Report - disablepovertyhers.com/cavtpcge95?adb=n&dev=r&key=8eed0af3ba88434b397fe82f5912d434&kw=["livecamrips","com","alex","saeli","live","show","recorded","on","2023-09-16","00","46","46"]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/1111664&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=-5&uhgw=69&uuid=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1&v=24.5.6485

Report Overview

Visited public
2024-05-04 01:28:11
Tags
URL
disablepovertyhers.com/cavtpcge95?adb=n&dev=r&key=8eed0af3ba88434b397fe82f5912d434&kw=["livecamrips","com","alex","saeli","live","show","recorded","on","2023-09-16","00","46","46"]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/1111664&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=-5&uhgw=69&uuid=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1&v=24.5.6485
Finishing URL
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
IP / ASN
172.240.253.132
#7979 SERVERS-COM
Title
Attention

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
disablepovertyhers.com	unknown	2024-04-29	2024-04-30 07:12:31	2024-05-01 16:09:03	5.2 kB	4.9 kB	192.243.61.227
continue.fda42234mpe7.top	unknown	unknown	No data	No data	4.7 kB	927 kB	194.63.140.103
loadingscripts.com	unknown	2023-04-27	2023-04-29 06:33:24	2024-04-25 11:41:00	2.4 kB	113 kB	194.63.140.103
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-05-02 18:30:02	461 B	3.0 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	disablepovertyhers.com	Sinkholed
2024-05-03	medium	disablepovertyhers.com	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed
2024-05-03	medium	disablepovertyhers.com	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed
2024-05-03	medium	fda42234mpe7.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/	ScriptElement	260 B	2023-03-08	2025-06-12
Pretty URL continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/ IP 194.63.140.103 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 14:26 Last Seen2025-06-12 00:16 Times Seen1757 Hash f28063a135af184914b3f7a5796c4851 72638387ff646cfa58c592b68d1d40b16bc7d261 4da7a8051cd4a05458dcb756294226385c9ce2d868a2293114b0ee79a0ac9787 Loading...

	continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/	ScriptElement	308 B	2023-03-08	2025-06-10
Pretty URL continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/ IP 194.63.140.103 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 14:26 Last Seen2025-06-10 21:38 Times Seen405 Hash 14c5b8f1a7e01fd9a69c08aa61209399 b5ad226d312d2094c4cfbd618cfd3b7a47c93867 29bde66af110ae9024416a1ac741ebc1672f84d9c68fab167c59d340312d7a3b Loading...

	continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/	ScriptElement	112 B	2023-05-25	2025-06-10
Pretty URL continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/ IP 194.63.140.103 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-25 20:42 Last Seen2025-06-10 21:38 Times Seen485 Hash 7b556b5c53e6044f936419f783c82ae8 cf28d9e5c2e04442d6aba982caa3ebb601a99ac3 7ce041c3470f00f3cfa8146f92a512b45fd1cd480b8cc397e91e30b457ca2bd3 Loading...

	continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/	ScriptElement	305 B	2023-03-08	2025-06-10
Pretty URL continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/ IP 194.63.140.103 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 14:26 Last Seen2025-06-10 21:38 Times Seen404 Hash 714e1a55a9482dc57128f14a9334b0b6 4fc73524b5c3bdb66a743680403a6507867ee750 e0b9a49d7f77ba106f801e71a0eac6a495bfa66e2beda13255dc0b8eb54188c7 Loading...

	loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js	ScriptElement	1.8 kB	2023-05-25	2025-06-10
Pretty URL loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js IP 194.63.140.103 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-25 20:42 Last Seen2025-06-10 21:38 Times Seen491 Hash 8dc402b92b1ed0b13627e2ba1b928cc7 35d1e71cdea9a15b778c6137baaaac1eda4aabb3 b1d3e86c81061bd76770790bf5e2f0ffa7b45f2c4e3fc3400a7142bf9b3a53fb Loading...

	loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js	ScriptElement	2.8 kB	2023-03-29	2025-06-10
Pretty URL loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js IP 194.63.140.103 ASN #50113 NTX Technologies s.r.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:47 Last Seen2025-06-10 21:38 Times Seen947 Hash 01a2c61eb40ce8e341a0801f78da7735 1cb39b0674bc20c3208c16c53c131e74704759ed 03d593cbf7b72d3c70caedac0c0259330ce8b1a45b708e92e3f19245b6ca9929 Loading...

HTTP Transactions (18)

URL IP Response Size

disablepovertyhers.com/cavtpcge95?adb=n&dev=r&key=8eed0af3ba88434b397fe82f5912d434&kw=[%22livecamrips%22,%22com%22,%22alex%22,%22saeli%22,%22live%22,%22show%22,%22recorded%22,%22on%22,%222023-09-16%22,%2200%22,%2246%22,%2246%22]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/1111664&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=-5&uhgw=69&uuid=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1&v=24.5.6485

192.243.61.227

1.7 kB

URL
disablepovertyhers.com/cavtpcge95?adb=n&dev=r&key=8eed0af3ba88434b397fe82f5912d434&kw=[%22livecamrips%22,%22com%22,%22alex%22,%22saeli%22,%22live%22,%22show%22,%22recorded%22,%22on%22,%222023-09-16%22,%2200%22,%2246%22,%2246%22]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/1111664&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=-5&uhgw=69&uuid=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1&v=24.5.6485
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (964)
Size
1.7 kB (1706 bytes)
Hash
4782ab5955c3bfd5b06f8243aeeafff2
b646343f0fc7dcec815565941db6ceb50283aae4
ff52e92d3d71ffdae9e716adf9898111b5e023a33e53b85a7a28a4c0f3e31c1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cavtpcge95?adb=n&dev=r&key=8eed0af3ba88434b397fe82f5912d434&kw=[%22livecamrips%22,%22com%22,%22alex%22,%22saeli%22,%22live%22,%22show%22,%22recorded%22,%22on%22,%222023-09-16%22,%2200%22,%2246%22,%2246%22]&psid=livecamrips.com,livecamrips.com&refer=https://livecamrips.com/video/1111664&res=14.31&scrHeight=1080&scrWidth=1920&ship=&sub3=invoke_layer&tz=-5&uhgw=69&uuid=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1&v=24.5.6485 HTTP/1.1
Host: disablepovertyhers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:27:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=22400125; expires=Sun, 05 May 2024 01:27:45 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjQwMDEyNSwiayI6IjhlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Iiwic2lkIjoibGl2ZWNhbXJpcHMuY29tLGxpdmVjYW1yaXBzLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MjQxODc0OSwicGlkIjo4MTQ2NDAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjgsInB0Ijo0LCJwayI6ImNhdnRwY2dlOTUiLCJjcGtzIjp7IjI5IjoiNWM0MTA2NzBlNjkwY2U5ZGYwZDlkYzk3NDM1MDM1ODgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpdmVjYW1yaXBzLmNvbS92aWRlby8xMTExNjY0IiwiYXIiOltdfX0.2wC_tu58ON6GZQX0FvQETffSGH0QUVHGhMyitjj1hkk; expires=Sat, 04 May 2024 01:28:45 GMT
uid_id2=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1; expires=Sat, 11 May 2024 01:27:45 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 39676c8eaec944d0129cb109d51c6992
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

disablepovertyhers.com/api/users?token=L2NhdnRwY2dlOTU_YWRiPW4mZGV2PXIma2V5PThlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Jmt3PSU1QiUyMmxpdmVjYW1yaXBzJTIyJTJDJTIyY29tJTIyJTJDJTIyYWxleCUyMiUyQyUyMnNhZWxpJTIyJTJDJTIybGl2ZSUyMiUyQyUyMnNob3clMjIlMkMlMjJyZWNvcmRlZCUyMiUyQyUyMm9uJTIyJTJDJTIyMjAyMy0wOS0xNiUyMiUyQyUyMjAwJTIyJTJDJTIyNDYlMjIlMkMlMjI0NiUyMiU1RCZwc2lkPWxpdmVjYW1yaXBzLmNvbSUyQ2xpdmVjYW1yaXBzLmNvbSZwc3Q9MTcxNDc4NjEyNSZyZWZlcj1odHRwcyUzQSUyRiUyRmxpdmVjYW1yaXBzLmNvbSUyRnZpZGVvJTJGMTExMTY2NCZyZXM9MTQuMzEmcm10Yz10JnNjckhlaWdodD0xMDgwJnNjcldpZHRoPTE5MjAmc2hpcD0mc2h1PTg0ZDExYTEzOWZjMmFlZGVlZjRjOWY5MGIwMTAxYjA4ZjlkMzM4ZWY5MzFkYzJmMzQ2Yjc4OTI1ZTAyMTU5MjU0YWRlMGRjYmQxNjQ4MTc0ZGVkMWJiZjJiNjBkOWM5MGMwZWE3ODc0MzNhNzdkNzQwMGRmNDA0ZGQ2Zjg4NTJlNTFhNWI0MDdhMWU0ZDFiOWY2ZGViN2RiNDQzYjAxYzA4YzgwMjMyZDk4ODM5MjJhMTA2ODA3NTljMGQ3ZDcmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTUmdWhndz02OSZ1dWlkPTZjZmM3NDc2LWJiNjUtNGExYi04NTRmLTBmZjI4OWI3MDM4YyUzQTIlM0ExJnY9MjQuNS42NDg1&uuid=6cfc7476-bb65-4a1b-854f-0ff289b7038c%3A2%3A1&pii=&in=false

192.243.61.227

302 Found

0 B

URL User Request GET HTTP/1.1
disablepovertyhers.com/api/users?token=L2NhdnRwY2dlOTU_YWRiPW4mZGV2PXIma2V5PThlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Jmt3PSU1QiUyMmxpdmVjYW1yaXBzJTIyJTJDJTIyY29tJTIyJTJDJTIyYWxleCUyMiUyQyUyMnNhZWxpJTIyJTJDJTIybGl2ZSUyMiUyQyUyMnNob3clMjIlMkMlMjJyZWNvcmRlZCUyMiUyQyUyMm9uJTIyJTJDJTIyMjAyMy0wOS0xNiUyMiUyQyUyMjAwJTIyJTJDJTIyNDYlMjIlMkMlMjI0NiUyMiU1RCZwc2lkPWxpdmVjYW1yaXBzLmNvbSUyQ2xpdmVjYW1yaXBzLmNvbSZwc3Q9MTcxNDc4NjEyNSZyZWZlcj1odHRwcyUzQSUyRiUyRmxpdmVjYW1yaXBzLmNvbSUyRnZpZGVvJTJGMTExMTY2NCZyZXM9MTQuMzEmcm10Yz10JnNjckhlaWdodD0xMDgwJnNjcldpZHRoPTE5MjAmc2hpcD0mc2h1PTg0ZDExYTEzOWZjMmFlZGVlZjRjOWY5MGIwMTAxYjA4ZjlkMzM4ZWY5MzFkYzJmMzQ2Yjc4OTI1ZTAyMTU5MjU0YWRlMGRjYmQxNjQ4MTc0ZGVkMWJiZjJiNjBkOWM5MGMwZWE3ODc0MzNhNzdkNzQwMGRmNDA0ZGQ2Zjg4NTJlNTFhNWI0MDdhMWU0ZDFiOWY2ZGViN2RiNDQzYjAxYzA4YzgwMjMyZDk4ODM5MjJhMTA2ODA3NTljMGQ3ZDcmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTUmdWhndz02OSZ1dWlkPTZjZmM3NDc2LWJiNjUtNGExYi04NTRmLTBmZjI4OWI3MDM4YyUzQTIlM0ExJnY9MjQuNS42NDg1&uuid=6cfc7476-bb65-4a1b-854f-0ff289b7038c%3A2%3A1&pii=&in=false
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectdisablepovertyhers.com
Fingerprint0A:69:39:81:7E:C8:02:63:21:26:95:6A:6A:3F:CC:AA:B4:4E:C8:07
ValidityMon, 29 Apr 2024 08:17:06 GMT - Sun, 28 Jul 2024 08:17:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2NhdnRwY2dlOTU_YWRiPW4mZGV2PXIma2V5PThlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Jmt3PSU1QiUyMmxpdmVjYW1yaXBzJTIyJTJDJTIyY29tJTIyJTJDJTIyYWxleCUyMiUyQyUyMnNhZWxpJTIyJTJDJTIybGl2ZSUyMiUyQyUyMnNob3clMjIlMkMlMjJyZWNvcmRlZCUyMiUyQyUyMm9uJTIyJTJDJTIyMjAyMy0wOS0xNiUyMiUyQyUyMjAwJTIyJTJDJTIyNDYlMjIlMkMlMjI0NiUyMiU1RCZwc2lkPWxpdmVjYW1yaXBzLmNvbSUyQ2xpdmVjYW1yaXBzLmNvbSZwc3Q9MTcxNDc4NjEyNSZyZWZlcj1odHRwcyUzQSUyRiUyRmxpdmVjYW1yaXBzLmNvbSUyRnZpZGVvJTJGMTExMTY2NCZyZXM9MTQuMzEmcm10Yz10JnNjckhlaWdodD0xMDgwJnNjcldpZHRoPTE5MjAmc2hpcD0mc2h1PTg0ZDExYTEzOWZjMmFlZGVlZjRjOWY5MGIwMTAxYjA4ZjlkMzM4ZWY5MzFkYzJmMzQ2Yjc4OTI1ZTAyMTU5MjU0YWRlMGRjYmQxNjQ4MTc0ZGVkMWJiZjJiNjBkOWM5MGMwZWE3ODc0MzNhNzdkNzQwMGRmNDA0ZGQ2Zjg4NTJlNTFhNWI0MDdhMWU0ZDFiOWY2ZGViN2RiNDQzYjAxYzA4YzgwMjMyZDk4ODM5MjJhMTA2ODA3NTljMGQ3ZDcmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTUmdWhndz02OSZ1dWlkPTZjZmM3NDc2LWJiNjUtNGExYi04NTRmLTBmZjI4OWI3MDM4YyUzQTIlM0ExJnY9MjQuNS42NDg1&uuid=6cfc7476-bb65-4a1b-854f-0ff289b7038c%3A2%3A1&pii=&in=false HTTP/1.1
Host: disablepovertyhers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://disablepovertyhers.com/api/users?token=L2NhdnRwY2dlOTU_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMjQwMDEyNQ
Cookie: u_pl=22400125; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjQwMDEyNSwiayI6IjhlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Iiwic2lkIjoibGl2ZWNhbXJpcHMuY29tLGxpdmVjYW1yaXBzLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MjQxODc0OSwicGlkIjo4MTQ2NDAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjgsInB0Ijo0LCJwayI6ImNhdnRwY2dlOTUiLCJjcGtzIjp7IjI5IjoiNWM0MTA2NzBlNjkwY2U5ZGYwZDlkYzk3NDM1MDM1ODgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpdmVjYW1yaXBzLmNvbS92aWRlby8xMTExNjY0IiwiYXIiOltdfX0.2wC_tu58ON6GZQX0FvQETffSGH0QUVHGhMyitjj1hkk; uid_id2=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:27:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1
Set-Cookie: uid_id2=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1; expires=Sat, 11 May 2024 01:27:46 GMT
pdhtkv=true; expires=Sun, 05 May 2024 01:27:46 GMT
uncs=1; expires=Sun, 05 May 2024 01:27:46 GMT
pdhtkv28=true; expires=Sun, 05 May 2024 01:27:46 GMT
uncs28=1; expires=Sun, 05 May 2024 01:27:46 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 72c03186da7de1c46afbd84351cb0741
Strict-Transport-Security: max-age=0; includeSubdomains

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1

194.63.140.103

301 Moved Permanently

169 B

URL User Request GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
7bfa7d6c09e81809ae19180e04607520
f059c9ef83cdc594ab2c8e234c79f7124f011ce4
ba7e5608ec93d78dd74030fcecaff068d047db3fc4367cf36f89205668771d60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1 HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://disablepovertyhers.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:46 GMT
Content-Type: text/html
Content-Length: 169
Location: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Connection: keep-alive
Keep-Alive: timeout=10

disablepovertyhers.com/favicon.ico

192.243.61.225

0 B

URL
disablepovertyhers.com/favicon.ico
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: disablepovertyhers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://disablepovertyhers.com/api/users?token=L2NhdnRwY2dlOTU_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMjQwMDEyNQ
Cookie: u_pl=22400125; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjQwMDEyNSwiayI6IjhlZWQwYWYzYmE4ODQzNGIzOTdmZTgyZjU5MTJkNDM0Iiwic2lkIjoibGl2ZWNhbXJpcHMuY29tLGxpdmVjYW1yaXBzLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MjQxODc0OSwicGlkIjo4MTQ2NDAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjgsInB0Ijo0LCJwayI6ImNhdnRwY2dlOTUiLCJjcGtzIjp7IjI5IjoiNWM0MTA2NzBlNjkwY2U5ZGYwZDlkYzk3NDM1MDM1ODgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2xpdmVjYW1yaXBzLmNvbS92aWRlby8xMTExNjY0IiwiYXIiOltdfX0.2wC_tu58ON6GZQX0FvQETffSGH0QUVHGhMyitjj1hkk; uid_id2=6cfc7476-bb65-4a1b-854f-0ff289b7038c:2:1; cjs=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 01:27:46 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1c32d3c1315e354fddc50d7d7e39da34
Strict-Transport-Security: max-age=0; includeSubdomains

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/

194.63.140.103

200 OK

4.8 kB

URL User Request GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
HTML document, ASCII text, with very long lines (1877)
Size
4.8 kB (4818 bytes)
Hash
c33f93b3c897fac2fd139d768c14596e
4e4072b6c6c7805c7b295063a0f0d77ec749a422
57f3beab79949364321ffc25d65e4f36ff51b480c578db0593615ad701826361

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1/ HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://disablepovertyhers.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:46 GMT
Content-Type: text/html
Last-Modified: Sun, 14 Jan 2024 10:04:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
ETag: W/"65a3b1ab-4e9c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Content-Encoding: gzip

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/animate.css

194.63.140.103

200 OK

4.9 kB

URL GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/animate.css
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
ASCII text
Size
4.9 kB (4894 bytes)
Hash
97d64faca1f1a0422ecf3ae998026899
61bc4cbfc9fc6e0db503aa67ba92c7c768a4c7e1
d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1/assets/animate.css HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:46 GMT
Content-Type: text/css
Last-Modified: Sun, 14 Jan 2024 10:04:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
ETag: W/"65a3b1b0-1361f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Content-Encoding: gzip

loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/style.css

194.63.140.103

200 OK

1.1 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/style.css
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1085 bytes)
Hash
79d9dfa9f91948462f9069fd3e5f61ae
6c8c5a83d3c8180a16dd7e6c3065c81ad38bcc94
8c8549291722875346b6e050a092cdda6088d579aba282a66304299616c55871

HTTP Headers

GET /progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/style.css HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: text/css
Last-Modified: Thu, 25 May 2023 12:41:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
ETag: W/"646f577b-fe7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Content-Encoding: gzip

loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js

194.63.140.103

200 OK

2.8 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/default_scripts/notification.js
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
JavaScript source, ASCII text, with very long lines (2801), with no line terminators
Size
2.8 kB (2801 bytes)
Hash
01a2c61eb40ce8e341a0801f78da7735
1cb39b0674bc20c3208c16c53c131e74704759ed
03d593cbf7b72d3c70caedac0c0259330ce8b1a45b708e92e3f19245b6ca9929

HTTP Headers

GET /progress_p/pwa_links/default_scripts/notification.js HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: application/javascript
Content-Length: 2801
Last-Modified: Fri, 24 Mar 2023 17:31:52 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "641dde88-af1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js

194.63.140.103

200 OK

1.8 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
ASCII text, with CRLF line terminators
Size
1.8 kB (1801 bytes)
Hash
8dc402b92b1ed0b13627e2ba1b928cc7
35d1e71cdea9a15b778c6137baaaac1eda4aabb3
b1d3e86c81061bd76770790bf5e2f0ffa7b45f2c4e3fc3400a7142bf9b3a53fb

HTTP Headers

GET /progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/pwa_custom.js HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: application/javascript
Content-Length: 1801
Last-Modified: Thu, 25 May 2023 12:47:54 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "646f58fa-709"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/loading.svg

194.63.140.103

200 OK

386 B

URL GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/loading.svg
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
SVG Scalable Vector Graphics image
Size
386 B (386 bytes)
Hash
484f8bcb59050331f28ec35ae84c3ef0
e083f687af91382e8485515369daffde1899a12a
d4d917c84ef07493d6dc83306cb754ddddc1cdb4fc879e09f5b54a0b6f11d451

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1/assets/loading.svg HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: image/svg+xml
Content-Length: 386
Last-Modified: Sun, 14 Jan 2024 10:04:36 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "65a3b1b4-182"
Accept-Ranges: bytes

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/qr2.png

194.63.140.103

200 OK

7.2 kB

URL GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/qr2.png
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
PNG image data, 1160 x 1160, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7192 bytes)
Hash
e8f6261c7f1f8a7621aa7f2fa7e1ba8e
f149d15d01844eacf10330c9663961e84d233f28
bbb8033431308d56b3ca1ca801be7c56eb232aae77d2226bf2884dcf68aecd8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1/assets/qr2.png HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: image/png
Content-Length: 7192
Last-Modified: Sun, 14 Jan 2024 10:04:38 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "65a3b1b6-1c18"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/new_free.svg

194.63.140.103

200 OK

1.5 kB

URL GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/new_free.svg
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1545 bytes)
Hash
add28f2b5b2a568a5d5b49bd7b40ec03
66ad7a5ce73b4f84f2f54e5e6150cd5cc923d25e
89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1/assets/new_free.svg HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: image/svg+xml
Content-Length: 1545
Last-Modified: Sun, 14 Jan 2024 10:04:37 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "65a3b1b5-609"
Accept-Ranges: bytes

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/1.png

194.63.140.103

200 OK

50 kB

URL GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/1.png
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
PNG image data, 980 x 980, 8-bit/color RGBA, non-interlaced
Size
50 kB (49867 bytes)
Hash
1143a7b3bc5051147099facc8dc1432e
3a01609fb60f785d3233a788dff4351a1d79d4c9
ff708dfd7d816c51832a47cebfaf051422ddd0ab0d96588b55a1a2b89c1f3f73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1/assets/1.png HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: image/png
Content-Length: 49867
Last-Modified: Sun, 14 Jan 2024 10:04:31 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "65a3b1af-c2cb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/close.svg

194.63.140.103

200 OK

1.3 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/close.svg
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1279 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/close.svg HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: image/svg+xml
Content-Length: 1279
Last-Modified: Wed, 24 May 2023 13:06:32 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "646e0bd8-4ff"
Accept-Ranges: bytes

loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/download-gif.gif

194.63.140.103

200 OK

104 kB

URL GET HTTP/1.1
loadingscripts.com/progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/download-gif.gif
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectloadingscripts.com
Fingerprint68:58:92:29:16:78:CF:4C:B7:14:6E:86:39:61:E2:B9:E7:53:BF:D9
ValiditySun, 21 Apr 2024 06:35:52 GMT - Sat, 20 Jul 2024 06:35:51 GMT

File type
GIF image data, version 89a, 188 x 188
Size
104 kB (104467 bytes)
Hash
2d00d3926dd5bb55e7ab4100bacb86a7
9d3c247c6e1fe672b8ba0849f30ed18c45176883
0175bfd9afe9543559c705914fac010a6d609017f0a2edcffe599549561fb5d0

HTTP Headers

GET /progress_p/pwa_links/main/cinema/custom_cinema_fullpage/1/download-gif.gif HTTP/1.1
Host: loadingscripts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: image/gif
Content-Length: 104467
Last-Modified: Thu, 25 May 2023 10:24:54 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "646f3776-19813"
Accept-Ranges: bytes

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/fav.png

194.63.140.103

200 OK

545 B

URL GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/fav.png
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
545 B (545 bytes)
Hash
418a1f510d301f62a0976ebcf9cda640
89b5dbdf41afda654ad9f95e1b2672ffe4c51c20
34ca666275595ea71b9787f7269141b947e95af772221947f5ddb060448ed77f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1/assets/fav.png HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: image/png
Content-Length: 545
Last-Modified: Sun, 14 Jan 2024 10:04:33 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "65a3b1b1-221"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/bg.gif

194.63.140.103

200 OK

854 kB

URL GET HTTP/1.1
continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/assets/bg.gif
IP
194.63.140.103:443
ASN
#50113 NTX Technologies s.r.o.

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerLet's Encrypt
Subjectfda42234mpe7.top
FingerprintF7:BF:FC:18:00:30:EC:6C:32:AC:DD:4C:F8:7F:97:B2:9A:D8:CC:DE
ValidityThu, 25 Apr 2024 10:05:53 GMT - Wed, 24 Jul 2024 10:05:52 GMT

File type
GIF image data, version 87a, 600 x 338
Size
854 kB (854531 bytes)
Hash
fb515d8640e8153526073e3dba53cef1
065dcee1850b622ab7e96586cc5ae737dd335587
306d7910500ae32624462375434beaab45581fdfb743af6f3efa5b096a403721

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /827ccb0eea8a706c4c34a16891f84e7b/1/assets/bg.gif HTTP/1.1
Host: continue.fda42234mpe7.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Sat, 04 May 2024 01:27:47 GMT
Content-Type: image/gif
Content-Length: 854531
Last-Modified: Sun, 14 Jan 2024 10:04:52 GMT
Connection: keep-alive
Keep-Alive: timeout=10
ETag: "65a3b1c4-d0a03"
Accept-Ranges: bytes

fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap

142.250.74.106

200 OK

2.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://continue.fda42234mpe7.top/827ccb0eea8a706c4c34a16891f84e7b/1/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (2407), with no line terminators
Size
2.3 kB (2344 bytes)
Hash
49aaa6034796a1cdd00eda16f3789ff1
d3432bbea990010600f37830b73085e879b65648
2611572424dee35d07fee2d8b80c1028f3ad6c558b550bd9114f15b3f3c4383a

HTTP Headers

GET /css2?family=Roboto:wght@300&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://continue.fda42234mpe7.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 01:27:47 GMT
date: Sat, 04 May 2024 01:27:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash