Report - dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563

Report Overview

Visited public
2025-06-02 05:47:26
Tags
URL
dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Finishing URL
lechosabode.shop/iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A
IP / ASN
23.109.170.86
#7979 SERVERS-COM
Title
lechosabode.shop/iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
arjunbeatee.shop	unknown	2025-05-02	2025-05-31	2025-05-31	5.7 kB	66 kB	51.89.192.129
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-28	555 B	41 kB	142.250.74.35
segarkojiri.top	unknown	2025-04-22	2025-04-23	2025-05-30	1.7 kB	1.6 kB	94.242.236.147
lechosabode.shop	unknown	2025-05-17	2025-05-20	2025-05-27	3.7 kB	3.0 kB	188.42.247.204
dh.terpenwordman.top	unknown	2025-05-27	2025-06-02	2025-06-02	3.8 kB	31 kB	23.109.170.98
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-05-28	473 B	6.3 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-02 05:47:04	medium	23.109.170.98	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-02 05:47:04	low	23.109.170.98	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-06-02 05:47:05	medium	94.242.236.147	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-02 05:47:05	low	94.242.236.147	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-06-02 05:47:05	medium	94.242.236.147	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-02 05:47:05	low	94.242.236.147	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	segarkojiri.top	Sinkholed
2025-06-02	medium	segarkojiri.top	Sinkholed
2025-06-02	medium	lechosabode.shop	Sinkholed
2025-06-02	medium	lechosabode.shop	Sinkholed
2025-06-02	medium	terpenwordman.top	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	terpenwordman.top	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	terpenwordman.top	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	segarkojiri.top	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	arjunbeatee.shop	Sinkholed
2025-06-02	medium	terpenwordman.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	dh.terpenwordman.top/prsur	ScriptElement	6.4 kB	2025-06-02	2025-06-02
Pretty URL dh.terpenwordman.top/prsur IP 23.109.170.98 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-02 05:47 Last Seen2025-06-02 05:47 Times Seen1 Hash 9b58586f5f8a0d2cc162939cbd26c11b c029b92d19acdc6a34d3517a837491df3dc4a9fc 8ac86749f3c74d59fadf1ecb3644949fd20cd31c956b3b62854aafb9ec7deee9 Loading...

	dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563	ScriptElement	2.1 kB	2025-06-02	2025-06-02
Pretty URL dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563 IP 23.109.170.98 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-02 05:47 Last Seen2025-06-02 05:47 Times Seen1 Hash 92f3bc5fe48cbd0c12f5a01e8a669676 a086d58f87e46e73df23a46b6e05b3836ded9ea9 04fb73c0377afbcd546b969f2913a6c86a1b5c7e9aa9ab08be9090a67bb46e40 Loading...

	lechosabode.shop/iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A	ScriptElement	8 B	2023-03-07	2025-06-12
Pretty URL lechosabode.shop/iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A IP 188.42.247.204 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:10 Last Seen2025-06-12 09:15 Times Seen4799 Hash 74bcdb854ab16ca0977687a071ccface 3fc98dccf6a4c618323aacd44660d0c32d1e9016 f729e7b610069468cbe062a7821762c27a15271967ac88eae69a538d48c5a29b Loading...

HTTP Transactions (23)

URL IP Response Size

arjunbeatee.shop/s/5e/88/5e8828cf86f46f5125a50a823de60e61.jpg

51.89.192.129

200 OK

6.5 kB

URL GET
arjunbeatee.shop/s/5e/88/5e8828cf86f46f5125a50a823de60e61.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
6.5 kB (6545 bytes)
Hash
5e8828cf86f46f5125a50a823de60e61
8c941c97376cb027d3a61477fb1c22604fdcca69
ceb36dd6eb9954ca6f88b1982bc2d8889867ef77ef834ebca862eef42ceeddf6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/5e/88/5e8828cf86f46f5125a50a823de60e61.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 6545
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-1991"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dh.terpenwordman.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 May 2025 10:03:46 GMT
expires: Fri, 29 May 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 330199
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

segarkojiri.top/cuid/?f=https%3A%2F%2Fdh.terpenwordman.top

94.242.236.147

200 OK

32 B

URL POST
segarkojiri.top/cuid/?f=https%3A%2F%2Fdh.terpenwordman.top
IP
94.242.236.147:443
ASN
#7979 SERVERS-COM

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type
JSON text data
Size
32 B (32 bytes)
Hash
fab558075247b3dd00540fe54cf1be74
2104ac5bb69998166a942c9c66dc9fde0be556a3
ae7012b5119afd21a43bf7313d9e72811a5e0222d20d8cfe87ae4ba01e4f4f0a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cuid/?f=https%3A%2F%2Fdh.terpenwordman.top HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dh.terpenwordman.top/
Content-Type: application/json
Content-Length: 10
Origin: https://dh.terpenwordman.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dh.terpenwordman.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=674ea2ece92444dfa301be; expires=Wed, 16 Oct 2052 07:43:40 GMT; domain=segarkojiri.top; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

segarkojiri.top/cuid/?f=https%3A%2F%2Fdh.terpenwordman.top

94.242.236.147

200 OK

0 B

URL OPTIONS
segarkojiri.top/cuid/?f=https%3A%2F%2Fdh.terpenwordman.top
IP
94.242.236.147:443
ASN
#7979 SERVERS-COM

Requested by
https://dh.terpenwordman.top/iyHr5VjAQ2ssrXuR/83540?param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /cuid/?f=https%3A%2F%2Fdh.terpenwordman.top HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dh.terpenwordman.top/
Origin: https://dh.terpenwordman.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:20 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dh.terpenwordman.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

lechosabode.shop/iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A

188.42.247.204

200 OK

52 B

URL User Request GET
lechosabode.shop/iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A
IP
188.42.247.204:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectlechosabode.shop
Fingerprint15:B3:36:EF:C6:41:28:9B:8E:21:ED:25:D9:D8:D3:27:09:D6:60:CF
ValiditySat, 17 May 2025 09:28:32 GMT - Fri, 15 Aug 2025 09:28:31 GMT

File type
HTML document, ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
86733bb66fb84b851592d733e51f0cbd
42eaf19a5ca195667a9212b0ea3557eee76954a8
927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A HTTP/1.1
Host: lechosabode.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Tue, 03-Jun-2025 05:47:20 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Tue, 03-Jun-2025 05:47:20 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

lechosabode.shop/favicon.ico

188.42.247.204

200 OK

1.4 kB

URL GET
lechosabode.shop/favicon.ico
IP
188.42.247.204:443
ASN
#7979 SERVERS-COM

Requested by
https://lechosabode.shop/iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A
Certificate
IssuerLet's Encrypt
Subjectlechosabode.shop
Fingerprint15:B3:36:EF:C6:41:28:9B:8E:21:ED:25:D9:D8:D3:27:09:D6:60:CF
ValiditySat, 17 May 2025 09:28:32 GMT - Fri, 15 Aug 2025 09:28:31 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lechosabode.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lechosabode.shop/iMVACDMGwhZFkdRRzmudSpif/83540/?md=eyJ0dmMiOjAsImEiOjQxNTQsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6Imh0dHBzOi8vZGgudGVycGVud29yZG1hbi50b3AvbC9ETVBfcGljdHVyZV9jYXB0Y2hhP2M9OENGMjhGQzAtM0Y3NC0xMUYwLTlGQTMtMjlFNTEwOEQzNTRBJnM9Njg1NjMiLCJxIjoiaHR0cHM6Ly9kaC50ZXJwZW53b3JkbWFuLnRvcC9peUhyNVZqQVEyc3NyWHVSLzgzNTQwP3BhcmFtXzQ9Njg1NjMmcGFyYW1fNT04Q0YyOEZDMC0zRjc0LTExRjAtOUZBMy0yOUU1MTA4RDM1NEEiLCJoIjozNzM2LCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo1NjQ2LCJrIjowLCJ1IjoiNjc0ZWEyZWNlOTI0NDRkZmEzMDFiZSIsImYiOmZhbHNlLCJ3aCI6Im5vdCBpbiBpZnJhbWUiLCJpaCI6IjEyODB4MTAyNCIsImUiOiJpMXUwcjNoMmNsb3dhZmQiLCJvIjp0cnVlLCJtIjoxNzQ4ODQzMjQwNTI5LCJ3IjoiJTdCJTIydGl0bGUlMjIlM0ElMjIlMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=c6RgIcPj0zVMvbU8f8ibPBq4BaDkl48tyNlz6p4PM60&param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:21 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Fri, 30 May 2025 13:27:42 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6839b24e-57e"
Expires: Tue, 03 Jun 2025 05:47:21 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563

23.109.170.98

200 OK

8.3 kB

URL User Request GET
dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
IP
23.109.170.98:443
ASN
#7979 SERVERS-COM

Certificate
IssuerZeroSSL
Subjectdh.terpenwordman.top
FingerprintC8:D9:F6:0A:4D:2A:C3:FF:D4:1E:40:F9:DB:10:70:AD:59:F2:14:AD
ValidityTue, 27 May 2025 00:00:00 GMT - Mon, 25 Aug 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
8.3 kB (8296 bytes)
Hash
93c45522460596608e2d50c53317cf0f
4e8b9d81174256f1faba732687e3029c85592d4d
82ab6dcef65365712830bbc9b21ee3a3fc3cf91e3aa22e81027b3cd9fff8689a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563 HTTP/1.1
Host: dh.terpenwordman.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Cache-Control: max-age=600
Last-modified: Tue, 28 Nov 2023 15:30:10 GMT
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Tue, 03-Jun-2025 05:47:04 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Tue, 03-Jun-2025 05:47:04 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

arjunbeatee.shop/s/3a/4d/3a4d0d6d1ab7e1673dead372169de413.jpg

51.89.192.129

200 OK

6.6 kB

URL GET
arjunbeatee.shop/s/3a/4d/3a4d0d6d1ab7e1673dead372169de413.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
6.6 kB (6562 bytes)
Hash
3a4d0d6d1ab7e1673dead372169de413
b462d008e1a6a7d74268ae6da5454c7a9e87e147
1a89f634d1cf38f2eea11240cc7323e65aac952ed1833b7b4fc80c62ae68ddad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/3a/4d/3a4d0d6d1ab7e1673dead372169de413.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 6562
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-19a2"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

arjunbeatee.shop/s/3b/b8/3bb81bc51796d44da9dbc0cc2a2f644c.jpg

51.89.192.129

200 OK

5.2 kB

URL GET
arjunbeatee.shop/s/3b/b8/3bb81bc51796d44da9dbc0cc2a2f644c.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
5.2 kB (5245 bytes)
Hash
3bb81bc51796d44da9dbc0cc2a2f644c
d6a105b61e7b1c248a9140366c357efe8829529d
e973306d7894ffe01a0c487ed4e9f000e2a06b996108ee6ceab408737cae966b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/3b/b8/3bb81bc51796d44da9dbc0cc2a2f644c.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 5245
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-147d"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

arjunbeatee.shop/s/59/d4/59d4c0ec31782dcccbb29b1abf962950.svg

51.89.192.129

200 OK

344 B

URL GET
arjunbeatee.shop/s/59/d4/59d4c0ec31782dcccbb29b1abf962950.svg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
SVG Scalable Vector Graphics image
Size
344 B (344 bytes)
Hash
59d4c0ec31782dcccbb29b1abf962950
72e984fc6494657824ab2c19d7ba7e640e285e48
262b47bc3ef4b4d0e15994ad4c8e0d7403a1c75f877ac05c0c82c80510c4e41c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/59/d4/59d4c0ec31782dcccbb29b1abf962950.svg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/svg+xml
Content-Length: 344
Last-Modified: Fri, 24 May 2024 16:48:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c1-158"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

dh.terpenwordman.top/prsur

23.109.170.98

200 OK

6.4 kB

URL GET
dh.terpenwordman.top/prsur
IP
23.109.170.98:443
ASN
#7979 SERVERS-COM

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerZeroSSL
Subjectdh.terpenwordman.top
FingerprintC8:D9:F6:0A:4D:2A:C3:FF:D4:1E:40:F9:DB:10:70:AD:59:F2:14:AD
ValidityTue, 27 May 2025 00:00:00 GMT - Mon, 25 Aug 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6378), with no line terminators
Size
6.4 kB (6378 bytes)
Hash
9b58586f5f8a0d2cc162939cbd26c11b
c029b92d19acdc6a34d3517a837491df3dc4a9fc
8ac86749f3c74d59fadf1ecb3644949fd20cd31c956b3b62854aafb9ec7deee9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /prsur HTTP/1.1
Host: dh.terpenwordman.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dh.terpenwordman.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Cache-Control: public
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

arjunbeatee.shop/s/26/1e/261e02df16f7665ba1b78b609a7fb2d4.jpg

51.89.192.129

200 OK

13 kB

URL GET
arjunbeatee.shop/s/26/1e/261e02df16f7665ba1b78b609a7fb2d4.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
13 kB (13020 bytes)
Hash
261e02df16f7665ba1b78b609a7fb2d4
f3c9aac73dfdfc5798968d58b08c10b4acdd7f16
f732ce2009432bc8b6485ff3894d9ecd0d23f040420c7c776d536da514668507

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/26/1e/261e02df16f7665ba1b78b609a7fb2d4.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 13020
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-32dc"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

arjunbeatee.shop/s/05/37/0537e1791dc0e149d08894b6588a1457.svg

51.89.192.129

200 OK

335 B

URL GET
arjunbeatee.shop/s/05/37/0537e1791dc0e149d08894b6588a1457.svg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
SVG Scalable Vector Graphics image
Size
335 B (335 bytes)
Hash
0537e1791dc0e149d08894b6588a1457
0d60bfa54a65162c92c8ff05b57dc85f15d3e815
26099e0735f857fd5618b5557b4d7d37303d0e580e9d7eeda84b56d683d4cdb0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/05/37/0537e1791dc0e149d08894b6588a1457.svg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/svg+xml
Content-Length: 335
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-14f"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

dh.terpenwordman.top/iyHr5VjAQ2ssrXuR/83540?param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A

23.109.170.98

200 OK

12 kB

URL User Request GET
dh.terpenwordman.top/iyHr5VjAQ2ssrXuR/83540?param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A
IP
23.109.170.98:443
ASN
#7979 SERVERS-COM

Certificate
IssuerZeroSSL
Subjectdh.terpenwordman.top
FingerprintC8:D9:F6:0A:4D:2A:C3:FF:D4:1E:40:F9:DB:10:70:AD:59:F2:14:AD
ValidityTue, 27 May 2025 00:00:00 GMT - Mon, 25 Aug 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (11825)
Size
12 kB (12088 bytes)
Hash
166a7f48b4763bfed710f1ce6ce98781
3f93780a51ee83e2df85bbdc6866daf676bf1a0b
77c6d2f4567b3b324bb2c8a27224c50bf224ad5a2929b7b18009771e430d0107

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /iyHr5VjAQ2ssrXuR/83540?param_4=68563&param_5=8CF28FC0-3F74-11F0-9FA3-29E5108D354A HTTP/1.1
Host: dh.terpenwordman.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

arjunbeatee.shop/s/58/95/5895ca89bedbe51efb066518a11d930c.svg

51.89.192.129

200 OK

407 B

URL GET
arjunbeatee.shop/s/58/95/5895ca89bedbe51efb066518a11d930c.svg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
SVG Scalable Vector Graphics image
Size
407 B (407 bytes)
Hash
5895ca89bedbe51efb066518a11d930c
69b2bff044b717c9106b2fc77926ebb8a869da3b
fe0f623177600a9988066bab3460aa64af8f38f90a377f1d878021711b1bd533

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/58/95/5895ca89bedbe51efb066518a11d930c.svg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/svg+xml
Content-Length: 407
Last-Modified: Fri, 24 May 2024 16:47:59 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4bf-197"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

segarkojiri.top/cuid/?f=https%3A%2F%2Fdh.terpenwordman.top

94.242.236.147

200 OK

0 B

URL OPTIONS
segarkojiri.top/cuid/?f=https%3A%2F%2Fdh.terpenwordman.top
IP
94.242.236.147:443
ASN
#7979 SERVERS-COM

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /cuid/?f=https%3A%2F%2Fdh.terpenwordman.top HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dh.terpenwordman.top/
Origin: https://dh.terpenwordman.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dh.terpenwordman.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

fonts.googleapis.com/css2?family=Roboto:wght@100..900&display=swap

142.250.74.10

200 OK

5.6 kB

URL GET
fonts.googleapis.com/css2?family=Roboto:wght@100..900&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint1C:09:46:89:AD:F3:B6:3E:B4:89:F7:49:AC:15:E7:4E:A6:D2:AA:73
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
ASCII text, with very long lines (1572)
Size
5.6 kB (5621 bytes)
Hash
c394461ffd41552e9ccb3b3dd9f22d65
044d2e01ea991bb9a04a930fe593786c04edcf03
7d5ed0825e8024166e1d5be3c98e7f056ed274cc351db71da0e650a9b607e552

HTTP Headers

GET /css2?family=Roboto:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 02 Jun 2025 05:47:05 GMT
date: Mon, 02 Jun 2025 05:47:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

arjunbeatee.shop/s/90/06/90061af72da9a462f2d4c0c742b15a7e.jpg

51.89.192.129

200 OK

4.9 kB

URL GET
arjunbeatee.shop/s/90/06/90061af72da9a462f2d4c0c742b15a7e.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
4.9 kB (4935 bytes)
Hash
90061af72da9a462f2d4c0c742b15a7e
5b799f1b475d86b6f1fee6896f7bc2fdffa3cb18
1646cb0f483614e703b0f089f87f1012c590a7d3f1708c2e8460aeb11f7e346a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/90/06/90061af72da9a462f2d4c0c742b15a7e.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 4935
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-1347"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

arjunbeatee.shop/s/4c/5d/4c5da0f93a985516313a14f4a4e69580.jpg

51.89.192.129

200 OK

5.6 kB

URL GET
arjunbeatee.shop/s/4c/5d/4c5da0f93a985516313a14f4a4e69580.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
5.6 kB (5624 bytes)
Hash
4c5da0f93a985516313a14f4a4e69580
811fbc821ac6f63a8c9a1b0aaae715a56c705d59
fbd7f0fcd2c9837b3902c1198b7651f2785985aee4208c8e6d98401e471324ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/4c/5d/4c5da0f93a985516313a14f4a4e69580.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 5624
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-15f8"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

arjunbeatee.shop/s/89/a8/89a8d71198ed9d7a09f6b2b354a1ce7e.jpg

51.89.192.129

200 OK

5.7 kB

URL GET
arjunbeatee.shop/s/89/a8/89a8d71198ed9d7a09f6b2b354a1ce7e.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
5.7 kB (5653 bytes)
Hash
89a8d71198ed9d7a09f6b2b354a1ce7e
bc7bd31d31085bbc8e4450d4f3540bdfd8fa64d2
d4f1c9d6fbd2d2949b3260fd5643c498020dddaabdb5a5ffd4d4b75826c08cb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/89/a8/89a8d71198ed9d7a09f6b2b354a1ce7e.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 5653
Last-Modified: Fri, 24 May 2024 16:48:01 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c1-1615"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

arjunbeatee.shop/s/ca/bb/cabb2f341ace2809094884a062c53768.jpg

51.89.192.129

200 OK

6.4 kB

URL GET
arjunbeatee.shop/s/ca/bb/cabb2f341ace2809094884a062c53768.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
6.4 kB (6406 bytes)
Hash
cabb2f341ace2809094884a062c53768
1c9f03dbbb7988e7c7afad98d8363779adf76ef9
a8e9a141c57f45df2cd7edfcffebeeca19b8df6774bcce2bb261d4e7b3872366

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/ca/bb/cabb2f341ace2809094884a062c53768.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 6406
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-1906"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

arjunbeatee.shop/s/47/7d/477d01573cdfd5377e5d8878ad4bba68.jpg

51.89.192.129

200 OK

7.4 kB

URL GET
arjunbeatee.shop/s/47/7d/477d01573cdfd5377e5d8878ad4bba68.jpg
IP
51.89.192.129:443
ASN
#16276 OVH SAS

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerLet's Encrypt
Subjectarjunbeatee.shop
Fingerprint1E:FE:9A:B3:F3:A2:7A:8E:6C:50:9F:E8:DB:C3:74:87:C0:63:26:FD
ValidityFri, 02 May 2025 15:10:37 GMT - Thu, 31 Jul 2025 15:10:36 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
7.4 kB (7422 bytes)
Hash
477d01573cdfd5377e5d8878ad4bba68
93286f19b84c4af500f313651e91296185e8550f
6ae5b3ef464c7a521b518c33b30258667eda94e3a2f9c6434beabb8949fb229a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /s/47/7d/477d01573cdfd5377e5d8878ad4bba68.jpg HTTP/1.1
Host: arjunbeatee.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: image/jpeg
Content-Length: 7422
Last-Modified: Fri, 24 May 2024 16:48:00 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6650c4c0-1cfe"
Expires: Thu, 12 Jun 2025 05:47:05 GMT
Cache-Control: max-age=864000
Accept-Ranges: bytes

dh.terpenwordman.top/favicon.ico

23.109.170.98

200 OK

1.4 kB

URL GET
dh.terpenwordman.top/favicon.ico
IP
23.109.170.98:443
ASN
#7979 SERVERS-COM

Requested by
https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Certificate
IssuerZeroSSL
Subjectdh.terpenwordman.top
FingerprintC8:D9:F6:0A:4D:2A:C3:FF:D4:1E:40:F9:DB:10:70:AD:59:F2:14:AD
ValidityTue, 27 May 2025 00:00:00 GMT - Mon, 25 Aug 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dh.terpenwordman.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dh.terpenwordman.top/l/DMP_picture_captcha?c=8CF28FC0-3F74-11F0-9FA3-29E5108D354A&s=68563
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jun 2025 05:47:05 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Fri, 30 May 2025 13:27:43 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6839b24f-57e"
Expires: Tue, 03 Jun 2025 05:47:05 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL OPTIONS

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash