| live-khl.ru/index-cfdc21d6.js | 172.67.178.173 | 200 OK | 55 kB |
URL GET HTTP/3live-khl.ru/index-cfdc21d6.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (63446), with no line terminators Hashb3d5a2ad3709be85496ff7bf21b81728 cee23339eb4a73bacc995772c52bd493ad6e8d00 858cc0f508d585d657f441da3bf3a1d81dbdb6e7c5ebbb8b98e0138a1b76c585
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index-cfdc21d6.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: application/javascript
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nEeiTsU7SRU7WItva83v%2Fyoh1k07JMfrgG4HYN4KWBjcMHHPd2vNyXZriONLIZkb8QftlCL33hyaLfV7e7ARhS69zKz6eiiaNT3kvPIUIQowum%2FxXFifi872%2F05SJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16a9acef92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/asset/jquery.min.js | 172.67.178.173 | 200 OK | 41 kB |
URL GET HTTP/3live-khl.ru/asset/jquery.min.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash1db92b83313d6fbaf76fd364688c8e6c 90c3cf0d1af00de7424a6b4b8f7f41b1200d3964 3ca4587ad13382ba7ede987f96682cc928589f037b1403fb43bd8ffc430809da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /asset/jquery.min.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:10:36 GMT
etag: W/"16182-60bea5af51c2f-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2667
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cAuMBRm%2Bn9fgPqDJWJ8jX%2B9C7kT8lJY3qiIy2UNiGcF68AfoVhDMO7cJ%2BC1%2F3Htdu7FAui2GnbUcZMF1%2B6WLaDSYEoh0fvBNsFhdCW8frtUtfSKpeXsoXJr3JlK20w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16a9acf692d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/lang-9ff1b05a.js | 172.67.178.173 | 200 OK | 39 kB |
URL GET HTTP/3live-khl.ru/lang-9ff1b05a.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeUnicode text, UTF-8 text, with very long lines (14604) Hash4230df4a8128c30f22af1783386cae6f a5716da6085a7a07fc430f3f410bb36c9e54ac34 52113907183285220d884b4a99c8ee805b977e6b0039992d95005db0988187e0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lang-9ff1b05a.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"18fbc-60bea755021cb-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qh%2BMedf7rkmFw%2B3WVucll1OXY8Ify0hzla3ueToDiaD1WSCSgDxEbX%2BX3Dji7hwQp5NDvGyAF38AnB7MgMxEYC7JUbizE0jY3Nk0WKtwHjB198bNBRYvBsz6%2FfJaEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16ad1b7992d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/countries-5301fc59.js | 172.67.178.173 | 200 OK | 10 kB |
URL GET HTTP/3live-khl.ru/countries-5301fc59.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeUnicode text, UTF-8 text, with very long lines (24043) Hashdff89d22ad674afafcc150af3a75d51f 3e103a40939f3e33f2ed2d2ac340dbd049b8dca1 7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /countries-5301fc59.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:56 GMT
etag: W/"5e21-60bea7533cffa-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUN24JRhh%2BDwyBPsf33PvZDS7PpSvdEzYWqE62QGFLreeb9EfRKRJUlCwZU6RcJaD0%2BZ%2B7APDAaIKG93G65chNK%2BFmKzIYAC1zTp1TFf4Xn1F5%2B1hXHwG4CqLdq5aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16ad1b7d92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 172.67.178.173 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP172.67.178.173:443
CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeHTML document, ASCII text, with very long lines (1757) Hashd81cb17c6ca692cce341c509d5ec57cc 39fee452e599617961a264e2c53349afe08846cb ca911752ea5025c6a56d55637663ab5821d42ec5baf6be205ffa9a62025252ec
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram | Quad9 DNS | malicious | Sinkholed |
GET /ball/auth HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aDSbO8sh4TdMO1%2FRAWw2sXUd6%2BE%2FFc8n%2BqK5Ykj0%2FLZMTSLR1o8kGbNAgkpOObdMeY%2F5lZNlkbRPAWWCCwvY7E5qq6H2hbPm814WZSz27253C%2FBCk5P%2BbYfdSDQUjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16a78a0b9300-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| live-khl.ru/asset/img/favicon-16x16.png?v=jw3mK7G9Ry | 172.67.178.173 | 200 OK | 1.0 kB |
URL GET HTTP/3live-khl.ru/asset/img/favicon-16x16.png?v=jw3mK7G9Ry IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashe3ce05eb00b3215df220efaf0fd06e21 d1533966f79dc2984c34317035f31cf3c91298c9 0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /asset/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: image/png
content-length: 1012
last-modified: Thu, 07 Dec 2023 12:00:12 GMT
etag: "3f4-60bea35c583a7"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2FRE%2B5JiQIFpeXJA%2FHUO9%2BbZhnO%2BzbfRPI7w%2FRbVpcSX8dr7egEPzVQjfOs47rXsOtxAPz5kqLu65JKYwa%2BVraNrHZHzFN4HwQwF%2FJnDN8cdLM5p1W4%2B6C6RrzazHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16aeaeb392d6-CPH
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/textToSvgURL-c6ebb454.js | 172.67.178.173 | 200 OK | 29 kB |
URL GET HTTP/3live-khl.ru/textToSvgURL-c6ebb454.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (306) Hashdb363d8053c3aa976b2e2162860d6932 fef1a8b065868caacf63184d97c10aaf10ec6a28 62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /textToSvgURL-c6ebb454.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:01 GMT
etag: W/"165-60bea757c61a2-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lCtnR36%2Fssp7IUXGTnBfZemEtand%2B%2BxDuHiqMXa27vNOZZ0ZderlqAGjmtRjJRRUNqe62sqzHuVi7bfjI%2Bx6RMde5sLb9040Bgn19qKCF2WtOLOJ79VINvZvoA%2B3zA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecf1092d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/
Content-Length: 0
Origin: https://live-khl.ru
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/
Content-Length: 0
Origin: https://live-khl.ru
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: N7ZFzjpL4hiGj+yksRZZoA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 17:20:56 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: C5GCwsRn+O4PIV2kb/pQYHNks2w=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jS89eDQM/BZM9VvrSZYQ4g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 17:20:57 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rTqUiZRJh2PeUKIBQQPoJgg5fgg=
Sec-WebSocket-Protocol: binary
|
|
| live-khl.ru/putPreloader-ae29ef38.js | 172.67.178.173 | 200 OK | 595 B |
URL GET HTTP/3live-khl.ru/putPreloader-ae29ef38.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (394) Hash259f536476625e11ffe9d1f10e96e242 78be832ca3954ee6c4cadec81a4ddb54650843a0 34e349140e7a6b3a220786219a85623d17cd6ad2c1239c1554a581ba7c72307c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /putPreloader-ae29ef38.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"2bb-60bea756c351c-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fIzPQEESV8mpTi1avTQxfpa59fX4OG0GZtInrq8pW0uLKrEksy7n%2B0ks3rsxAClZHKBVyK5tTNv9Q4qZ1N775ntyDYfHZPk%2BCbzWVzoFPcOxD%2BBn%2FhJYw7KfBjM73w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecf0e92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DCzfNXeN4CzPJTuyYg0pKA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 17:20:57 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wl2kd8j+DN14cQBYUJmRbDE/e2I=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://live-khl.ru
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FXWul7otMRrTQHk0q4dGdw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 17:20:57 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: P5poz9IR0ik5o9N/76BPyrwcMLw=
Sec-WebSocket-Protocol: binary
|
|
| live-khl.ru/page-49e139d4.js | 172.67.178.173 | 200 OK | 13 kB |
URL GET HTTP/3live-khl.ru/page-49e139d4.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (10193) Hash6ccaefefec5a957c2d80fe5f97c8098b bf1eda880c524c21f78ff0424592f81fba4214ab 65659681146410adb22da9de126db5da27eb6032631d55c1c2bedebabd8e8f5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /page-49e139d4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:59 GMT
etag: W/"27fc-60bea755a62ba-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBIyy%2FzqEKRjpIYecx1YKvvxzFCIs%2BNWq9NxQifq1ssFNyfMB6oNWDYE69Ifh7ubSX5j2NzjRWPUzmz2EXuJSRYNOZuMXL9F6BqBRy2w1oj5sVccWSM6JSSHOhLBBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecf0092d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/asset/img/logo_padded.svg | 172.67.178.173 | 200 OK | 9.9 kB |
URL GET HTTP/3live-khl.ru/asset/img/logo_padded.svg IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeSVG Scalable Vector Graphics image Hash256adedc8580ce9d3e5d41bb6467a8e2 b1dd7a21d38aeabac25762e7c0587f82fd40274a eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /asset/img/logo_padded.svg HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:59 GMT
content-type: image/svg+xml
last-modified: Thu, 07 Dec 2023 12:00:14 GMT
etag: W/"42d-60bea35daff83"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jekhWKarxDdSbnFnoAj%2BEJdcwWTcsEBczxIrXrwgOInDZ0CysGGVgK4Tc%2FSXqPNN82W%2F%2BFlcqXlzzSM5W%2BaGqohnLh1iSO%2FG8oC%2FCaG2uTR%2FZm1oF%2Bf%2FAiGbvuI4MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16bcdbc292d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/button-1a8a4b7d.js | 172.67.178.173 | 200 OK | 32 kB |
URL GET HTTP/3live-khl.ru/button-1a8a4b7d.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (8465) Hashdb2fcb1faf0ad3210f38a9dbeffebfbf a248f132d7662f64581bbd4a05756283345b6261 c8fff421d8b23fd9ddbf046f1c63d411ab15ee745fadc28bf1851d156514fae8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /button-1a8a4b7d.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:56 GMT
etag: W/"213e-60bea753016e0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Brtj1%2BdkJntIPIQxGCcCBjqN97UGAGIWmUrK9DLSz4apsyi6F9cuwDdc9Sow1WYEqrVzO7CRdBURdw4MDJBxNsOkE1ROpq5oAgRz%2ByN5XsVdWk5NB5OrxkD%2F8FIhDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecf0492d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/page-49e139d4.js | 172.67.178.173 | 200 OK | 14 kB |
URL GET HTTP/3live-khl.ru/page-49e139d4.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (10193) Hash6ccaefefec5a957c2d80fe5f97c8098b bf1eda880c524c21f78ff0424592f81fba4214ab 65659681146410adb22da9de126db5da27eb6032631d55c1c2bedebabd8e8f5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /page-49e139d4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/pageSignQR-55e34e76.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:59 GMT
etag: W/"27fc-60bea755a62ba-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CCsLi9grXVjFc1AMBxZmwzSkcY1QJPGbr59%2FrIrajADN2d8w0CdXE3HQpHk7LlloGMqKfjC9oyRGIDcJ2yZ0Al%2FqJ21UP5Juob55Jmz0zshLKmts%2BRAE1J5S0ebmbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16af481692d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/crypto.worker-b2b2021e.js | 172.67.178.173 | 200 OK | 69 kB |
URL GET HTTP/3live-khl.ru/crypto.worker-b2b2021e.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash061a201747d764fcd611ff886b2b27ef d0fbcab1a5c52c5c38f46b2ed048cf8637716686 58fafa3a075d804360271b6b081e9c3c46ba344659ef3cb10d5561afc1147448
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /crypto.worker-b2b2021e.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:57 GMT
etag: W/"10ced-60bea75382553-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zlgwQ5Jnfe%2BFIfYEG0lliXDVwjS%2BoTvK9mR90BnqIL6CuGQEyLRa7%2Fo5SL1ziUopqj6SJWLnOJDHpi2ZEj8IzhKe7mwhThlYJkP%2BIKBe4qEzy4jMKznaRmouc8Umpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aceb2b92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/langSign-66e8939d.js | 172.67.178.173 | 200 OK | 1.6 kB |
URL GET HTTP/3live-khl.ru/langSign-66e8939d.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (1751), with no line terminators Hash0d55451ee39b2aa034b815696a9b13ad 6144047d9652181c02b1e107703a9851ba5838ae 6efafb0c9358c1754c8d06ee1049bae36ff61108eb534f6c79a94d8b62f5b8f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /langSign-66e8939d.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"66e-60bea755263e7-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hP2l1XaIdE84sskPbYGpR6BGeeZAYXz20C%2B6X8LduSWfc7E6Efpgww89i%2BgH7RzxCshfhpXbi16MOkz9WW1baL%2BTgFEGrSUGw8mkiFRp0SR721aTPlOxErbY7UV6SA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16ad1b7a92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/pageSignQR-55e34e76.js | 172.67.178.173 | 200 OK | 5.6 kB |
URL GET HTTP/3live-khl.ru/pageSignQR-55e34e76.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (5762), with no line terminators Hashf83ba728a3431f8dc5ad3630071aebbb 7b4322b87b21a92f98fd468edd5e86a675ac492e fdeef2c5c3478ee3d6d9f22fe492369bae1137e804e8048219633bb504d2633c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pageSignQR-55e34e76.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-cfdc21d6.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"15d1-60bea7564f1c9-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zzw1LmsbCLg451yT0QSYkLYeLtJpJrNo2Ca43yt59b9kd0ybwpwt2t3EdC6K1b%2BUeZcLYbQKiOwyLn8lfeGainbvbEoNLs8X8UDPak9ZRfZsLQ5RBTZWOF0DNjLltg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aedf1392d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 172.67.178.173 | 200 OK | 11 kB |
URL GET HTTP/3live-khl.ru/asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /asset/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-91acc02b.css
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: font/woff2
content-length: 11056
last-modified: Thu, 07 Dec 2023 12:00:17 GMT
etag: "2b30-60bea360ae8d4"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2BWyBf4QjNyH8NViRUSJ0ZTdfgot0r9Xr2eCn52H734pWGyN%2FrfSJ2wqj7pNOgujYFsKF5c5c2%2BcAFB8Mmz4%2BRTES1v7EDIn1MiuGOFS%2B2U4poBym%2FxHq6zUZCKFbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16b1acd392d6-CPH
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 | 172.67.178.173 | 200 OK | 11 kB |
URL GET HTTP/3live-khl.ru/asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /asset/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/index-91acc02b.css
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 07 Dec 2023 12:00:17 GMT
etag: "2b08-60bea3608c5f8"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2663
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QOSB1%2FakFT7aTLinCVav9xiU7TrIKficxai4CFrak5dDa%2BVw5VyyF2e7YiFYpdJpTRrTE7%2FG9XYyjMLAFQnrpwXY4XNlkyzMs0bQi6hLZ9xae%2B1HG7GQ1J02efvz1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16acdb1192d6-CPH
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/qr-code-styling-8a04fb73.js | 172.67.178.173 | 200 OK | 66 kB |
URL GET HTTP/3live-khl.ru/qr-code-styling-8a04fb73.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-8a04fb73.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/pageSignQR-55e34e76.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"102a9-60bea756f2318-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BDzv9mEiTr4j5J458p6qxoidSiZEcfbjRG3pZsLDLmTTKgxD5IiUHGQ27fjdhMFgZ8vXNYBvmcXHGSqB28t4gA1xoUa0CvAvbIwXDlwfYBYWIoQ7Fh8DqpULlitT%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16afb8d092d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/_commonjsHelpers-725317a4.js | 172.67.178.173 | 200 OK | 290 B |
URL GET HTTP/3live-khl.ru/_commonjsHelpers-725317a4.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (302), with no line terminators Hash3fb939d07fab69f5a0ad5db75c79a87f 2fcb8f40614f577982a15551a4d00b06deeea3fd 17f7485908469fb755abc429df99392b299c396fa52b327f68ef0c31a1bb81e6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-725317a4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/qr-code-styling-8a04fb73.js
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:55 GMT
etag: W/"122-60bea75216158-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BtdUPPjhWJcRJ0%2B9wfMWrY4imyQLeLRJuxMNKp4SoTUDmr3iJQ06zalvqKXQ7f%2FG3j%2FCyecOhje45U0ktc6Z9TmMlKeu2kxcMudaP4i22rRVrLwLkLOGG7waHO%2BF6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16b0aaaa92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/_commonjsHelpers-725317a4.js | 172.67.178.173 | 200 OK | 290 B |
URL GET HTTP/3live-khl.ru/_commonjsHelpers-725317a4.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (302), with no line terminators Hash3fb939d07fab69f5a0ad5db75c79a87f 2fcb8f40614f577982a15551a4d00b06deeea3fd 17f7485908469fb755abc429df99392b299c396fa52b327f68ef0c31a1bb81e6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_commonjsHelpers-725317a4.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:17:55 GMT
etag: W/"122-60bea75216158-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOXEu0XK4T6u%2FoQCPh0GpFVJ3SG7wxkU6xdESA7OWtcvi5T3KWDcuTpQhCjg8K98S6aAbuegOYl6ZMynEvD1UNlA68gSms2myNdphdj2dZvOVzYIYIXs2kq4IjT0IA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16afa8c592d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/qr-code-styling-8a04fb73.js | 172.67.178.173 | 200 OK | 66 kB |
URL GET HTTP/3live-khl.ru/qr-code-styling-8a04fb73.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /qr-code-styling-8a04fb73.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"102a9-60bea756f2318-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6TRzG%2FJCcMQGK3kZDz9NAe92md32gw1H3xMBV41VI9hXXY7Angb1U3X%2BH5RAdtUh7ROanmUTO26RaWT5zBsy4XN84oeGmdMZcqUbjcMVUi3dBCWecQ4I8AugAE%2F%2FPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16afa8c092d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/index-91acc02b.css | 172.67.178.173 | 200 OK | 425 kB |
URL GET HTTP/3live-khl.ru/index-91acc02b.css IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
Size425 kB (425367 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /index-91acc02b.css HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:55 GMT
content-type: text/css
last-modified: Thu, 07 Dec 2023 12:17:58 GMT
etag: W/"67d97-60bea754e4d0e-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2667
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MwsamgwQFdmFWoW808OUZq4gJFiKHp3dfaBUIyjhONVJe0x2sMYoszcfd%2FGTAJLnZ8gi%2FTgKPbgqDLQVNxtUcCRxereC0sYS3GXobG8wvvC3eQcDCz2TQVABJBXyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16a9acfa92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/pageSignQR-55e34e76.js | 172.67.178.173 | 200 OK | 5.6 kB |
URL GET HTTP/3live-khl.ru/pageSignQR-55e34e76.js IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typeASCII text, with very long lines (5762), with no line terminators Hashf83ba728a3431f8dc5ad3630071aebbb 7b4322b87b21a92f98fd468edd5e86a675ac492e fdeef2c5c3478ee3d6d9f22fe492369bae1137e804e8048219633bb504d2633c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pageSignQR-55e34e76.js HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live-khl.ru/ball/auth
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: text/javascript
last-modified: Thu, 07 Dec 2023 12:18:00 GMT
etag: W/"15d1-60bea7564f1c9-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BCSJ6syeRC7%2BAecYREvlodysf0LMOUh2PQc5vgTOJLIPEn1Lx87WY5aGovHG0sQXgENCvC%2FWnG%2Bf9Ws2LVzgHQ53aByYaMEvFc06DqYCogVObTlB928u2JwsMLDMMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875e16aecefc92d6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| live-khl.ru/asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry | 172.67.178.173 | 200 OK | 9.0 kB |
URL GET HTTP/3live-khl.ru/asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry IP172.67.178.173:443
Requested byhttps://live-khl.ru/ball/auth CertificateIssuerGoogle Trust Services LLC Subjectlive-khl.ru Fingerprint17:D6:DD:44:98:4B:A8:AD:42:84:C1:E9:99:F4:9D:7E:67:68:71:79 ValidityFri, 12 Apr 2024 11:32:57 GMT - Thu, 11 Jul 2024 11:32:56 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash87fecdadac0beb95f9b7c87b3b3236f0 822f92446c0033a32462aa21208efaef1f0d8c3c 25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /asset/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: live-khl.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live-khl.ru/ball/auth
Cookie: PHPSESSID=7a158a1brlqm0ecku6e41oa307
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:20:56 GMT
content-type: image/png
content-length: 9024
last-modified: Thu, 07 Dec 2023 12:00:13 GMT
etag: "2340-60bea35cf4797"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1783
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zjjp6y1InvpMST3ePmlvrDYEm6k%2B%2Bs3mTcVSffP8SUiQGBibnzWAdjz4d4jUPgtUutwOm2I8xN56oAQwMipgdeFAEDg0fWHavC5khs9bL1qg0%2F%2FSEL80gbLnSaICAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e16aeaeb092d6-CPH
alt-svc: h3=":443"; ma=86400
|
|