Report - wxzz.1059018.com/veeYa

Report Overview

Visited public
2025-01-21 06:38:13
Tags
Submit Tags
URL
wxzz.1059018.com/veeYa
Finishing URL
sswx1n2zq6.com/?rid=3394138&type1=2
IP / ASN
20.239.246.85
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Title
盛世娱乐

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
api.ss1install.com	unknown	2022-11-07	2022-11-07	2023-11-03	735 B	373 B	20.239.246.85
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-01-15	877 B	842 B	216.239.32.36
www.google.no	25607	2001-02-26	2012-06-26	2025-01-15	684 B	578 B	142.250.74.131
skyh.esffgw.com	unknown	2025-01-05	2025-01-21	2025-01-21	532 B	1.7 kB	20.239.246.85
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-15	421 B	114 kB	142.250.178.40
c.ss1install.com	unknown	2022-11-07	2022-11-07	2024-09-23	422 B	109 kB	20.255.122.10
web.dvapeg.com	unknown	2023-06-16	2025-01-21	2025-01-21	1.2 kB	822 kB	4.144.60.129
sswx1n2zq6.com	unknown	2024-12-04	2025-01-21	2025-01-21	1.0 kB	262 kB	23.226.63.146

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-21	medium	sswx1n2zq6.com	Sinkholed
2025-01-21	medium	sswx1n2zq6.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	sswx1n2zq6.com/js/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-07-25
Pretty URL sswx1n2zq6.com/js/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-25 01:58 Times Seen28401 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	c.ss1install.com/js/common/base-6e6b0ddff1.min.js	ScriptElement	383 kB	2025-01-21	2025-01-21
Pretty URL c.ss1install.com/js/common/base-6e6b0ddff1.min.js IP 20.255.122.10 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-21 06:37 Last Seen2025-01-21 08:19 Times Seen7 Hash 6e6b0ddff1770c579164b9099dd859c5 b725dadea5479062ff2f08e4c614fe4ff5678fe6 1f31753b31c7528a4fcd82d9517700ed4b9d4bb09e87a28d42f06d02eb4eac9e Loading...

	c.ss1install.com/js/page/qqInstall-43746b9ba0.min.js	ScriptElement	11 kB	2023-07-01	2025-03-21
Pretty URL c.ss1install.com/js/page/qqInstall-43746b9ba0.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-01 10:55 Last Seen2025-03-21 02:48 Times Seen15 Hash 43746b9ba03a86d01cdf0cd9a34d2956 97f63b4d3243620c9b33dddeb2ee9f583ed23980 dd89fc30827ab8240f590bdc8d78b43b2e56b51d70bd1c6fa4edc6e1f223a247 Loading...

	sswx1n2zq6.com/?rid=3394138&type1=2	ScriptElement	153 B	2025-01-21	2025-01-21
Pretty URL sswx1n2zq6.com/?rid=3394138&type1=2 IP 23.226.63.146 ASN #136800 MOACK.Co.LTD Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-21 06:37 Last Seen2025-01-21 08:19 Times Seen7 Hash 98530ea0916a65e69355250b81ae7576 dd53e08f4539382760672f6b535256e735dbe405 34dc4ceda2722b97457f7efb422931435b7e2a1b7e6b9349a46fc12d81a59898 Loading...

	sswx1n2zq6.com/?rid=3394138&type1=2	ScriptElement	1.1 kB	2025-01-21	2025-01-21
Pretty URL sswx1n2zq6.com/?rid=3394138&type1=2 IP 23.226.63.146 ASN #136800 MOACK.Co.LTD Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-21 06:37 Last Seen2025-01-21 08:19 Times Seen7 Hash bbbb8a82c83633a4819da68c24586119 dbdc48cbce012d2248acb7874377f7d40d2f3f6d 01296f1201d9bfdfb0fbbce113da14e36a1f5f9de01c64f7361a2b732a38cea2 Loading...

	sswx1n2zq6.com/files/layer.js	ScriptElement	3.3 kB	2023-03-07	2025-07-24
Pretty URL sswx1n2zq6.com/files/layer.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34 Last Seen2025-07-24 16:29 Times Seen3785 Hash 79b7829af0bbfea5760aa606bf1a02c7 54c27862e41ef815009fca7b54d9d463cfb015bc 2fc4428e63cd5bd982210576674877bd1ba3eb59b9f4686d3668fd94530fa4b7 Loading...

	sswx1n2zq6.com/?rid=3394138&type1=2	ScriptElement	3.3 kB	2025-01-21	2025-01-21
Pretty URL sswx1n2zq6.com/?rid=3394138&type1=2 IP 23.226.63.146 ASN #136800 MOACK.Co.LTD Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-21 06:37 Last Seen2025-01-21 08:19 Times Seen7 Hash 2fe9448fc791925296fb0332e45169f5 843facbbd3f90be603fdcd77964f1933bd828d26 3ec01189f564ee9a3cf49562a9bbda31500e87c2e92996fcb2dfd89b4f2a682a Loading...

	www.googletagmanager.com/gtag/js?id=G-SS9DFL9RBP	ScriptElement	341 kB	2025-01-21	2025-01-21
Pretty URL www.googletagmanager.com/gtag/js?id=G-SS9DFL9RBP IP 142.250.178.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-21 06:38 Last Seen2025-01-21 06:38 Times Seen1 Hash 49cec8019557b8d8882a35f35309bd87 bf8758ff3d856a819c88047d937efc63341ef1c9 968ba045a39af93cb834cdb9d0bab3885d7deb8b5a064ace232068b3c4ecff90 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 420cd5162b1026d95927bf5202cc0f31	13 kB	2023-07-01 10:55	2025-06-13 03:48
Pretty Observations First Seen2023-07-01 10:55 Last Seen2025-06-13 03:48 Times Seen16 Hash 420cd5162b1026d95927bf5202cc0f31 d1a4faf02e69b0a801fe997f0ee15bf91e74836f 289cffe39b5e173f78e13a86c0b2b0fa004e3d389bfb12560c6a7bbb440c7bb8 Loading...

HTTP Transactions (11)

URL IP Response Size

skyh.esffgw.com/?jump=aHR0cHM6Ly9zc3d4MW4yenE2LmNvbT9yaWQ9MzM5NDEzOCZ0eXBlMT0y

20.239.246.85

302 Found

1.4 kB

URL
skyh.esffgw.com/?jump=aHR0cHM6Ly9zc3d4MW4yenE2LmNvbT9yaWQ9MzM5NDEzOCZ0eXBlMT0y
IP
20.239.246.85:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
data
Size
1.4 kB (1383 bytes)
Hash
3585ece7039149c39b853d8d1103976b
7aa502d6fb4eb2882b71c82fdb010876a9e6cefe
31256c198b5aa37f731d64238366b7812d4a66b89ec73ab8ad842ebc44b0e51d

HTTP Headers

GET /?jump=aHR0cHM6Ly9zc3d4MW4yenE2LmNvbT9yaWQ9MzM5NDEzOCZ0eXBlMT0y HTTP/1.1
Host: skyh.esffgw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.25.3
date: Tue, 21 Jan 2025 06:37:49 GMT
content-type: text/html; charset=UTF-8
location: https://sswx1n2zq6.com?rid=3394138&type1=2
x-frame-options: SAMEORIGIN
x-country: NO
x-cache: BYPASS@wiremanm3000001
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-SS9DFL9RBP

142.250.178.40

200 OK

113 kB

URL
www.googletagmanager.com/gtag/js?id=G-SS9DFL9RBP
IP
142.250.178.40:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
113 kB (113203 bytes)
Hash
49cec8019557b8d8882a35f35309bd87
bf8758ff3d856a819c88047d937efc63341ef1c9
968ba045a39af93cb834cdb9d0bab3885d7deb8b5a064ace232068b3c4ecff90

HTTP Headers

GET /gtag/js?id=G-SS9DFL9RBP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sswx1n2zq6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 21 Jan 2025 06:37:51 GMT
expires: Tue, 21 Jan 2025 06:37:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 113203
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

c.ss1install.com/js/common/base-6e6b0ddff1.min.js

20.255.122.10

200 OK

108 kB

URL
c.ss1install.com/js/common/base-6e6b0ddff1.min.js
IP
20.255.122.10:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JavaScript source, ASCII text, with very long lines (32099), with CRLF line terminators
Size
108 kB (108468 bytes)
Hash
6e6b0ddff1770c579164b9099dd859c5
b725dadea5479062ff2f08e4c614fe4ff5678fe6
1f31753b31c7528a4fcd82d9517700ed4b9d4bb09e87a28d42f06d02eb4eac9e

HTTP Headers

GET /js/common/base-6e6b0ddff1.min.js HTTP/1.1
Host: c.ss1install.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sswx1n2zq6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.25.3
date: Tue, 21 Jan 2025 06:37:51 GMT
content-type: application/javascript
last-modified: Mon, 07 Nov 2022 02:39:22 GMT
vary: Accept-Encoding
etag: W/"63686fda-5d6e2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
x-country: NO
x-cache: HIT@wincherm3000000
X-Firefox-Spdy: h2

web.dvapeg.com/luodiye/domainad.jpg

4.144.60.129

200 OK

96 kB

URL
web.dvapeg.com/luodiye/domainad.jpg
IP
4.144.60.129:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x433, components 3
Size
96 kB (96304 bytes)
Hash
b8af6767720f76b3eb368049b68e0772
33e6ccb9a6e02a5564d90f828b41c105f4605e75
287350cbbf973b02ea2be893a8984db22daa102b309af45caff74dd46e744a6c

HTTP Headers

GET /luodiye/domainad.jpg HTTP/1.1
Host: web.dvapeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Tue, 21 Jan 2025 06:37:51 GMT
content-type: image/jpeg
content-length: 96304
x-oss-request-id: 678F3E267C440B3231FE1ADF
etag: "B8AF6767720F76B3EB368049B68E0772"
last-modified: Sat, 04 Jan 2025 15:35:21 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16324827639555163834
x-oss-storage-class: Standard
x-oss-ec: 0048-00000103
content-disposition: attachment
x-oss-force-download: true
content-md5: uK9nZ3IPdrPrNoBJto4Hcg==
x-oss-server-time: 14
x-country: NO
x-cache: HIT@wheezesm3000001
accept-ranges: bytes
X-Firefox-Spdy: h2

web.dvapeg.com/luodiye/bg4.jpg

4.144.60.129

200 OK

247 kB

URL
web.dvapeg.com/luodiye/bg4.jpg
IP
4.144.60.129:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x667, components 3
Size
247 kB (247312 bytes)
Hash
36a44a11a18891205aa94c6636c80cf9
876ba5722f67894c70f9bbbe6501a1f094e406dc
bbd0595fa1788c8aef18fc5b0cc669ce313ffee94b0be0593ac3337284e9aa3a

HTTP Headers

GET /luodiye/bg4.jpg HTTP/1.1
Host: web.dvapeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Tue, 21 Jan 2025 06:37:51 GMT
content-type: image/jpeg
content-length: 247312
x-oss-request-id: 678F3E2602D4133137E05ACE
etag: "36A44A11A18891205AA94C6636C80CF9"
last-modified: Sat, 04 Jan 2025 15:35:21 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7219116263356725085
x-oss-storage-class: Standard
x-oss-ec: 0048-00000103
content-disposition: attachment
x-oss-force-download: true
content-md5: NqRKEaGIkSBaqUxmNsgM+Q==
x-oss-server-time: 76
x-country: NO
x-cache: HIT@wheezesm3000001
accept-ranges: bytes
X-Firefox-Spdy: h2

sswx1n2zq6.com/?rid=3394138&type1=2

23.226.63.146

200 OK

213 kB

URL
sswx1n2zq6.com/?rid=3394138&type1=2
IP
23.226.63.146:0
ASN
#136800 MOACK.Co.LTD

File type
gzip compressed data, from Unix
Size
213 kB (213367 bytes)
Hash
5c8a563630f4defc6e0de3638577f81f
fbfb797b19780fd03bd65f8c22f96412bf8053f0
9d8e23df7ce9c2ef4786f90e11f216940ea8d1ae3348f8bd5ec6a921a999605c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rid=3394138&type1=2 HTTP/1.1
Host: sswx1n2zq6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Jan 2025 06:37:50 GMT
content-type: text/html
last-modified: Tue, 21 Jan 2025 04:38:20 GMT
vary: Accept-Encoding
etag: W/"678f24bc-2bdf"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

web.dvapeg.com/luodiye/vv516.jpg

4.144.60.129

200 OK

476 kB

URL
web.dvapeg.com/luodiye/vv516.jpg
IP
4.144.60.129:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1030, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=750], baseline, precision 8, 750x1030, components 3
Size
476 kB (476444 bytes)
Hash
ad1b8845c12ea0159676ff4a9ba4ce04
55fe251e40896734350279b5978ecdf1579cd9a5
4832833208a7c2563654bf54f1da8d834f7fb6c50607f5c39504b104516b5b7f

HTTP Headers

GET /luodiye/vv516.jpg HTTP/1.1
Host: web.dvapeg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Tue, 21 Jan 2025 06:37:51 GMT
content-type: image/jpeg
content-length: 476444
x-oss-request-id: 678F35027652793434CB3D76
etag: "AD1B8845C12EA0159676FF4A9BA4CE04"
last-modified: Tue, 21 Jan 2025 04:42:08 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4364274320889445314
x-oss-storage-class: Standard
x-oss-ec: 0048-00000103
content-disposition: attachment
x-oss-force-download: true
content-md5: rRuIRcEuoBWWdv9Km6TOBA==
x-oss-server-time: 64
x-country: NO
x-cache: HIT@wheezesm3000001
accept-ranges: bytes
X-Firefox-Spdy: h2

api.ss1install.com/shareinstall/wap.h?code=7bT1_vf4-PP61fny87SstLS6tOXhtKy0p6akorS6tOX-tKy0p6SuprS6tOXmtKynurTx4LSstLS6tPHktKy0tLq0-v-0rLS0urT1tKynurT35v20rLS0urTm4bSsprq0-eW0rLS0urT55eDz5LSstLS6tPfm5v3z77SstKHT1KSk08TXod6k19DetLq04LSstKe4prihtOs=

20.239.246.85

204 No Content

0 B

URL
api.ss1install.com/shareinstall/wap.h?code=7bT1_vf4-PP61fny87SstLS6tOXhtKy0p6akorS6tOX-tKy0p6SuprS6tOXmtKynurTx4LSstLS6tPHktKy0tLq0-v-0rLS0urT1tKynurT35v20rLS0urTm4bSsprq0-eW0rLS0urT55eDz5LSstLS6tPfm5v3z77SstKHT1KSk08TXod6k19DetLq04LSstKe4prihtOs=
IP
20.239.246.85:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /shareinstall/wap.h?code=7bT1_vf4-PP61fny87SstLS6tOXhtKy0p6akorS6tOX-tKy0p6SuprS6tOXmtKynurTx4LSstLS6tPHktKy0tLq0-v-0rLS0urT1tKynurT35v20rLS0urTm4bSsprq0-eW0rLS0urT55eDz5LSstLS6tPfm5v3z77SstKHT1KSk08TXod6k19DetLq04LSstKe4prihtOs= HTTP/1.1
Host: api.ss1install.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://sswx1n2zq6.com/
Origin: https://sswx1n2zq6.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.25.3
date: Tue, 21 Jan 2025 06:37:53 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-country: NO
x-cache: @wiremanm3000001
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-SS9DFL9RBP&gtm=45je51g0v9172094704za200&_p=1737441472739&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1445526310.1737441473&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1737441473&sct=1&seg=0&dl=https%3A%2F%2Fsswx1n2zq6.com%2F%3Frid%3D3394138%26type1%3D2&dt=%E7%9B%9B%E4%B8%96%E5%A8%B1%E4%B9%90&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4467

216.239.32.36

204 No Content

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-SS9DFL9RBP&gtm=45je51g0v9172094704za200&_p=1737441472739&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1445526310.1737441473&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1737441473&sct=1&seg=0&dl=https%3A%2F%2Fsswx1n2zq6.com%2F%3Frid%3D3394138%26type1%3D2&dt=%E7%9B%9B%E4%B8%96%E5%A8%B1%E4%B9%90&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4467
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-SS9DFL9RBP&gtm=45je51g0v9172094704za200&_p=1737441472739&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1445526310.1737441473&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1737441473&sct=1&seg=0&dl=https%3A%2F%2Fsswx1n2zq6.com%2F%3Frid%3D3394138%26type1%3D2&dt=%E7%9B%9B%E4%B8%96%E5%A8%B1%E4%B9%90&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4467 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sswx1n2zq6.com/
Origin: https://sswx1n2zq6.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://sswx1n2zq6.com
date: Tue, 21 Jan 2025 06:37:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SS9DFL9RBP&cid=1445526310.1737441473&gtm=45je51g0v9172094704za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123608&tag_exp=102067555~102067808~102081485~102123608&z=388942280

142.250.74.131

200 OK

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SS9DFL9RBP&cid=1445526310.1737441473&gtm=45je51g0v9172094704za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123608&tag_exp=102067555~102067808~102081485~102123608&z=388942280
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SS9DFL9RBP&cid=1445526310.1737441473&gtm=45je51g0v9172094704za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123608&tag_exp=102067555~102067808~102081485~102123608&z=388942280 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sswx1n2zq6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 21 Jan 2025 06:37:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

sswx1n2zq6.com/favicon.ico

23.226.63.146

200 OK

48 kB

URL
sswx1n2zq6.com/favicon.ico
IP
23.226.63.146:0
ASN
#136800 MOACK.Co.LTD

File type
PNG image data, 118 x 117, 8-bit/color RGBA, non-interlaced
Size
48 kB (48280 bytes)
Hash
51ab05a571ce4784e27751a34809925f
61eec8c8a6f013c754211a72c41668d0e916ab59
0120622125f39223af0afefe66c1ba8d25a653de6d7e708a791fc5705d6d8017

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sswx1n2zq6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sswx1n2zq6.com/?rid=3394138&type1=2
Cookie: _ga_SS9DFL9RBP=GS1.1.1737441473.1.0.1737441473.60.0.0; _ga=GA1.1.1445526310.1737441473
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Jan 2025 06:37:53 GMT
content-type: image/x-icon
content-length: 48280
last-modified: Sun, 23 Oct 2022 16:39:59 GMT
etag: "63556e5f-bc98"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP