77edbe51b300f18 462994fd08f5b996a32a3cf707a32ef04f8bcd55 e7ee140344701f1acb771ba8fbf2e2a199087ab4acf05fd50e757826cf597704 Loading...

	nagtrfplwe.com/lander/kvantum/bundles/main.js	ScriptElement	2.3 kB	2023-12-04	2024-10-15
Pretty URL nagtrfplwe.com/lander/kvantum/bundles/main.js IP 104.21.11.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 06:32 Last Seen2024-10-15 10:47 Times Seen2 Hash 36f159213aa51e198e997265022e66d9 bc768a16518f835623fa4903f35f14172556a653 9e48a95db811244cba8d0ced6108c55bc902bc779a8cf453559a2ebed20c1b49 Loading...

HTTP Transactions (37)

URL IP Response Size

nagtrfplwe.com/lander/kvantum/Content/images/trusted-5.png

104.21.11.97

200 OK

3.0 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/trusted-5.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 74 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
3.0 kB (3020 bytes)
Hash
cfa2b9db2fcc8d6aeb40598e2ec9d7c2
f5d6c4760ed4d2f74f9523a40ad572b972ced4f2
5a5ee6bb9f6924602cb3ab51edfbb19210a01473dfb0f970fe269f7a8edfe88a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/trusted-5.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 3020
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-bcc"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXaT9SWEezK2JDDximBMOqZJ83AZIU9QVT%2FvKXGJ4VqfGDEz%2FYtMZYIXGYx1BX2P9b%2BLogeZLTWPL6t1w9mtV0ujt1AieQ7q1UMnpJTTF8Mkpem%2BI75RmzA0c1BOWi9Gzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d6e0b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/images/trusted-4.png

104.21.11.97

200 OK

3.9 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/trusted-4.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 113 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
3.9 kB (3864 bytes)
Hash
535ef75977b2f34e6abba84c28c1c7ca
f0d420bcd4927730dbe1b05d49dab13058f32c89
aa69f66f5aee6fe603536d25199494cf3b5852e208138bde85e8bd31cb36ce03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/trusted-4.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 3864
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-f18"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5DNkQu4NazHh5l1a%2BFM3agdULXDv3dhtk%2Bpblt%2BB7rWuCL7ut56i8We8SbmTavzVG1tFG5nPDx97Y33zQOFkQLI1u%2B8Nr0uPydaPsxvFLLnQapKCAudrD9yJKUrlfHN7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d6d0b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/images/trusted-1.png

104.21.11.97

200 OK

5.4 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/trusted-1.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 84 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
5.4 kB (5355 bytes)
Hash
ce04a54edb2bf1964e122ad1c596bbba
3fd2af4eb1602c932382bebc500b3966ecbe3a8d
f5eaf82fc7d97c15aaf4a2574adc9bb2bc7e5d353c1d91523ee66aaef3a016d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/trusted-1.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 5355
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-14eb"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCENRMxueX0dDrG63k37mpBOsdP8bOWBFCHywPaPkyjM0rmWIXzkMXR01O6wdIS8yL9dVodieqRZZwd%2F%2Bk%2F8%2FyGQwHNpbnGSI1sKe1N5LVc%2B5aqSFxRgCx5TJYHZmAp0yA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d690b49-OSL
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/npm/sweetalert2@11

151.101.129.229

200 OK

22 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/sweetalert2@11
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (52514)
Size
22 kB (21469 bytes)
Hash
f95effdb9191d542a77edbe51b300f18
462994fd08f5b996a32a3cf707a32ef04f8bcd55
e7ee140344701f1acb771ba8fbf2e2a199087ab4acf05fd50e757826cf597704

HTTP Headers

GET /npm/sweetalert2@11 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.10.1
x-jsd-version-type: version
etag: W/"12b3b-RimU/Qj1uZajKjz3B6Mu8E+LzVU"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 05:32:03 GMT
age: 5498
x-served-by: cache-fra-eddf8230029-FRA, cache-bma1657-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21469
X-Firefox-Spdy: h2

nagtrfplwe.com/lander/kvantum/Content/images/trusted-3.png

104.21.11.97

200 OK

5.6 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/trusted-3.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 150 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
5.6 kB (5553 bytes)
Hash
fc468d40e71b6531fd155ac43594e63b
3190bc91da787cd6666527249a796dca34550fd4
1f9107a363458f645e9b6823ef7fb2d83dc1f9f9bf65eae9b21cb3d245778fe9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/trusted-3.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 5553
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-15b1"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CibRaE79MuX8PjT7uwQvGIPXAIfMb4aJxlHh6lMq2AJo48eUsIC3bkizy0Z3o9CU4FApcfw%2FtXJHzRexxRMUsiN8QXfSIWGJULAlwktOG1107gyFdG5GH34LcIBI2y5xXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d6c0b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/images/trusted-2.png

104.21.11.97

200 OK

3.9 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/trusted-2.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 130 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
3.9 kB (3863 bytes)
Hash
cd5e8c9aa65aede9b950749702617954
d98a2a2cd517ed59c8c6fda8ee8042be900ea0eb
6aab1b92901332014950a884b1f8d6ed8bb0394f0238a04bc9fcd66ee61efff7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/trusted-2.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 3863
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-f17"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q3EP%2BpCmkxqWnApG1w%2FUmuG5yGPh1oJJobg5M4PaahlbvolNVN9jwfn4AAjaQo5hM1jIYvgXMZ%2B7e09E7I714ORCWc8vd%2FRD386YCpbGpaSoqpdgA1DQ7Z9013KXhd0JCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d6b0b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/images/logo.png

104.21.11.97

200 OK

23 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/logo.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 400 x 84, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (23154 bytes)
Hash
f2b0b3748e40b0470bada0709eb3391d
af1bdd71f5b60a34f3483416be9c547b4e23a553
79b7ece0f4547785c47be80df9afc20679dc354fdb6b6b77ac1cedff15911cc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/logo.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 23154
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-5a72"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JSWltgCediZhTYsgzuRUt5Vq33ruXUyYt6cePd%2FVGpgcheXztzIJoMXm7ncOPgPGpEwLnVFDYvcbacwphVJV4VeHcFVV8Zts3ISuWxu0glbiVmyMQ4sv3jeRMVd1Vl%2BWuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d680b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/bundles/main.js

104.21.11.97

200 OK

1.1 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/bundles/main.js
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1148 bytes)
Hash
36f159213aa51e198e997265022e66d9
bc768a16518f835623fa4903f35f14172556a653
9e48a95db811244cba8d0ced6108c55bc902bc779a8cf453559a2ebed20c1b49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/bundles/main.js HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: application/javascript
last-modified: Tue, 11 Apr 2023 19:39:04 GMT
etag: W/"6435b758-8ec"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p0oO%2BdJxy0TzJa3jWUzIRMVve%2FhJfRgJzePv4htwZwexVT%2FtUYcbcSal%2FVZrVysu7p%2BGfY6XJvfuy7ZWdb4oiE4kzfKCJY3K1Uprde4DPchjeTqBPvJxv%2Bj8N4vKuefFNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa78d760b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/bundles/utils.js

104.21.11.97

200 OK

60 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/bundles/utils.js
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
ASCII text, with very long lines (1322), with CRLF line terminators
Size
60 kB (59667 bytes)
Hash
cc70241146195f2eb6e5c07964101e56
46ee8151f0c38243672c79d0fa788c4e3fbafd4d
cb3d802b772ce657409af6f0d146e54ee5fd27fd16ef741bcf49ebddca7df41f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/bundles/utils.js HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: application/javascript
last-modified: Tue, 11 Apr 2023 19:39:04 GMT
etag: W/"6435b758-58354"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdZWjFSM%2Fb%2FFcJk11nDJa7vELgHzcvlNoyhuivJyJBnYGBT5taw7N%2B8DKzKNlO9Vz%2FDAr68x%2BxG3SShbFhAMNKitD80fLD%2Bkqw%2FTkdsvcVWcj7WqKC7GXsa6VIq9ooKbYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d720b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&subset=cyrillic-ext

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&subset=cyrillic-ext
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
1.2 kB (1236 bytes)
Hash
82a943cef6e86e6568d9cadec66e50be
bf39602d6b47ca6b8f8bb5b95c3c0a692dc12efe
703f9da76d00d1761a7bc1bfca63fefb5dffde4fdfcaefc11b1e607a6717e5b0

HTTP Headers

GET /css?family=Roboto:300,400,500,700,900&subset=cyrillic-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 05:32:03 GMT
date: Mon, 04 Dec 2023 05:32:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

spoochihuahuaha.com/art07w.js

79.137.202.232

200 OK

1.6 kB

URL GET HTTP/1.1
spoochihuahuaha.com/art07w.js
IP
79.137.202.232:443
ASN
#12695 LLC Digital Network

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerLet's Encrypt
Subjectspoochihuahuaha.com
Fingerprint86:46:83:26:7F:37:D5:66:E7:04:CE:BF:F3:47:D0:1F:07:D2:77:4D
ValiditySat, 04 Nov 2023 01:50:16 GMT - Fri, 02 Feb 2024 01:50:15 GMT

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1595 bytes)
Hash
e81e33be0555f791d491904b77945b02
67f6a847f378ce2ecfbae1b030f7ed30200a75d5
70e08fdbf985c4bfeec5321dcdb6eb812ae195c80d27f4af422871d304ad0d05

HTTP Headers

GET /art07w.js HTTP/1.1
Host: spoochihuahuaha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Mon, 04 Dec 2023 05:32:03 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 26 Sep 2023 04:42:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65126142-13af"
Content-Encoding: gzip

nagtrfplwe.com/lander/kvantum/Content/images/mountain.jpg

104.21.11.97

200 OK

501 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/mountain.jpg
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3\012- data
Size
501 kB (500912 bytes)
Hash
47b441b6b5632f5ea5ddc6b842004977
ff717b15b1f01587a316bd2c65b01f22815292f2
25564162d28b3eb188d463ee000debc2d482d268097ae804b05471b3fb6e8f08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/mountain.jpg HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/lander/kvantum/Content/css_custom.css
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/jpeg
content-length: 500912
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-7a4b0"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAu1Il1cm5N3BOA82BRXGrLz0Hgc5zseI9iyeLyKb1qsZt2iqEEWM%2BhajYr6rdUDSlkX2VmYGp6krWzSDNKgvW%2FDFLPUxNkYERnRGPpF1XOEexqcYvQ578PyEFCL0tsNqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa9bdec0b49-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nagtrfplwe.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 347669
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nagtrfplwe.com/lander/kvantum/Content/images/ico-email.png

104.21.11.97

200 OK

1.2 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/ico-email.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1167 bytes)
Hash
73ca3da99365dc2f8c7dba3a17eed687
53a347599609b3afb9a8ed802cc9eb314e1b14ab
fb9fa6adf42480cb5cb9b3f3e81b28e200fcb3ffe0ba98b1faba5a8465ceff81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/ico-email.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/lander/kvantum/Content/css_custom.css
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 1167
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-48f"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XToUdfmpllAtPYaKoMg7bJNaPW86RZ2G56oAAW3RuClmhCs7VimLfGHqrU%2BOi6m7bms7tavPPMZtoCdbFcUf9Zsrb7%2FotrdA%2BLlUblbfrLtQtLAx%2FVfhGgpBYfkCQzVTaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaab7e320b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/build/css/intlTelInput.min.css

104.21.11.97

200 OK

4.4 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/build/css/intlTelInput.min.css
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
ASCII text, with very long lines (19157), with no line terminators
Size
4.4 kB (4395 bytes)
Hash
6b7fb2ee130535419a67afb198f41c2b
ffb8a25633c4ddeab81d1b1742ac2fd0b442a4c6
c6956e8710cf477f7014440385ae16ee4b8cc7ecfd02fddd4d2f0c6c7fd15845

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/build/css/intlTelInput.min.css HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: text/css
last-modified: Tue, 11 Apr 2023 19:39:04 GMT
etag: W/"6435b758-4ad5"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1RYEyw0kgP2EEZmcvGwifDQ6zeacT6u8lg5Uceu2hhfAfHDJVZJytUUfeWaqLKmmy8bHRaxRKkqeDxWVE5iFhumy3u1YankTT4v7JY38a5LNGwVerkaubIIWj17nEiQxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa78d770b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/images/ico-name.png

104.21.11.97

200 OK

1.2 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/ico-name.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1172 bytes)
Hash
a85bdeddfe07311deeff87b0d1913a2d
22efa6a536b02e16014ecb974160c85d986be824
1edb54a9207db1cecf41535b5a8154455153e2591e3a77668492dda8ef6c4ce0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/ico-name.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/lander/kvantum/Content/css_custom.css
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 1172
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-494"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=opxETL6HOr%2FymlXOi6NOBhrf8RW86D%2FIlnqRGxgSuhFWi3VlNr9CUQclZ3rjt40yjvHEiLezL4YjycXm6K4msOlUD7remofpMiFSrzEtnihvheZKPQAMyC5%2BsFonfQTeuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaab7e310b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/images/ico-phone.png

104.21.11.97

200 OK

498 B

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/ico-phone.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
498 B (498 bytes)
Hash
f05e94a73a4d8cf1ebfc6bb6879da93c
e17ac34fab2b6284899718490edc80a73cd39ed1
b4a7dc98cbb1f321a64026a5fd4a9a7656ada4e81f5ca2ae948c94dc1d540671

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/ico-phone.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/lander/kvantum/Content/css_custom.css
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 498
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-1f2"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5zPvwHyFEHxCyuskYKaniacExn2OaGb0FimZQ7y%2BvVkwDnfeZh3oF4CxMDaE3yYDFgQeEg6IRup%2F7Sqw4H5Fvj88%2BqQbWW34BtWc6NskbXYiZ4D2uOpPi%2BHby3ZucJeBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaab7e360b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/images/arr-right.png

104.21.11.97

200 OK

1.9 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/arr-right.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 70 x 56, 8-bit/color RGBA, non-interlaced\012- data
Size
1.9 kB (1857 bytes)
Hash
09e3067e449f44f639a2bbfd9af426b0
283048c479cc05355fe6399d16c2ea394987b971
2a261a961b36a05942ad28e524ac8191bdbfa06b4bc676e12c01380484020ab7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/arr-right.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/lander/kvantum/Content/css_custom.css
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 1857
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-741"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VuVSQNzQFls0mRBGctYPsf22iSGEZ%2BHspeAkOaW8RbjhuhJt5C%2B6%2BlxifxPOC24fOiDTiOtgx%2BEgPA4TKsmmmRjr4KsmfRQHmhcggPE4d%2Fb4CYQGkHNGLMElMLiePsFDBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaab7e370b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/images/bg-data.png

104.21.11.97

200 OK

137 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/bg-data.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 1548 x 398, 8-bit/color RGBA, non-interlaced\012- data
Size
137 kB (136661 bytes)
Hash
c3e0fb9ec311f2dc8015456971142115
313f572951fbe45d55b96211f13ba9571d22fff3
861dfc67069804125f449ca3f3db3c828db9f6dbee2077e3298c03c1ef9b569d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/bg-data.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/lander/kvantum/Content/css_custom.css
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 136661
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-215d5"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rkq99PuztDR6KKhpL4vkE3CFfcV%2Fmd3iUFmObgWy%2BkaYkIO8f7fluFY60qPvj%2B2%2BqY3M7mEAGX1Qor3YokCIs%2FRPS9yASVIAjJfO5AUVeXqNmcmBf12T%2BQ1%2F15EI89BrFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaab6e2e0b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/bundles/jquery.mask.min.js

104.21.11.97

200 OK

4.6 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/bundles/jquery.mask.min.js
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
ASCII text, with CRLF line terminators
Size
4.6 kB (4644 bytes)
Hash
935452f6a94dfbcee86ce2a5496d38d7
f2e3caa0d6517044c504eb03f2f09907cc1082d4
f86c982903937f59bf305285767f252bc0e3904e28c73a8be31be655e8e24b5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/bundles/jquery.mask.min.js HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: application/javascript
last-modified: Tue, 11 Apr 2023 19:39:04 GMT
etag: W/"6435b758-3a3c"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GW%2BQbDjs225gcoAGM%2FktDwYrD2SDUkT7oKQ%2F3W%2BvX%2BAxaNmstqjTjlOH%2FWjuOH0McQl9Ews1FhTGoZbL84PeAOyzoqHiWG5L8XlGp%2BJNVONdtAnqJAYOxeGv6%2BmJDwckVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d730b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nagtrfplwe.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 375487
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

216.58.207.227

200 OK

9.6 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9644, version 1.0\012- data
Size
9.6 kB (9644 bytes)
Hash
6f112ec2b932ee12379442c42853244e
b2e73c8c70d6261e1d187f41693c43ac4fe0809d
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nagtrfplwe.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9644
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:00:55 GMT
expires: Fri, 29 Nov 2024 05:00:55 GMT
cache-control: public, max-age=31536000
age: 347468
last-modified: Wed, 11 May 2022 19:24:50 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Size
16 kB (15752 bytes)
Hash
b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nagtrfplwe.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:15 GMT
expires: Fri, 29 Nov 2024 04:57:15 GMT
cache-control: public, max-age=31536000
age: 347688
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfABc4EsA.woff2

216.58.207.227

200 OK

9.7 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfABc4EsA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9700, version 1.0\012- data
Size
9.7 kB (9700 bytes)
Hash
164a322c3a8ec10a523be51659d36c73
2696ce42bd39262a6bec468649a124ef388c0784
9fdb12ceee3a402d3a54afe354552459dd3950e9c6dece06288e4cc0a7a7c060

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfABc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nagtrfplwe.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 17:55:59 GMT
expires: Thu, 28 Nov 2024 17:55:59 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
age: 387364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

216.58.207.227

200 OK

9.6 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9628, version 1.0\012- data
Size
9.6 kB (9628 bytes)
Hash
d9ac47c7e500fb7083b8d595eaf6fe12
112a2fc5f4ff9b85ee3a706fa9b8c47f79b05933
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nagtrfplwe.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9628
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 12:58:10 GMT
expires: Thu, 28 Nov 2024 12:58:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 405233
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2

172.64.141.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74256, version 329.-17761\012- data
Size
74 kB (74256 bytes)
Hash
418dad87601f9c8abd0e5798c0dc1feb
a6b003ef506e92d05cde73adf67487d7fd7ec6df
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe

HTTP Headers

GET /releases/v5.8.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nagtrfplwe.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:32:04 GMT
content-type: font/woff2
content-length: 74256
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "418dad87601f9c8abd0e5798c0dc1feb"
last-modified: Fri, 22 Sep 2023 01:45:57 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gABO63fum6M9UHnkFSoEXk3sMCGJ%2BVHAilq6XRndr%2B%2F1FALu%2FDCsftIzrHmaIMtMJzOWLLN7aNoj44qo%2BPdZvHPb0uBPoeC2ABKPA1zFpp441CZBRDzEEFt%2FXmZtz49w59w2vD18"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301aaac0eca405e-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.8.1/css/all.css

172.64.141.13

200 OK

55 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.1/css/all.css
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54926)
Size
55 kB (55111 bytes)
Hash
e4c542a7f6bf6f74fdd8cdf6e8096396
3a0571a695a35f238026b9398386dc99d9a0c56d
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

HTTP Headers

GET /releases/v5.8.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nagtrfplwe.com
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
last-modified: Fri, 22 Sep 2023 01:45:55 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJOKxs0VzT5X6uYJsmLnfN5gVHkGiPAsBX0EQj514MvAtZoLEi3LN9VdC2Wl9mQbLMSDe58OsIsS3uK%2FhRfo7QRjnZtZzEVgsNYOUdpe%2B24SkTfBfMGX%2FmDmGeE6%2F%2BtVyw8k3R2U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301aaa90dd3405e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Bebas+Neue&display=swap

142.250.74.106

200 OK

799 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bebas+Neue&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (817), with no line terminators
Size
799 B (799 bytes)
Hash
0dd26af8bafd33bde6bbdad2acd7da09
ad95ad659f206c55ac5a9f2b430ffdd3401fb3aa
f36aeabbf51feeb46301867fc7439012c3fc56d76a8ae908904379af4a33d26a

HTTP Headers

GET /css2?family=Bebas+Neue&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 05:32:03 GMT
date: Mon, 04 Dec 2023 05:32:03 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq

104.21.11.97

200 OK

10 kB

URL User Request GET HTTP/2
nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10538), with no line terminators
Size
10 kB (10467 bytes)
Hash
631fef12c4e3d4ac5470aa9406bfe718
a5c85d36dcc00c1acdceffbf9f88d943a8d972e5
2bc88868423c2e36dabe260695ad3ba5e835ab825d57fe732e8d726ec921490f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:32:02 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 04 Dec 2023 05:32:02 GMT
set-cookie: _subid=s8hnpag8cm3; expires=Thu, 04 Jan 2024 05:32:02 GMT; path=/
bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; expires=Sat, 06 Nov 2077 11:04:04 GMT; path=/
_token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739; expires=Thu, 04 Jan 2024 05:32:02 GMT; path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nMelE0D8nIXNnLb0CPCGFOSXbHcUVmwf1ZZXIXqL%2BRscbedBLThT8OeF04oZd5vWlchJQ771n2XiIcBhMvKnHjBWjZ%2FqkJnTJqk0bjFN8K7fkYZkyH8krbKIOx7yQuyB5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301aaa52ff556b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nagtrfplwe.com/lander/kvantum/Content/images/arr-left.png

104.21.11.97

200 OK

1.9 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/images/arr-left.png
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
PNG image data, 70 x 56, 8-bit/color RGBA, non-interlaced\012- data
Size
1.9 kB (1850 bytes)
Hash
503ad0ebaa120238981ae8fc7ad05daa
9e8592269d1b56de695bd883e11bd14e62530d69
057386669809188fda11b3217c93171e645f4009398802f0b6bb90c0aad6c977

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/images/arr-left.png HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/lander/kvantum/Content/css_custom.css
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: image/png
content-length: 1850
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-73a"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKaDrqXF8C3DHB%2B%2B8QzabY%2BQ9k4De6vmvmonbWXj0%2BFmcs9IBn42wabnhEWiVlvUCLTlcnz8Xz4Z4DPXndcHzdeQzuW64Ncz6N9VAk569%2BkIi54D2KK799y3Bej0BtBlHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaab6e300b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/css_custom.css

104.21.11.97

200 OK

47 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/css_custom.css
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type

Size
47 kB (46672 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/css_custom.css HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: text/css
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: W/"6435b757-b650"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8HQ1UaI4dO3cBBsiYdyDjt35nMITvXdguKtBTyPVcMR2Jo7NdtQugpZK3RIGF58Pv5k%2BbYVK2%2BkLNOlFaoGl6uVNtIv4uY5hWSlnjlI%2FZs17U8imTLoTGqen60LMKxgeXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa76d640b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/favicon.ico

104.21.11.97

200 OK

1.2 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/favicon.ico
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
b50b38f085faf1f2b0c40846e6d386e0
271d0b9aa81b9a5e48c1f312fe21d8e8ac5f9b45
5e0d44f8ed18b4439b58ae7dfe85a558e1ebb98cc5c3ab583cc22ad29d20dbbe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/favicon.ico HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:04 GMT
content-type: image/x-icon
last-modified: Tue, 11 Apr 2023 19:39:04 GMT
etag: W/"6435b758-47e"
expires: Thu, 14 Dec 2023 05:32:04 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BPLwd17e%2BtpJ3zO2UroJIP8SV0tyiwyaAMOknWC9ULynJ2FUXF%2BzpTL7d88mq0FANFNR%2BnliIfn5ov03Kb5aPOl9j7ZI73W0%2FMa01Wb%2FR2IoGmQl65ofrBXXWOWTINPQIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaae1eea0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/videos/video1.mp4

104.21.11.97

206 Partial Content

4.1 MB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/videos/video1.mp4
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type

Size
4.1 MB (4116919 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/videos/video1.mp4 HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Mon, 04 Dec 2023 05:32:04 GMT
content-type: video/mp4
content-length: 104819248
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: "6435b757-63f6a30"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
content-range: bytes 0-104819247/104819248
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hj6L2jRYT5LuyTuf3J1YRIDkbBVPfTVLCe9QHyLE%2BFWwjCR2VUCVjLeP%2F3gQxI7rCMtFdOZ32C3ZrkxHGPjzASw%2F6lF2HNPMgo2wDY%2BO2n4kOfIlLRBPrqSqk%2BzjvD%2FbXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaac8eb60b49-OSL
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/Content/css.css

104.21.11.97

200 OK

162 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/Content/css.css
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type

Size
162 kB (162291 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/Content/css.css HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: text/css
last-modified: Tue, 11 Apr 2023 19:39:03 GMT
etag: W/"6435b757-279f3"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pWzMLsLevpXmd3q5ZpYphcs5m5vOHCq1Lk%2BjWjmpV16KgI90g4ozqmB3txWfvlwoCAPsm8Sp409vtCb6b98nGLj0XSIchDSFGqjJY9NqcjCBKp102w6uh2ng1OBgPS%2FEQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa76d630b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/bundles/jquery.js

104.21.11.97

200 OK

353 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/bundles/jquery.js
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
353 kB (352669 bytes)
Hash
1847ff793d318630c3fcebe6748606b1
7cec9e59c90af9ba5f345612919957cfbb1b4a20
1a0c049106bae02aa9513789efc1f9ae8888e42e1f513e44f58c2fc2547df4d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/bundles/jquery.js HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: application/javascript
last-modified: Tue, 11 Apr 2023 19:39:04 GMT
etag: W/"6435b758-5619d"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysxLvrcDSYICsZnLpqC4sYEAVLiUQTPkzX68ueQNux%2BfAni2%2FkbYhC9NdUs655hIBxwRjtOjvHmd6W4aARcM8pKNVHIkt49tErs05ZsP6wKnCXgUvr%2Fscpx2fdocEy4iEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d700b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/bundles/bootstrap.js

104.21.11.97

200 OK

41 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/bundles/bootstrap.js
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
ASCII text, with very long lines (40847), with no line terminators
Size
41 kB (40847 bytes)
Hash
81addfa1ce4fb9bfdebbc6f5dd2971fb
d6a8d3b5e8001aa6a4ccb9a7a655febe3f9fd380
e5840bc1fc5ecf2ce08305f4eddf2fd9444ac3a2d79e541ae6775a6011ac4531

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/bundles/bootstrap.js HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: application/javascript
last-modified: Tue, 11 Apr 2023 19:39:04 GMT
etag: W/"6435b758-9f8f"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BSJAT7W0ampYTbTZCsGVqlGc6Edk6l%2BPir2mR0QvHIgkJM2e%2Fulu%2Blqcl%2F%2F1A%2BTlC%2Be7E8a4x8JiyKKdm0vjSzMa%2FZhpcazR245zDnoCC52zud2cmwZhyHfVsZM7g8Xkqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa77d740b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

nagtrfplwe.com/lander/kvantum/bundles/modernizr.js

104.21.11.97

200 OK

11 kB

URL GET HTTP/3
nagtrfplwe.com/lander/kvantum/bundles/modernizr.js
IP
104.21.11.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Certificate
IssuerGoogle Trust Services LLC
Subjectnagtrfplwe.com
Fingerprint3A:88:CF:97:56:08:53:56:EC:F8:2E:18:DA:5C:C2:84:77:A4:33:15
ValidityWed, 01 Nov 2023 06:43:12 GMT - Tue, 30 Jan 2024 06:43:11 GMT

File type
HTML document, ASCII text, with very long lines (11095), with no line terminators
Size
11 kB (11095 bytes)
Hash
efeac4bcc64c045f413f90ceba3f836e
f6e4af16612d2c740e0d62440fce784290eab928
9e83216908224ffbc39992a5e60f93ca21b8e2240ba28025ba679c4b70f7112d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/kvantum/bundles/modernizr.js HTTP/1.1
Host: nagtrfplwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nagtrfplwe.com/news-k1?subid={subid}&a=128&b=477&c=770982&d=2&u=126&p=343&n=128&k=166503&t=2084856&s=9280271640&is=Advertlink&clck_id=ls7mqpbv1sq
Cookie: _subid=s8hnpag8cm3; bfc73=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjM5NVwiOjE3MDE2Njc5MjJ9LFwiY2FtcGFpZ25zXCI6e1wiNDVcIjoxNzAxNjY3OTIyfSxcInRpbWVcIjoxNzAxNjY3OTIyfSJ9.5htJYArwyrvSck1gN_I2zT8b9rFlR5hJqufjvuoJda4; _token=uuid_s8hnpag8cm3_s8hnpag8cm3656d6452c07428.47165739
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:32:03 GMT
content-type: application/javascript
last-modified: Tue, 11 Apr 2023 19:39:04 GMT
etag: W/"6435b758-2b57"
expires: Thu, 14 Dec 2023 05:32:03 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rtWsPGmu%2FBE54AMJa7g39L96gvM92mrtwsbFOd%2B%2FyL%2FhVma8Ty4VVSReBQIgtyfIvHUdIX3pXHGH3TUgXCMAEZ251JTMw4Tr%2Ft6%2B5VCm4e5SFyo0KlBoAzzPH%2B7MFSEbnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301aaa76d650b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash