| littlecdn.com/apps/templates/_assets/videos/dating/8.mp4 | 104.22.25.116 | 206 Partial Content | 28 kB |
URL GET HTTP/2littlecdn.com/apps/templates/_assets/videos/dating/8.mp4 IP104.22.25.116:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003] Hashc58835f7bc99937c0ddf8d2b09bb6abf 04c0b8f621452650df61446db4f4e7cb3e116e2a c436816cbbdc1bf9db3e6f8cfca353629c3711ed136e3100df38f9a113f7175f
GET /apps/templates/_assets/videos/dating/8.mp4 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: video/mp4
content-length: 28224
last-modified: Wed, 17 Apr 2024 11:33:14 GMT
vary: Accept-Encoding
etag: "661fb37a-6e40"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 4327
content-range: bytes 0-28223/28224
server: cloudflare
cf-ray: 8763bc340d0a56ae-OSL
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=00804281a9aa4558fdc3e5c0c3a597be | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=00804281a9aa4558fdc3e5c0c3a597be IP139.45.195.8:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash83e2a077594547e4e1dd191db7723242 4b9f4338d8cf38f7c5ebec00734d3baf154606b0 2644d1d6af802c277c1ab716c5f92040cf6791fddc12d7b3022f3d0d5623638d
GET /gid.js?userId=00804281a9aa4558fdc3e5c0c3a597be HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vawheghefe.com/
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://vawheghefe.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00804281a9aa4558fdc3e5c0c3a597be; expires=Fri, 18 Apr 2025 09:47:44 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash3e15094099bd9b1f4b394b188e026e32 b0eb1737d92c61c94205800936514b382e78e967 74d25ad3af90ca06e838ad7d7dc089feabd9d826e98143e2191456f8e75dacbe
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vawheghefe.com/
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://vawheghefe.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f61ea93ba27449bbbd03978b3cd2c0ed; expires=Fri, 18 Apr 2025 09:47:44 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| vawheghefe.com/zone?&pub=0&zone_id=6391993&is_mobile=false&domain=vawheghefe.com&var=4314266&ymid=804761551587516553&var_3=20598249_8033089&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=f3e2e88e-02e1-41e4-b797-9b2b1dc4da02&action=prerequest | 104.21.17.228 | 200 OK | 0 B |
URL POST HTTP/3vawheghefe.com/zone?&pub=0&zone_id=6391993&is_mobile=false&domain=vawheghefe.com&var=4314266&ymid=804761551587516553&var_3=20598249_8033089&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=f3e2e88e-02e1-41e4-b797-9b2b1dc4da02&action=prerequest IP104.21.17.228:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerGoogle Trust Services LLC Subjectvawheghefe.com FingerprintB2:50:E5:11:84:55:CD:35:A8:55:23:ED:5D:E2:CD:13:70:D1:15:30 ValidityWed, 10 Apr 2024 13:12:45 GMT - Tue, 09 Jul 2024 13:12:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6391993&is_mobile=false&domain=vawheghefe.com&var=4314266&ymid=804761551587516553&var_3=20598249_8033089&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=f3e2e88e-02e1-41e4-b797-9b2b1dc4da02&action=prerequest HTTP/1.1
Host: vawheghefe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android
Cookie: reverse=kAxwyNPA_7XcAhDWyiJ5tN99TTadRNWyDYDyGmW4esU; OAID=00804281a9aa4558fdc3e5c0c3a597be; oaidts=1713433664
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:47:44 GMT
content-length: 0
x-trace-id: 69790564a5249d8d0405c626c4dca7a9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vawheghefe.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cTkkuGSiff%2Fs4XL551iYUq0vopC6GCTNxXaiqYvzBP9pkr2bSRrGo%2Fer3quyTZpE9BjNsxcWbndGfvtAzjQqAJ%2BSQ8dSi9VZn1BklKMLnauC2NbLnS7VKRfinUC0PXLRQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763bc341bbc5685-OSL
alt-svc: h3=":443"; ma=86400
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vawheghefe.com/
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://vawheghefe.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashe7bde5157134f9899ef56547528b5163 c270eb864a03421b346dda231dbc19f2af4f6a74 94375a6c394349e5e30776934badcfe21e53b3429dbba1de23ab69135dfe5010
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vawheghefe.com/
Content-Type: application/json
Content-Length: 1699
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vawheghefe.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 735
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 974edb4020b503c510149dba70ae5fc9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vawheghefe.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| vawheghefe.com/favicon.ico | 104.21.17.228 | 204 No Content | 0 B |
URL GET HTTP/3vawheghefe.com/favicon.ico IP104.21.17.228:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerGoogle Trust Services LLC Subjectvawheghefe.com FingerprintB2:50:E5:11:84:55:CD:35:A8:55:23:ED:5D:E2:CD:13:70:D1:15:30 ValidityWed, 10 Apr 2024 13:12:45 GMT - Tue, 09 Jul 2024 13:12:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: vawheghefe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android
Cookie: reverse=kAxwyNPA_7XcAhDWyiJ5tN99TTadRNWyDYDyGmW4esU; OAID=f61ea93ba27449bbbd03978b3cd2c0ed; oaidts=1713433664; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 18 Apr 2024 09:47:44 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: HIT
age: 5018
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tr4RVcaQFfwGc%2BqiMSR0y4NvQ3MQJ9CgGwO6eyJytdaVHEH1B7S8MVeOeb6Jbeppfyj5LEnkKWUcFUDV4Nl%2Bq8aV9tr5By04A01Yim3al836z551z4FWVLs4r12c2Ki3sA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763bc35fe065685-OSL
alt-svc: h3=":443"; ma=86400
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 737
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: fabb8899d41395f2783a53d41de38b30
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vawheghefe.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 738
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ce03f0afece5ea47204a76ed3eb122b3
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vawheghefe.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| vawheghefe.com/rotate?zz=6391997&var=4314266&uid=f61ea93ba27449bbbd03978b3cd2c0ed&os_version=x86.64 | 104.21.17.228 | 200 OK | 1.3 kB |
URL GET HTTP/3vawheghefe.com/rotate?zz=6391997&var=4314266&uid=f61ea93ba27449bbbd03978b3cd2c0ed&os_version=x86.64 IP104.21.17.228:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerGoogle Trust Services LLC Subjectvawheghefe.com FingerprintB2:50:E5:11:84:55:CD:35:A8:55:23:ED:5D:E2:CD:13:70:D1:15:30 ValidityWed, 10 Apr 2024 13:12:45 GMT - Tue, 09 Jul 2024 13:12:44 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1310), with no line terminators Hash12aaf6cc3fc4997c4d8c6d710cdb6b61 a30c82a25b7af586c6cadb4f6fa0bdb120cbb290 bc43c17cd2c07e1da79fe5c9d19226ea19afa503bb286c83c4cbe466a8cfb2c8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=6391997&var=4314266&uid=f61ea93ba27449bbbd03978b3cd2c0ed&os_version=x86.64 HTTP/1.1
Host: vawheghefe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android
DNT: 1
Connection: keep-alive
Cookie: reverse=kAxwyNPA_7XcAhDWyiJ5tN99TTadRNWyDYDyGmW4esU; OAID=00804281a9aa4558fdc3e5c0c3a597be; oaidts=1713433664; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: 938fd038a5eae0d6dc5b52f5543bec59
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
access-control-allow-origin: https://vawheghefe.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=f61ea93ba27449bbbd03978b3cd2c0ed; expires=Fri, 18 Apr 2025 09:47:44 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skP3CrgFvpOXksKvXtR2U1sxtOQwjYkDr9BY3gjtUeeFRvTmQ0kb1XtG0zrBzoDh6HeZJ7lhfQtd4HwrYkeBkwkILwj658BovhODWUciIRK44SoIHu89rucB%2BNd5ZW%2BeJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763bc34bc745685-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vawheghefe.com/sw-check-permissions/6391993?var=4314266&var_3=20598249_8033089&ymid=804761551587516553&uhd=1&zoneId=6391993 | 104.21.17.228 | 200 OK | 1.3 kB |
URL GET HTTP/3vawheghefe.com/sw-check-permissions/6391993?var=4314266&var_3=20598249_8033089&ymid=804761551587516553&uhd=1&zoneId=6391993 IP104.21.17.228:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerGoogle Trust Services LLC Subjectvawheghefe.com FingerprintB2:50:E5:11:84:55:CD:35:A8:55:23:ED:5D:E2:CD:13:70:D1:15:30 ValidityWed, 10 Apr 2024 13:12:45 GMT - Tue, 09 Jul 2024 13:12:44 GMT
File typeASCII text, with very long lines (1418), with no line terminators Hash18982b9a7366e45c98b1f0f20eb76296 8a80ae5c1918e1534a95d2dfa14a72d1648e854f dabca4d0e5e86e3ee3ad3d98328c7d09f762c463195a21c94dce67614d3cef6f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw-check-permissions/6391993?var=4314266&var_3=20598249_8033089&ymid=804761551587516553&uhd=1&zoneId=6391993 HTTP/1.1
Host: vawheghefe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android
Cookie: reverse=kAxwyNPA_7XcAhDWyiJ5tN99TTadRNWyDYDyGmW4esU; OAID=f61ea93ba27449bbbd03978b3cd2c0ed; oaidts=1713433664; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHc0OrZr985exnB7m%2B%2FoLXrkDvpPT7XOIbenx63%2BVZpbKmHKBOfDcrA2z5jINiVHJxMCNakeUmJx6dyqO%2FariePhfLLWiLtiWHb%2FqKLj0LfUoNoLnCqBdmnBwd9vHbxrmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763bc354d235685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android | 104.21.17.228 | 200 OK | 40 kB |
URL User Request GET HTTP/2vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android IP104.21.17.228:443
CertificateIssuerGoogle Trust Services LLC Subjectvawheghefe.com FingerprintB2:50:E5:11:84:55:CD:35:A8:55:23:ED:5D:E2:CD:13:70:D1:15:30 ValidityWed, 10 Apr 2024 13:12:45 GMT - Tue, 09 Jul 2024 13:12:44 GMT
File typeHTML document, ASCII text, with very long lines (1952), with CRLF, LF line terminators Hashe54886d49a452bef4ce60ad50a6fd4f6 fac2c19207c372a9ee7e3655ff53ac5b2bf8ab63 41625c545663fc0cfab00c56a8086b03217e3c74472835d26fdf84f5847792d9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android HTTP/1.1
Host: vawheghefe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=kAxwyNPA_7XcAhDWyiJ5tN99TTadRNWyDYDyGmW4esU; expires=Thu, 18-Apr-2024 10:47:44 GMT; Max-Age=3600; path=/
OAID=00804281a9aa4558fdc3e5c0c3a597be; expires=Fri, 04-Aug-2079 19:35:28 GMT; Max-Age=1744969664; path=/
oaidts=1713433664; expires=Fri, 04-Aug-2079 19:35:28 GMT; Max-Age=1744969664; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bE4X3GYbniNv77ZfiNcygOZojRvo0EBXrvlGqJEyb2e4eFYkWuyrkZvTumKdzYrAVdsyumnDDsOyceqFOT9ecU7SOb%2FaIx%2Fon1G%2BpxuwHxPWAB4QryiTA7sEgm8sRdjkLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763bc2fdf3256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| vawheghefe.com/pfe/current/micro.tag.min.js?z=6391993&ymid=804761551587516553&var=4314266&sw=/sw-check-permissions/6391993&uhd=1&os_version=x86.64&var_3=20598249_8033089 | 104.21.17.228 | 200 OK | 36 kB |
URL GET HTTP/3vawheghefe.com/pfe/current/micro.tag.min.js?z=6391993&ymid=804761551587516553&var=4314266&sw=/sw-check-permissions/6391993&uhd=1&os_version=x86.64&var_3=20598249_8033089 IP104.21.17.228:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerGoogle Trust Services LLC Subjectvawheghefe.com FingerprintB2:50:E5:11:84:55:CD:35:A8:55:23:ED:5D:E2:CD:13:70:D1:15:30 ValidityWed, 10 Apr 2024 13:12:45 GMT - Tue, 09 Jul 2024 13:12:44 GMT
File typeJavaScript source, ASCII text, with very long lines (36528), with no line terminators Hashb64d3763f9aa99e7edc76dc0dd29d030 9b5d6da9384fe75fcc5a4f79ad2cde0399bfd523 e64712048ba884038027c9037196f430b7ae020a3ec9679dfd577a6fb58f9de3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?z=6391993&ymid=804761551587516553&var=4314266&sw=/sw-check-permissions/6391993&uhd=1&os_version=x86.64&var_3=20598249_8033089 HTTP/1.1
Host: vawheghefe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android
Cookie: reverse=kAxwyNPA_7XcAhDWyiJ5tN99TTadRNWyDYDyGmW4esU; OAID=00804281a9aa4558fdc3e5c0c3a597be; oaidts=1713433664
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:57:13 GMT
vary: Accept-Encoding
etag: W/"661e9fd9-8eb0"
access-control-allow-credentials: true
cache-control: max-age=86400
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uU%2FOkBc4OuAqkZ5UGR%2Bnv8x8XBBiofjiKctlPaVvH5GiWq6zKR%2BTiYcuo0mfnBYh9oxXK8jg4NfNCNrrwGf5ocPlmH90zqqdlpmMMWePFhhWm1CADO%2FVz%2BHSXZxyasyY8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763bc3269ae5685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| littlecdn.com/apps/templates/questions/video-bg-changeable/build/main.css?v3187363797284 | 104.22.25.116 | 200 OK | 5.7 kB |
URL GET HTTP/2littlecdn.com/apps/templates/questions/video-bg-changeable/build/main.css?v3187363797284 IP104.22.25.116:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeASCII text, with very long lines (5717), with no line terminators Hash41894abe4a695612e996e078a27e2e11 99061fad955acea6cff93bed41861e9c1a02faa5 16b563287c84f8ae0dc9a8f1b41cb58a7cea8e9189a79c172735c65f043f9369
GET /apps/templates/questions/video-bg-changeable/build/main.css?v3187363797284 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: text/css
last-modified: Wed, 17 Apr 2024 11:33:14 GMT
vary: Accept-Encoding
etag: W/"661fb37a-164c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 4327
server: cloudflare
cf-ray: 8763bc32cb0a56ae-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android&mprtr=1&os_version=x86.64 | 104.21.17.228 | 200 OK | 2 B |
URL POST HTTP/3vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android&mprtr=1&os_version=x86.64 IP104.21.17.228:443
Requested byhttps://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android CertificateIssuerGoogle Trust Services LLC Subjectvawheghefe.com FingerprintB2:50:E5:11:84:55:CD:35:A8:55:23:ED:5D:E2:CD:13:70:D1:15:30 ValidityWed, 10 Apr 2024 13:12:45 GMT - Tue, 09 Jul 2024 13:12:44 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android&mprtr=1&os_version=x86.64 HTTP/1.1
Host: vawheghefe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vawheghefe.com
DNT: 1
Connection: keep-alive
Referer: https://vawheghefe.com/?aabpush=2&autoexitTime=100&b=20598249&ba=1&campid=8033089&did=7&dm=0&ep=1&fp=0&g=ID&i18db=1&ippZone=6391997&l=oY60NGAazS4kuIG&oaid=00804281a9aa4558fdc3e5c0c3a597be&retrySubscriptionRequest=1&s=804761551587516553&ssk=dc2efa87f2ebf582bbb6839c7a07dadf&subdomen=1&svar=1713433625&ttb1=6391996&ttbTime=3&ttbpa=6391998&v=bbd4dce2c4&vi=1&vo=1&z=4314266&tr=default&browser=chrome&os=android&osversion=unspecified_android
Cookie: reverse=kAxwyNPA_7XcAhDWyiJ5tN99TTadRNWyDYDyGmW4esU; OAID=00804281a9aa4558fdc3e5c0c3a597be; oaidts=1713433664
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 200 OK
date: Thu, 18 Apr 2024 09:47:44 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0b3mTdT9nZXR%2BRGflQPtcnpQDohQA96syhuAx5H1Y%2BxZBLL5rZb6JcKHyrv08j8dB2FVhgoPlim1%2BhINCt2sXEgl2ZehNJpGmcBipwO2%2BU0GAsDIc2GMqIDu1Dw4q1Z4Qw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763bc340bb95685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|