Report - live-khl.ru/ball/auth

Report Overview

Submitted URL
live-khl.ru/ball/auth
IP
172.67.178.173
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 17:21:20
Access
public
Website Title
Telegram Web
Final URL
live-khl.ru/ball/auth
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
50

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kws2.web.telegram.org	49675	2003-12-15	2021-06-23	2024-04-17	2.3 kB	872 B	149.154.167.99
live-khl.ru	unknown	2024-02-13	2024-02-13	2024-04-15	11 kB	946 kB	172.67.178.173
venus.web.telegram.org	47739	2003-12-15	2017-01-29	2024-04-16	790 B	1.0 kB	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	live-khl.ru/ball/auth	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed
2024-04-17	medium	live-khl.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	live-khl.ru/putPreloader-ae29ef38.js	699 B	2023-12-10	2024-04-27
Pretty URL live-khl.ru/putPreloader-ae29ef38.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-27 19:20:32 Times Seen68 Hash 259f536476625e11ffe9d1f10e96e242 78be832ca3954ee6c4cadec81a4ddb54650843a0 34e349140e7a6b3a220786219a85623d17cd6ad2c1239c1554a581ba7c72307c Loading...

	live-khl.ru/textToSvgURL-c6ebb454.js	357 B	2023-10-29	2024-04-27
Pretty URL live-khl.ru/textToSvgURL-c6ebb454.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-27 19:20:32 Times Seen135 Hash db363d8053c3aa976b2e2162860d6932 fef1a8b065868caacf63184d97c10aaf10ec6a28 62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663 Loading...

	live-khl.ru/_commonjsHelpers-725317a4.js	290 B	2023-12-10	2024-04-27
Pretty URL live-khl.ru/_commonjsHelpers-725317a4.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-27 19:20:32 Times Seen117 Hash cd6f232e1ba73081b1b70f3e1a14648f 7feaacf5309dc73289c5047b81c7c5781fc6f786 1b58f13a4a6a472ae93c91076b73ff754e8f7d4b3573764aed63a13e184d6fb1 Loading...

	live-khl.ru/asset/jquery.min.js	90 kB	2023-09-12	2024-04-27
Pretty URL live-khl.ru/asset/jquery.min.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-12 10:04:29 Last Seen2024-04-27 19:20:32 Times Seen139 Hash 1db92b83313d6fbaf76fd364688c8e6c 90c3cf0d1af00de7424a6b4b8f7f41b1200d3964 3ca4587ad13382ba7ede987f96682cc928589f037b1403fb43bd8ffc430809da Loading...

	live-khl.ru/langSign-66e8939d.js	1.6 kB	2023-10-29	2024-04-27
Pretty URL live-khl.ru/langSign-66e8939d.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 15:08:50 Last Seen2024-04-27 19:20:31 Times Seen98 Hash b1fb189d8c6640ca34096506a34baaa4 cb811e89f3c08f1d90eda051a29760fa1165e4d8 7285632faf1a90db84b6da17536028924fd77630408e7ba20172637dd2b7fe32 Loading...

	live-khl.ru/lang-9ff1b05a.js	102 kB	2023-12-10	2024-04-27
Pretty URL live-khl.ru/lang-9ff1b05a.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-27 19:20:32 Times Seen69 Hash 4230df4a8128c30f22af1783386cae6f a5716da6085a7a07fc430f3f410bb36c9e54ac34 52113907183285220d884b4a99c8ee805b977e6b0039992d95005db0988187e0 Loading...

	live-khl.ru/button-1a8a4b7d.js	8.5 kB	2023-12-10	2024-04-27
Pretty URL live-khl.ru/button-1a8a4b7d.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-27 19:20:32 Times Seen74 Hash db2fcb1faf0ad3210f38a9dbeffebfbf a248f132d7662f64581bbd4a05756283345b6261 c8fff421d8b23fd9ddbf046f1c63d411ab15ee745fadc28bf1851d156514fae8 Loading...

	live-khl.ru/qr-code-styling-8a04fb73.js	66 kB	2023-12-10	2024-04-27
Pretty URL live-khl.ru/qr-code-styling-8a04fb73.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-27 19:20:32 Times Seen97 Hash 9bc1dca9d012e6cc87fc199909f9667b b340b1309516f10074080f5fcec5593101022612 d7d3232bf40cc555ad219d6b688afe4b2427e7fa00ae719e5f7fa4152dc0857f Loading...

	live-khl.ru/index-cfdc21d6.js	124 kB	2024-04-12	2024-04-17
Pretty URL live-khl.ru/index-cfdc21d6.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 19:46:29 Last Seen2024-04-17 19:21:21 Times Seen9 Hash b3d5a2ad3709be85496ff7bf21b81728 cee23339eb4a73bacc995772c52bd493ad6e8d00 858cc0f508d585d657f441da3bf3a1d81dbdb6e7c5ebbb8b98e0138a1b76c585 Loading...

	live-khl.ru/countries-5301fc59.js	24 kB	2023-08-29	2024-04-27
Pretty URL live-khl.ru/countries-5301fc59.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-29 04:08:58 Last Seen2024-04-27 19:20:32 Times Seen372 Hash dff89d22ad674afafcc150af3a75d51f 3e103a40939f3e33f2ed2d2ac340dbd049b8dca1 7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80 Loading...

	live-khl.ru/page-49e139d4.js	10 kB	2023-12-10	2024-04-27
Pretty URL live-khl.ru/page-49e139d4.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-27 19:20:32 Times Seen119 Hash 6ccaefefec5a957c2d80fe5f97c8098b bf1eda880c524c21f78ff0424592f81fba4214ab 65659681146410adb22da9de126db5da27eb6032631d55c1c2bedebabd8e8f5f Loading...

	live-khl.ru/pageSignQR-55e34e76.js	5.6 kB	2023-12-10	2024-04-27
Pretty URL live-khl.ru/pageSignQR-55e34e76.js IP 172.67.178.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-10 02:45:21 Last Seen2024-04-27 19:20:32 Times Seen78 Hash 908a426b097ed038bf16088bb70c4d0a 51b080072f896e324ba8a2229e9303364354326d 96e7ecf00e95236690fe564fcef37e9a3f856d7731085dd856eec61a50720216 Loading...

HTTP Transactions (30)

URL IP Response Size

live-khl.ru/index-cfdc21d6.js

172.67.178.173

200 OK

55 kB

URL GET HTTP/3
live-khl.ru/index-cfdc21d6.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63446), with no line terminators
Size
55 kB (54937 bytes)
Hash
b3d5a2ad3709be85496ff7bf21b81728
cee23339eb4a73bacc995772c52bd493ad6e8d00
858cc0f508d585d657f441da3bf3a1d81dbdb6e7c5ebbb8b98e0138a1b76c585

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-cfdc21d6.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: application/javascript
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nEeiTsU7SRU7WItva83v%2Fyoh1k07JMfrgG4HYN4KWBjcMHHPd2vNyXZriONLIZkb8QftlCL33hyaLfV7e7ARhS69zKz6eiiaNT3kvPIUIQowum%2FxXFifi872%2F05SJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16a9acef92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/jquery.min.js

172.67.178.173

200 OK

41 kB

URL GET HTTP/3
live-khl.ru/asset/jquery.min.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
41 kB (41285 bytes)
Hash
1db92b83313d6fbaf76fd364688c8e6c
90c3cf0d1af00de7424a6b4b8f7f41b1200d3964
3ca4587ad13382ba7ede987f96682cc928589f037b1403fb43bd8ffc430809da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/jquery.min.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:10:36 GMT
etag: W/"16182-60bea5af51c2f-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2667
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cAuMBRm%2Bn9fgPqDJWJ8jX%2B9C7kT8lJY3qiIy2UNiGcF68AfoVhDMO7cJ%2BC1%2F3Htdu7FAui2GnbUcZMF1%2B6WLaDSYEoh0fvBNsFhdCW8frtUtfSKpeXsoXJr3JlK20w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16a9acf692d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/lang-9ff1b05a.js

172.67.178.173

200 OK

39 kB

URL GET HTTP/3
live-khl.ru/lang-9ff1b05a.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
Unicode text, UTF-8 text, with very long lines (14604)
Size
39 kB (38622 bytes)
Hash
4230df4a8128c30f22af1783386cae6f
a5716da6085a7a07fc430f3f410bb36c9e54ac34
52113907183285220d884b4a99c8ee805b977e6b0039992d95005db0988187e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lang-9ff1b05a.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"18fbc-60bea755021cb-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qh%2BMedf7rkmFw%2B3WVucll1OXY8Ify0hzla3ueToDiaD1WSCSgDxEbX%2BX3Dji7hwQp5NDvGyAF38AnB7MgMxEYC7JUbizE0jY3Nk0WKtwHjB198bNBRYvBsz6%2FfJaEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16ad1b7992d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/countries-5301fc59.js

172.67.178.173

200 OK

10 kB

URL GET HTTP/3
live-khl.ru/countries-5301fc59.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
Unicode text, UTF-8 text, with very long lines (24043)
Size
10 kB (10250 bytes)
Hash
dff89d22ad674afafcc150af3a75d51f
3e103a40939f3e33f2ed2d2ac340dbd049b8dca1
7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /countries-5301fc59.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:56 GMT
etag: W/"5e21-60bea7533cffa-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUN24JRhh%2BDwyBPsf33PvZDS7PpSvdEzYWqE62QGFLreeb9EfRKRJUlCwZU6RcJaD0%2BZ%2B7APDAaIKG93G65chNK%2BFmKzIYAC1zTp1TFf4Xn1F5%2B1hXHwG4CqLdq5aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16ad1b7d92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/ball/auth

172.67.178.173

200 OK

14 kB

URL User Request GET HTTP/2
live-khl.ru/ball/auth
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
HTML document, ASCII text, with very long lines (1757)
Size
14 kB (13710 bytes)
Hash
d81cb17c6ca692cce341c509d5ec57cc
39fee452e599617961a264e2c53349afe08846cb
ca911752ea5025c6a56d55637663ab5821d42ec5baf6be205ffa9a62025252ec

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ball/auth HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aDSbO8sh4TdMO1%2FRAWw2sXUd6%2BE%2FFc8n%2BqK5Ykj0%2FLZMTSLR1o8kGbNAgkpOObdMeY%2F5lZNlkbRPAWWCCwvY7E5qq6H2hbPm814WZSz27253C%2FBCk5P%2BbYfdSDQUjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16a78a0b9300-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

live-khl.ru/asset/img/favicon-16x16.png?v=jw3mK7G9Ry

172.67.178.173

200 OK

1.0 kB

URL GET HTTP/3
live-khl.ru/asset/img/favicon-16x16.png?v=jw3mK7G9Ry
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.0 kB (1012 bytes)
Hash
e3ce05eb00b3215df220efaf0fd06e21
d1533966f79dc2984c34317035f31cf3c91298c9
0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: image/png
content-length: 1012
last-modified: Thu, 07 Dec 2023 12:00:12 GMT
etag: "3f4-60bea35c583a7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2FRE%2B5JiQIFpeXJA%2FHUO9%2BbZhnO%2BzbfRPI7w%2FRbVpcSX8dr7egEPzVQjfOs47rXsOtxAPz5kqLu65JKYwa%2BVraNrHZHzFN4HwQwF%2FJnDN8cdLM5p1W4%2B6C6RrzazHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16aeaeb392d6-CPH
alt-svc: h3=":443"; ma=86400

live-khl.ru/textToSvgURL-c6ebb454.js

172.67.178.173

200 OK

29 kB

URL GET HTTP/3
live-khl.ru/textToSvgURL-c6ebb454.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (306)
Size
29 kB (28895 bytes)
Hash
db363d8053c3aa976b2e2162860d6932
fef1a8b065868caacf63184d97c10aaf10ec6a28
62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:01 GMT
etag: W/"165-60bea757c61a2-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lCtnR36%2Fssp7IUXGTnBfZemEtand%2B%2BxDuHiqMXa27vNOZZ0ZderlqAGjmtRjJRRUNqe62sqzHuVi7bfjI%2Bx6RMde5sLb9040Bgn19qKCF2WtOLOJ79VINvZvoA%2B3zA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecf1092d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/
Content-Length: 0
Origin: https://live-khl.ru
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

venus.web.telegram.org/apiw1

149.154.167.99

169 B

URL
venus.web.telegram.org/apiw1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/
Content-Length: 0
Origin: https://live-khl.ru
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
server: nginx/1.18.0
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: N7ZFzjpL4hiGj+yksRZZoA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 17:20:56 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: C5GCwsRn+O4PIV2kb/pQYHNks2w=
Sec-WebSocket-Protocol: binary

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jS89eDQM/BZM9VvrSZYQ4g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 17:20:57 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rTqUiZRJh2PeUKIBQQPoJgg5fgg=
Sec-WebSocket-Protocol: binary

live-khl.ru/putPreloader-ae29ef38.js

172.67.178.173

200 OK

595 B

URL GET HTTP/3
live-khl.ru/putPreloader-ae29ef38.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (394)
Size
595 B (595 bytes)
Hash
259f536476625e11ffe9d1f10e96e242
78be832ca3954ee6c4cadec81a4ddb54650843a0
34e349140e7a6b3a220786219a85623d17cd6ad2c1239c1554a581ba7c72307c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /putPreloader-ae29ef38.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"2bb-60bea756c351c-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fIzPQEESV8mpTi1avTQxfpa59fX4OG0GZtInrq8pW0uLKrEksy7n%2B0ks3rsxAClZHKBVyK5tTNv9Q4qZ1N775ntyDYfHZPk%2BCbzWVzoFPcOxD%2BBn%2FhJYw7KfBjM73w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecf0e92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DCzfNXeN4CzPJTuyYg0pKA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 17:20:57 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wl2kd8j+DN14cQBYUJmRbDE/e2I=
Sec-WebSocket-Protocol: binary

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FXWul7otMRrTQHk0q4dGdw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 17:20:57 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: P5poz9IR0ik5o9N/76BPyrwcMLw=
Sec-WebSocket-Protocol: binary

live-khl.ru/page-49e139d4.js

172.67.178.173

200 OK

13 kB

URL GET HTTP/3
live-khl.ru/page-49e139d4.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (10193)
Size
13 kB (13325 bytes)
Hash
6ccaefefec5a957c2d80fe5f97c8098b
bf1eda880c524c21f78ff0424592f81fba4214ab
65659681146410adb22da9de126db5da27eb6032631d55c1c2bedebabd8e8f5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /page-49e139d4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:59 GMT
etag: W/"27fc-60bea755a62ba-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBIyy%2FzqEKRjpIYecx1YKvvxzFCIs%2BNWq9NxQifq1ssFNyfMB6oNWDYE69Ifh7ubSX5j2NzjRWPUzmz2EXuJSRYNOZuMXL9F6BqBRy2w1oj5sVccWSM6JSSHOhLBBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecf0092d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/img/logo_padded.svg

172.67.178.173

200 OK

9.9 kB

URL GET HTTP/3
live-khl.ru/asset/img/logo_padded.svg
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
SVG Scalable Vector Graphics image
Size
9.9 kB (9906 bytes)
Hash
256adedc8580ce9d3e5d41bb6467a8e2
b1dd7a21d38aeabac25762e7c0587f82fd40274a
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/img/logo_padded.svg HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:59 GMT
content-type: image/svg+xml
last-modified: Thu, 07 Dec 2023 12:00:14 GMT
etag: W/"42d-60bea35daff83"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jekhWKarxDdSbnFnoAj%2BEJdcwWTcsEBczxIrXrwgOInDZ0CysGGVgK4Tc%2FSXqPNN82W%2F%2BFlcqXlzzSM5W%2BaGqohnLh1iSO%2FG8oC%2FCaG2uTR%2FZm1oF%2Bf%2FAiGbvuI4MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16bcdbc292d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/button-1a8a4b7d.js

172.67.178.173

200 OK

32 kB

URL GET HTTP/3
live-khl.ru/button-1a8a4b7d.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (8465)
Size
32 kB (32244 bytes)
Hash
db2fcb1faf0ad3210f38a9dbeffebfbf
a248f132d7662f64581bbd4a05756283345b6261
c8fff421d8b23fd9ddbf046f1c63d411ab15ee745fadc28bf1851d156514fae8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /button-1a8a4b7d.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:56 GMT
etag: W/"213e-60bea753016e0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Brtj1%2BdkJntIPIQxGCcCBjqN97UGAGIWmUrK9DLSz4apsyi6F9cuwDdc9Sow1WYEqrVzO7CRdBURdw4MDJBxNsOkE1ROpq5oAgRz%2ByN5XsVdWk5NB5OrxkD%2F8FIhDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecf0492d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/page-49e139d4.js

172.67.178.173

200 OK

14 kB

URL GET HTTP/3
live-khl.ru/page-49e139d4.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (10193)
Size
14 kB (14023 bytes)
Hash
6ccaefefec5a957c2d80fe5f97c8098b
bf1eda880c524c21f78ff0424592f81fba4214ab
65659681146410adb22da9de126db5da27eb6032631d55c1c2bedebabd8e8f5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /page-49e139d4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/pageSignQR-55e34e76.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:59 GMT
etag: W/"27fc-60bea755a62ba-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CCsLi9grXVjFc1AMBxZmwzSkcY1QJPGbr59%2FrIrajADN2d8w0CdXE3HQpHk7LlloGMqKfjC9oyRGIDcJ2yZ0Al%2FqJ21UP5Juob55Jmz0zshLKmts%2BRAE1J5S0ebmbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16af481692d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/crypto.worker-b2b2021e.js

172.67.178.173

200 OK

69 kB

URL GET HTTP/3
live-khl.ru/crypto.worker-b2b2021e.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
69 kB (68845 bytes)
Hash
061a201747d764fcd611ff886b2b27ef
d0fbcab1a5c52c5c38f46b2ed048cf8637716686
58fafa3a075d804360271b6b081e9c3c46ba344659ef3cb10d5561afc1147448

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /crypto.worker-b2b2021e.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:57 GMT
etag: W/"10ced-60bea75382553-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zlgwQ5Jnfe%2BFIfYEG0lliXDVwjS%2BoTvK9mR90BnqIL6CuGQEyLRa7%2Fo5SL1ziUopqj6SJWLnOJDHpi2ZEj8IzhKe7mwhThlYJkP%2BIKBe4qEzy4jMKznaRmouc8Umpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aceb2b92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/langSign-66e8939d.js

172.67.178.173

200 OK

1.6 kB

URL GET HTTP/3
live-khl.ru/langSign-66e8939d.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (1751), with no line terminators
Size
1.6 kB (1646 bytes)
Hash
0d55451ee39b2aa034b815696a9b13ad
6144047d9652181c02b1e107703a9851ba5838ae
6efafb0c9358c1754c8d06ee1049bae36ff61108eb534f6c79a94d8b62f5b8f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /langSign-66e8939d.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"66e-60bea755263e7-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hP2l1XaIdE84sskPbYGpR6BGeeZAYXz20C%2B6X8LduSWfc7E6Efpgww89i%2BgH7RzxCshfhpXbi16MOkz9WW1baL%2BTgFEGrSUGw8mkiFRp0SR721aTPlOxErbY7UV6SA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16ad1b7a92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/pageSignQR-55e34e76.js

172.67.178.173

200 OK

5.6 kB

URL GET HTTP/3
live-khl.ru/pageSignQR-55e34e76.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (5762), with no line terminators
Size
5.6 kB (5585 bytes)
Hash
f83ba728a3431f8dc5ad3630071aebbb
7b4322b87b21a92f98fd468edd5e86a675ac492e
fdeef2c5c3478ee3d6d9f22fe492369bae1137e804e8048219633bb504d2633c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pageSignQR-55e34e76.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"15d1-60bea7564f1c9-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zzw1LmsbCLg451yT0QSYkLYeLtJpJrNo2Ca43yt59b9kd0ybwpwt2t3EdC6K1b%2BUeZcLYbQKiOwyLn8lfeGainbvbEoNLs8X8UDPak9ZRfZsLQ5RBTZWOF0DNjLltg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aedf1392d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

172.67.178.173

200 OK

11 kB

URL GET HTTP/3
live-khl.ru/asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-91acc02b.css
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 07 Dec 2023 12:00:17 GMT
etag: "2b30-60bea360ae8d4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2BWyBf4QjNyH8NViRUSJ0ZTdfgot0r9Xr2eCn52H734pWGyN%2FrfSJ2wqj7pNOgujYFsKF5c5c2%2BcAFB8Mmz4%2BRTES1v7EDIn1MiuGOFS%2B2U4poBym%2FxHq6zUZCKFbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16b1acd392d6-CPH
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

172.67.178.173

200 OK

11 kB

URL GET HTTP/3
live-khl.ru/asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-91acc02b.css
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 07 Dec 2023 12:00:17 GMT
etag: "2b08-60bea3608c5f8"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2663
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QOSB1%2FakFT7aTLinCVav9xiU7TrIKficxai4CFrak5dDa%2BVw5VyyF2e7YiFYpdJpTRrTE7%2FG9XYyjMLAFQnrpwXY4XNlkyzMs0bQi6hLZ9xae%2B1HG7GQ1J02efvz1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16acdb1192d6-CPH
alt-svc: h3=":443"; ma=86400

live-khl.ru/qr-code-styling-8a04fb73.js

172.67.178.173

200 OK

66 kB

URL GET HTTP/3
live-khl.ru/qr-code-styling-8a04fb73.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type

Size
66 kB (66217 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-8a04fb73.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/pageSignQR-55e34e76.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"102a9-60bea756f2318-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BDzv9mEiTr4j5J458p6qxoidSiZEcfbjRG3pZsLDLmTTKgxD5IiUHGQ27fjdhMFgZ8vXNYBvmcXHGSqB28t4gA1xoUa0CvAvbIwXDlwfYBYWIoQ7Fh8DqpULlitT%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16afb8d092d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/_commonjsHelpers-725317a4.js

172.67.178.173

200 OK

290 B

URL GET HTTP/3
live-khl.ru/_commonjsHelpers-725317a4.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (302), with no line terminators
Size
290 B (290 bytes)
Hash
3fb939d07fab69f5a0ad5db75c79a87f
2fcb8f40614f577982a15551a4d00b06deeea3fd
17f7485908469fb755abc429df99392b299c396fa52b327f68ef0c31a1bb81e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_commonjsHelpers-725317a4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/qr-code-styling-8a04fb73.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:55 GMT
etag: W/"122-60bea75216158-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BtdUPPjhWJcRJ0%2B9wfMWrY4imyQLeLRJuxMNKp4SoTUDmr3iJQ06zalvqKXQ7f%2FG3j%2FCyecOhje45U0ktc6Z9TmMlKeu2kxcMudaP4i22rRVrLwLkLOGG7waHO%2BF6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16b0aaaa92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/_commonjsHelpers-725317a4.js

172.67.178.173

200 OK

290 B

URL GET HTTP/3
live-khl.ru/_commonjsHelpers-725317a4.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (302), with no line terminators
Size
290 B (290 bytes)
Hash
3fb939d07fab69f5a0ad5db75c79a87f
2fcb8f40614f577982a15551a4d00b06deeea3fd
17f7485908469fb755abc429df99392b299c396fa52b327f68ef0c31a1bb81e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_commonjsHelpers-725317a4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:55 GMT
etag: W/"122-60bea75216158-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOXEu0XK4T6u%2FoQCPh0GpFVJ3SG7wxkU6xdESA7OWtcvi5T3KWDcuTpQhCjg8K98S6aAbuegOYl6ZMynEvD1UNlA68gSms2myNdphdj2dZvOVzYIYIXs2kq4IjT0IA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16afa8c592d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/qr-code-styling-8a04fb73.js

172.67.178.173

200 OK

66 kB

URL GET HTTP/3
live-khl.ru/qr-code-styling-8a04fb73.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type

Size
66 kB (66217 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qr-code-styling-8a04fb73.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"102a9-60bea756f2318-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6TRzG%2FJCcMQGK3kZDz9NAe92md32gw1H3xMBV41VI9hXXY7Angb1U3X%2BH5RAdtUh7ROanmUTO26RaWT5zBsy4XN84oeGmdMZcqUbjcMVUi3dBCWecQ4I8AugAE%2F%2FPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16afa8c092d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/index-91acc02b.css

172.67.178.173

200 OK

425 kB

URL GET HTTP/3
live-khl.ru/index-91acc02b.css
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type

Size
425 kB (425367 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index-91acc02b.css HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/css
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"67d97-60bea754e4d0e-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2667
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MwsamgwQFdmFWoW808OUZq4gJFiKHp3dfaBUIyjhONVJe0x2sMYoszcfd%2FGTAJLnZ8gi%2FTgKPbgqDLQVNxtUcCRxereC0sYS3GXobG8wvvC3eQcDCz2TQVABJBXyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16a9acfa92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/pageSignQR-55e34e76.js

172.67.178.173

200 OK

5.6 kB

URL GET HTTP/3
live-khl.ru/pageSignQR-55e34e76.js
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
ASCII text, with very long lines (5762), with no line terminators
Size
5.6 kB (5585 bytes)
Hash
f83ba728a3431f8dc5ad3630071aebbb
7b4322b87b21a92f98fd468edd5e86a675ac492e
fdeef2c5c3478ee3d6d9f22fe492369bae1137e804e8048219633bb504d2633c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pageSignQR-55e34e76.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"15d1-60bea7564f1c9-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BCSJ6syeRC7%2BAecYREvlodysf0LMOUh2PQc5vgTOJLIPEn1Lx87WY5aGovHG0sQXgENCvC%2FWnG%2Bf9Ws2LVzgHQ53aByYaMEvFc06DqYCogVObTlB928u2JwsMLDMMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecefc92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

live-khl.ru/asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry

172.67.178.173

200 OK

9.0 kB

URL GET HTTP/3
live-khl.ru/asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry
IP
172.67.178.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://live-khl.ru/ball/auth
Certificate
IssuerGoogle Trust Services LLC
Subjectlive-khl.ru
Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79
ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
9.0 kB (9024 bytes)
Hash
87fecdadac0beb95f9b7c87b3b3236f0
822f92446c0033a32462aa21208efaef1f0d8c3c
25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: image/png
content-length: 9024
last-modified: Thu, 07 Dec 2023 12:00:13 GMT
etag: "2340-60bea35cf4797"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1783
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zjjp6y1InvpMST3ePmlvrDYEm6k%2B%2Bs3mTcVSffP8SUiQGBibnzWAdjz4d4jUPgtUutwOm2I8xN56oAQwMipgdeFAEDg0fWHavC5khs9bL1qg0%2F%2FSEL80gbLnSaICAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16aeaeb092d6-CPH
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML