Report - live-khl.ru/ball/auth

Report Overview

Submitted URL
live-khl.ru/ball/auth
IP
104.21.31.167
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 10:39:08
Access
public
Website Title
Telegram Web
Final URL
live-khl.ru/ball/auth
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
50

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kws2.web.telegram.org	49675	2003-12-15	2021-06-23	2024-04-17	1.1 kB	436 B	149.154.167.99
venus.web.telegram.org	47739	2003-12-15	2017-01-29	2024-04-18	409 B	478 B	149.154.167.99
live-khl.ru	unknown	2024-02-13	2024-02-13	2024-04-15	11 kB	884 kB	172.67.178.173

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	live-khl.ru/ball/auth	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed
2024-04-18	medium	live-khl.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	live-khl.ru/button-1a8a4b7d.js	8.5 kB	2023-12-10	2024-04-30
Pretty URL live-khl.ru/button-1a8a4b7d.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-30 18:58:46 Times Seen76 Hash db2fcb1faf0ad3210f38a9dbeffebfbf a248f132d7662f64581bbd4a05756283345b6261 c8fff421d8b23fd9ddbf046f1c63d411ab15ee745fadc28bf1851d156514fae8 Loading...

	live-khl.ru/putPreloader-ae29ef38.js	699 B	2023-12-10	2024-04-30
Pretty URL live-khl.ru/putPreloader-ae29ef38.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-30 18:58:46 Times Seen69 Hash 259f536476625e11ffe9d1f10e96e242 78be832ca3954ee6c4cadec81a4ddb54650843a0 34e349140e7a6b3a220786219a85623d17cd6ad2c1239c1554a581ba7c72307c Loading...

	live-khl.ru/textToSvgURL-c6ebb454.js	357 B	2023-10-29	2024-04-30
Pretty URL live-khl.ru/textToSvgURL-c6ebb454.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-30 18:58:46 Times Seen136 Hash db363d8053c3aa976b2e2162860d6932 fef1a8b065868caacf63184d97c10aaf10ec6a28 62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663 Loading...

	live-khl.ru/asset/jquery.min.js	90 kB	2023-09-12	2024-04-30
Pretty URL live-khl.ru/asset/jquery.min.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-12 10:04:29 Last Seen2024-04-30 18:58:46 Times Seen141 Hash 1db92b83313d6fbaf76fd364688c8e6c 90c3cf0d1af00de7424a6b4b8f7f41b1200d3964 3ca4587ad13382ba7ede987f96682cc928589f037b1403fb43bd8ffc430809da Loading...

	live-khl.ru/index-cfdc21d6.js	124 kB	2024-04-17	2024-04-18
Pretty URL live-khl.ru/index-cfdc21d6.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 01:43:55 Last Seen2024-04-18 12:39:09 Times Seen3 Hash 5cefe6135c0afadfd3c005ab2ad85013 8684b4d5fa1d5cef6a87cd28844e2bb31e987aa3 57073d770568974e7355a527fb00eb9483e2a4115739810daab71c6d3e7fa77d Loading...

	live-khl.ru/countries-5301fc59.js	24 kB	2023-08-29	2024-04-30
Pretty URL live-khl.ru/countries-5301fc59.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-29 04:08:58 Last Seen2024-04-30 18:58:46 Times Seen374 Hash dff89d22ad674afafcc150af3a75d51f 3e103a40939f3e33f2ed2d2ac340dbd049b8dca1 7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80 Loading...

	live-khl.ru/lang-9ff1b05a.js	102 kB	2023-12-10	2024-04-30
Pretty URL live-khl.ru/lang-9ff1b05a.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-30 18:58:46 Times Seen70 Hash 4230df4a8128c30f22af1783386cae6f a5716da6085a7a07fc430f3f410bb36c9e54ac34 52113907183285220d884b4a99c8ee805b977e6b0039992d95005db0988187e0 Loading...

	live-khl.ru/page-49e139d4.js	10 kB	2023-12-10	2024-04-30
Pretty URL live-khl.ru/page-49e139d4.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-30 18:58:46 Times Seen121 Hash 6ccaefefec5a957c2d80fe5f97c8098b bf1eda880c524c21f78ff0424592f81fba4214ab 65659681146410adb22da9de126db5da27eb6032631d55c1c2bedebabd8e8f5f Loading...

	live-khl.ru/pageSignQR-55e34e76.js	5.6 kB	2023-12-10	2024-04-30
Pretty URL live-khl.ru/pageSignQR-55e34e76.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-30 18:58:46 Times Seen81 Hash 908a426b097ed038bf16088bb70c4d0a 51b080072f896e324ba8a2229e9303364354326d 96e7ecf00e95236690fe564fcef37e9a3f856d7731085dd856eec61a50720216 Loading...

	live-khl.ru/qr-code-styling-8a04fb73.js	66 kB	2023-12-10	2024-04-30
Pretty URL live-khl.ru/qr-code-styling-8a04fb73.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-30 18:58:46 Times Seen98 Hash 9bc1dca9d012e6cc87fc199909f9667b b340b1309516f10074080f5fcec5593101022612 d7d3232bf40cc555ad219d6b688afe4b2427e7fa00ae719e5f7fa4152dc0857f Loading...

	live-khl.ru/langSign-66e8939d.js	1.6 kB	2023-10-29	2024-04-30
Pretty URL live-khl.ru/langSign-66e8939d.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-30 18:58:46 Times Seen99 Hash b1fb189d8c6640ca34096506a34baaa4 cb811e89f3c08f1d90eda051a29760fa1165e4d8 7285632faf1a90db84b6da17536028924fd77630408e7ba20172637dd2b7fe32 Loading...

	live-khl.ru/_commonjsHelpers-725317a4.js	290 B	2023-12-10	2024-04-30
Pretty URL live-khl.ru/_commonjsHelpers-725317a4.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-30 18:58:46 Times Seen118 Hash cd6f232e1ba73081b1b70f3e1a14648f 7feaacf5309dc73289c5047b81c7c5781fc6f786 1b58f13a4a6a472ae93c91076b73ff754e8f7d4b3573764aed63a13e184d6fb1 Loading...

HTTP Transactions (27)

URL IP Response Size

live-khl.ru/asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

172.67.178.173

200 OK

11 kB

URL GET HTTP/3
live-khl.ru/asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-91acc02b.css
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 07 Dec 2023 12:00:17 GMT
etag: "2b08-60bea3608c5f8"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8MkuDuKB4oEaohCrv3goUfw73w9xy5eDRj5rfuaEXLHev9TiLxkEgiOiYTbeESILgJg13k8gsz5xY%2BBDNhNRgY%2B0O72BVascsKs2gHz%2FMtDysobBqBYWWumwdi8qtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406e01a1656ca-OSL
alt-svc: h3=":443"; ma=86400

live-khl.ru/lang-9ff1b05a.js

172.67.178.173

200 OK

31 kB

URL GET HTTP/3
live-khl.ru/lang-9ff1b05a.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
Unicode text, UTF-8 text, with very long lines (14604)
Size
31 kB (30820 bytes)
Hash
4230df4a8128c30f22af1783386cae6f
a5716da6085a7a07fc430f3f410bb36c9e54ac34
52113907183285220d884b4a99c8ee805b977e6b0039992d95005db0988187e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lang-9ff1b05a.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"18fbc-60bea755021cb-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uhw6wyltt1cyTjSg75vAAm1WuNotr5OqZrVVDKJZulmCw%2FSaM1%2FkbV7qA63s4NxtOonWU54fxDz6mcYyovBNIR%2F%2FbfuLfDt75gNk3Qgyh9oEaeil6gsQtDoM5lilfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e05a7e56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/crypto.worker-b2b2021e.js

172.67.178.173

200 OK

33 kB

URL GET HTTP/3
live-khl.ru/crypto.worker-b2b2021e.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
33 kB (33420 bytes)
Hash
061a201747d764fcd611ff886b2b27ef
d0fbcab1a5c52c5c38f46b2ed048cf8637716686
58fafa3a075d804360271b6b081e9c3c46ba344659ef3cb10d5561afc1147448

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /crypto.worker-b2b2021e.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:57 GMT
etag: W/"10ced-60bea75382553-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q9PkdU1J4kEMwHN8jKItLWcKONn8So1jV4Nnkqn%2FCsBdW9B8mUyoJZcg1wScfU5SLVUCfm1%2B2rVifrJiOEjxSoXw%2BY83SvRqVYHusCq25QRALtuVvjGkOXj70o%2BnKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e01a2956ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/textToSvgURL-c6ebb454.js

172.67.178.173

200 OK

434 B

URL GET HTTP/3
live-khl.ru/textToSvgURL-c6ebb454.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (306)
Size
434 B (434 bytes)
Hash
db363d8053c3aa976b2e2162860d6932
fef1a8b065868caacf63184d97c10aaf10ec6a28
62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/pageSignQR-55e34e76.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:01 GMT
etag: W/"165-60bea757c61a2-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ge8IKxnrDslzzHwW2szI577lApdPGFQYz5mb0F0WONM6M97u15YeQrHfNXAMcw34yCQifh63gUDw1vmqdpnONoWsIXZyq%2Fyh9guz7WSRdn1W0N%2BmX0V6o8nNtcL7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e21d2f56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sbgDc4ACduJ/mtS05cVdEw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 10:38:43 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Kwz/RVVLhezJpK9SUGBgEot9/fg=
Sec-WebSocket-Protocol: binary

live-khl.ru/qr-code-styling-8a04fb73.js

172.67.178.173

200 OK

28 kB

URL GET HTTP/3
live-khl.ru/qr-code-styling-8a04fb73.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (57474)
Size
28 kB (28365 bytes)
Hash
9bc1dca9d012e6cc87fc199909f9667b
b340b1309516f10074080f5fcec5593101022612
d7d3232bf40cc555ad219d6b688afe4b2427e7fa00ae719e5f7fa4152dc0857f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-8a04fb73.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"102a9-60bea756f2318-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4FdnVg0VT80nkbwKKhsmaGA0tLn8FqD%2BLyKVbjQjrbXeHBaj0olK8j2KsjK05iIzG%2FTdXTtHmHo9IAA%2B%2FUgMdO2X6YXAMMWsiqxnGPditEfJRKKkKC6zqVm2MklzUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e24d5e56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/
Content-Length: 0
Origin: https://live-khl.ru
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/html
content-length: 169
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

live-khl.ru/qr-code-styling-8a04fb73.js

172.67.178.173

200 OK

17 kB

URL GET HTTP/3
live-khl.ru/qr-code-styling-8a04fb73.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (57474)
Size
17 kB (17309 bytes)
Hash
9bc1dca9d012e6cc87fc199909f9667b
b340b1309516f10074080f5fcec5593101022612
d7d3232bf40cc555ad219d6b688afe4b2427e7fa00ae719e5f7fa4152dc0857f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-8a04fb73.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/pageSignQR-55e34e76.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"102a9-60bea756f2318-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dg%2FNYwsRevd8EAZ%2FxdpqKVUvIUwN%2Blbjlh92ZTXx6tsrZFqPjL6%2Bw%2FpnsQ13DUfZ%2Bzkq3Wayiw5YM8ioZDAph4wxNLTik02BtkSSZr5GiA6qui4t9v9IA4LI2c9yEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e24d6356ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kPh/U3ag3V+0OyNgFQqe4g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Thu, 18 Apr 2024 10:38:44 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6itFhyfquWunbu1Vttgr6UEe4P8=
Sec-WebSocket-Protocol: binary

live-khl.ru/textToSvgURL-c6ebb454.js

172.67.178.173

200 OK

4.7 kB

URL GET HTTP/3
live-khl.ru/textToSvgURL-c6ebb454.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (306)
Size
4.7 kB (4726 bytes)
Hash
db363d8053c3aa976b2e2162860d6932
fef1a8b065868caacf63184d97c10aaf10ec6a28
62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:01 GMT
etag: W/"165-60bea757c61a2-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pobrtnb%2FB3rjmRfqpKIDkudXRWhOvZ4rdsddsyqZY9SbaGj9TI0bRe10Wdv0eV75trLzoZO88lUWiCb40%2Fe8MOhl%2FAVsei6ten7%2F%2FCjvMs2D%2BOlrFmIp9Rn7Se0F1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e16c5c56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/button-1a8a4b7d.js

172.67.178.173

200 OK

13 kB

URL GET HTTP/3
live-khl.ru/button-1a8a4b7d.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (8465)
Size
13 kB (13443 bytes)
Hash
db2fcb1faf0ad3210f38a9dbeffebfbf
a248f132d7662f64581bbd4a05756283345b6261
c8fff421d8b23fd9ddbf046f1c63d411ab15ee745fadc28bf1851d156514fae8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /button-1a8a4b7d.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:56 GMT
etag: W/"213e-60bea753016e0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qNK7xRkMaa77bv%2FvX5Mo5KVrhEpmu%2B7Z2g7Sz60JkS4AEN9eGf8Rlce1KkAlBXAmNJGxvHlm6fEjEBW5w56pLNcg0%2BFETM7e2ED3NV7BWT8izg%2FqvFj40A3FdNRsFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e16c4256ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/_commonjsHelpers-725317a4.js

172.67.178.173

200 OK

5.7 kB

URL GET HTTP/3
live-khl.ru/_commonjsHelpers-725317a4.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text
Size
5.7 kB (5749 bytes)
Hash
cd6f232e1ba73081b1b70f3e1a14648f
7feaacf5309dc73289c5047b81c7c5781fc6f786
1b58f13a4a6a472ae93c91076b73ff754e8f7d4b3573764aed63a13e184d6fb1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_commonjsHelpers-725317a4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/qr-code-styling-8a04fb73.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:55 GMT
etag: W/"122-60bea75216158-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fV0aETihFUTUZKdMJMlLUYQX9lfeZs93%2Bc%2BhMDvYS65CoDRo84ZbslDzJmw4q6Um4ssYKOgp6Nw2SXNp7kehdmaqxNeP7eNeCJRyEGQ5xRFTC4t%2BptHxaM0P3lR2PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e31e9256ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/page-49e139d4.js

172.67.178.173

200 OK

8.2 kB

URL GET HTTP/3
live-khl.ru/page-49e139d4.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (10193)
Size
8.2 kB (8205 bytes)
Hash
6ccaefefec5a957c2d80fe5f97c8098b
bf1eda880c524c21f78ff0424592f81fba4214ab
65659681146410adb22da9de126db5da27eb6032631d55c1c2bedebabd8e8f5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /page-49e139d4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/pageSignQR-55e34e76.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:59 GMT
etag: W/"27fc-60bea755a62ba-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ks77vU%2B8R9eVg8dy7VBRsVtJeZE0vqdEFlNMEQRoFnjlPPnqm4chkEuwP%2FayDpIMo8j%2Fyw27KbBjZRK4aVlsLZMPi6tccCqrshoYbQGg1IjbPdBhYMoPZQBlI2xB6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e21d2656ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/putPreloader-ae29ef38.js

172.67.178.173

200 OK

699 B

URL GET HTTP/3
live-khl.ru/putPreloader-ae29ef38.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
cf9e4f7c2e108253b09f1f704d067045
298d923ef22804845e9e5b4d8771b4ca5e946365
fbf0df8e2e3349d955976a5f574da93bd6183fd4d6bfbdf66cd89007a7cb2aa3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-ae29ef38.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/pageSignQR-55e34e76.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"2bb-60bea756c351c-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J0YByG2O3zG9L3eweEFHDTohN6k5ySJXzVNhaB9Zjw4W20A86C27okxXy%2BsHbr57TfD1Sq8hF8yxrVLnARvq7Ny%2BNe9GHrFMwhCHBrCC1OYDi9Pw2hs8YW%2BKO81abA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e21d2d56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/ball/auth

172.67.178.173

200 OK

14 kB

URL User Request GET HTTP/2
live-khl.ru/ball/auth
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
HTML document, ASCII text, with very long lines (1757)
Size
14 kB (13645 bytes)
Hash
d81cb17c6ca692cce341c509d5ec57cc
39fee452e599617961a264e2c53349afe08846cb
ca911752ea5025c6a56d55637663ab5821d42ec5baf6be205ffa9a62025252ec

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ball/auth HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:38:42 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0bgt3YHbxDjeMtvxby1nStFv3KWv8WL7SPEiKtc7uQN%2BUESOkx%2FzS8yZUTCGZBmkw0JKu74bxppl4%2Bv%2F4ah84E6y4PO4o5Xq6ptcpCDA1eXBFhhwowswvdU%2FH7IDCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406dc681c0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

live-khl.ru/index-cfdc21d6.js

172.67.178.173

200 OK

124 kB

URL GET HTTP/3
live-khl.ru/index-cfdc21d6.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type

Size
124 kB (123893 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-cfdc21d6.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: application/javascript
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U29fpplB7hXiJ8ma%2B2illl%2BJ9sApszgJp8e0GTsG1eH0zfVGHkXt9c%2FBwydwFMBtRJKBPeJZd5v31wW6lPoYPijI5NTcyiNF3dqoIrgFQFbI8BiZEDEVX0M%2FatdJkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406deaf9156ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

172.67.178.173

200 OK

11 kB

URL GET HTTP/3
live-khl.ru/asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-91acc02b.css
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 07 Dec 2023 12:00:17 GMT
etag: "2b30-60bea360ae8d4"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S5Da6O51X0Cc28re2PmIy65zMltuz67cjqFZXO58IApCXLoccFzUmv20HeXQUwipu8Iqn3d0yYdFFsSxzFu2AunEoOqRiqZy1OPZjZhh5jBK5C5QT3ZaBLKVwSUakQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406e33ebe56ca-OSL
alt-svc: h3=":443"; ma=86400

live-khl.ru/pageSignQR-55e34e76.js

172.67.178.173

200 OK

5.6 kB

URL GET HTTP/3
live-khl.ru/pageSignQR-55e34e76.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (5762), with no line terminators
Size
5.6 kB (5585 bytes)
Hash
f83ba728a3431f8dc5ad3630071aebbb
7b4322b87b21a92f98fd468edd5e86a675ac492e
fdeef2c5c3478ee3d6d9f22fe492369bae1137e804e8048219633bb504d2633c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pageSignQR-55e34e76.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"15d1-60bea7564f1c9-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1JkdrCMT1XoV%2B9mU1oPV%2BEB9APo277tFO9nqFx14oHuC9zuXfDvjYD10If6Ykd1Op0smBJztXSzUZGAl69U5JTIWkcBMz8FBhHugic01eghzT7fZObpz7aUuVRuKuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e16c6356ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/img/logo_padded.svg

172.67.178.173

200 OK

1.1 kB

URL GET HTTP/3
live-khl.ru/asset/img/logo_padded.svg
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1069 bytes)
Hash
4c0b48654a4881c325148a5e00964160
d7d21756c9dd4c1bf4d97087811745aad60506a0
7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/img/logo_padded.svg HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:45 GMT
content-type: image/svg+xml
last-modified: Thu, 07 Dec 2023 12:00:14 GMT
etag: W/"42d-60bea35daff83"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bv6z9BufJP7go1JMFkiLwo1u36svTw9eVQ05JGVHLMVTM8MzWJKtWuZmASskdyu99%2FL5mmkf75GSQH5TRQ0rEPkPvTOps2FovpDAPQtTCBzKLD43Ei2nehWxu5GCHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406ee0f2556ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/index-91acc02b.css

172.67.178.173

200 OK

425 kB

URL GET HTTP/3
live-khl.ru/index-91acc02b.css
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type

Size
425 kB (425367 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-91acc02b.css HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/css
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"67d97-60bea754e4d0e-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3915
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pzL62hdSsGqi%2FphidzEwI7l8xFV7%2FIa%2BIaLzSPNoChCLlDIIURgDuO06LQnFq4wVgRwUXgFsK1eEdS32rLZcHjayrlmvQHuepSO4cBv6G%2Bo6zEMcbUFL3jLlw223QA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406deaf9756ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/img/favicon-16x16.png?v=jw3mK7G9Ry

172.67.178.173

200 OK

1.0 kB

URL GET HTTP/3
live-khl.ru/asset/img/favicon-16x16.png?v=jw3mK7G9Ry
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.0 kB (1012 bytes)
Hash
e3ce05eb00b3215df220efaf0fd06e21
d1533966f79dc2984c34317035f31cf3c91298c9
0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: image/png
content-length: 1012
last-modified: Thu, 07 Dec 2023 12:00:12 GMT
etag: "3f4-60bea35c583a7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pJ2CyQ0EzBUVqlRhGSO4XOCu2oy%2Fo0WUYXWT29RMRutmW7RwbLZ8w2hzfUr%2FSvwmhTOzole%2BVZ7QeV9fdM7OMlB8VHWV2tuSWYImHoFXNf0XXKtr8U5Ezrt0k%2FLv2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406e13bf056ca-OSL
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/jquery.min.js

172.67.178.173

200 OK

90 kB

URL GET HTTP/3
live-khl.ru/asset/jquery.min.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (90498 bytes)
Hash
1db92b83313d6fbaf76fd364688c8e6c
90c3cf0d1af00de7424a6b4b8f7f41b1200d3964
3ca4587ad13382ba7ede987f96682cc928589f037b1403fb43bd8ffc430809da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/jquery.min.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:10:36 GMT
etag: W/"16182-60bea5af51c2f-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3915
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FfP%2B340mJB6KV5OhXyGQuWgzxQKwxkTR%2FvEJV9bvZkfgFHYNAhG4wR1ZNYZjHSqW%2B0%2F2clz0KtSF73wOogDg2vNakb9BzXvDRhanV0YQZUBEDXasjs7s7sDnqVHNaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406deaf9456ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/countries-5301fc59.js

172.67.178.173

200 OK

24 kB

URL GET HTTP/3
live-khl.ru/countries-5301fc59.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type

Size
24 kB (24097 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /countries-5301fc59.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:56 GMT
etag: W/"5e21-60bea7533cffa-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fz4%2F6%2BUEPZhLkgxkGaGsmhYYoJrR4JX0FvbptG8f%2F4dO5mmvwLNfHN4EL12LdbIR2DvpxgE84s4MSNr%2F71uFYhOuWZGSQczak1EIypOyvbXL6jOlhHxBX2XvgO1Liw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e05a8156ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry

172.67.178.173

200 OK

9.0 kB

URL GET HTTP/3
live-khl.ru/asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
9.0 kB (9024 bytes)
Hash
87fecdadac0beb95f9b7c87b3b3236f0
822f92446c0033a32462aa21208efaef1f0d8c3c
25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: image/png
content-length: 9024
last-modified: Thu, 07 Dec 2023 12:00:13 GMT
etag: "2340-60bea35cf4797"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31uAM1gaUqZg7RAyT6wkFU7lgVyfNfNGZAeL%2BmRgMgHI6029uUn3UT2uUUkUCEw6L1BI7rK6SlBHVqhoAXtbYSpylQ47bMHgC1J51C0sOBkt9%2F1kzcZXhkMhfd0G3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876406e13bec56ca-OSL
alt-svc: h3=":443"; ma=86400

live-khl.ru/putPreloader-ae29ef38.js

172.67.178.173

200 OK

699 B

URL GET HTTP/3
live-khl.ru/putPreloader-ae29ef38.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
cf9e4f7c2e108253b09f1f704d067045
298d923ef22804845e9e5b4d8771b4ca5e946365
fbf0df8e2e3349d955976a5f574da93bd6183fd4d6bfbdf66cd89007a7cb2aa3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-ae29ef38.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"2bb-60bea756c351c-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJG9KRzzEyy%2FLe7eJ0WA3UNa6EIGJrxOBPAKOug7kFGhcGjBGF52J%2B9TvGY5rQe34y7DbOE44b%2F978m2F%2FJAbZLezqnq9kZtPDCCs1zebm9CsRVaIWEjmLrPJPKO5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e16c5956ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/langSign-66e8939d.js

172.67.178.173

200 OK

1.6 kB

URL GET HTTP/3
live-khl.ru/langSign-66e8939d.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (1751), with no line terminators
Size
1.6 kB (1646 bytes)
Hash
0d55451ee39b2aa034b815696a9b13ad
6144047d9652181c02b1e107703a9851ba5838ae
6efafb0c9358c1754c8d06ee1049bae36ff61108eb534f6c79a94d8b62f5b8f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /langSign-66e8939d.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=2nr0k0eavgdja66g6t5r9suebj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"66e-60bea755263e7-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TjwK7xg%2F8imRnvtKzqGwz9cFpUvEvbD712QeE3AHGSnKU9doGw%2BjZ1kNQbiM56Qw1INNiyFYHQSg8Mkv9w5mE3kcS%2BKIKZ9kbCsEzEJGrdJP14LKGJHYFEkkqqNaRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e05a7f56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/pageSignQR-55e34e76.js

172.67.178.173

200 OK

5.6 kB

URL GET HTTP/3
live-khl.ru/pageSignQR-55e34e76.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (5762), with no line terminators
Size
5.6 kB (5585 bytes)
Hash
f83ba728a3431f8dc5ad3630071aebbb
7b4322b87b21a92f98fd468edd5e86a675ac492e
fdeef2c5c3478ee3d6d9f22fe492369bae1137e804e8048219633bb504d2633c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pageSignQR-55e34e76.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:38:43 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"15d1-60bea7564f1c9-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1wgXa1iln%2FtQJfiD84dC8Pqy9GO7fyTlTLJQVzwJe9oTkjQjQAkThCTbNgYDo5nQR%2BEWdVVoAn7jj8DAeh9drZtFz93ETt7N3gRnEykLXyMKywz4%2FLOnQ33JyXOpfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876406e16c3c56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML