| takelipin.xyz/mgwemzpad?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 | 104.21.78.128 | | 0 B |
URL takelipin.xyz/mgwemzpad?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 IP104.21.78.128:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mgwemzpad?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 308 Permanent Redirect
date: Sun, 05 May 2024 13:03:04 GMT
content-length: 0
location: /mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Df5qLTjEgZmANXksxGTZ7e4hRx7wIawKCAJyVj1kGnsQYyJpOB4fl41z2uk7O5hU67y8mRl6CiOC6c%2BIqA0PRX2f5%2BYQrLQYf4oH6hfA7KHmAC73es7dQLhR5z9tXtMk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87f0edb46a180b3d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| takelipin.xyz/mgwemzpad/265da548e197cba99d3bf78b9213c512.static.png | 104.21.78.128 | 200 OK | 5.6 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/265da548e197cba99d3bf78b9213c512.static.png IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typePNG image data, 276 x 301, 8-bit colormap, non-interlaced Hash66271b99acf174bf87d903ffac88c5f5 69e67eb0440ff320c8603071207b43a95e90c2bb a2f084594e048fe1bf77c215f4c9447bb355584eb749dc8a5841a0c250ca9172
GET /mgwemzpad/265da548e197cba99d3bf78b9213c512.static.png HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:04 GMT
content-type: image/png
content-length: 5586
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "84225356887b29f14dc2bfe695304c4b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=08tbPuGllkmIl6ncLr8d0Oozd%2F0FzhpOjn73IsTBCSPqik2wLGcYr9ClovgwS8br6fhMwngT%2BMFUJO%2Br%2FEZ%2B2RxZUCEcjLSROU2%2BrMztVlZiqBUrM%2F5pKoDM8yEDrl2t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87f0edb73e77b4f1-OSL
alt-svc: h3=":443"; ma=86400
|
|
| takelipin.xyz/mgwemzpad/842e1399567c4538084da368204becbd.static.png | 104.21.78.128 | 200 OK | 106 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/842e1399567c4538084da368204becbd.static.png IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typePNG image data, 502 x 502, 8-bit/color RGBA, non-interlaced Size106 kB (105669 bytes) Hashe95a7fa2f35fb57f79da2b064c580834 48127e7c3b8024ba4a286485933a9813d4fb36e0 9ddb29d2aa21d1b7f4f2425c3a52e10218e8cec185a8ee22acfe475ed05d6288
GET /mgwemzpad/842e1399567c4538084da368204becbd.static.png HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:04 GMT
content-type: image/png
content-length: 105669
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "0e3a15c376441cfabf44e7e677be32c8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R0H9vP0fhxyzPd7HKzz%2F1zHqz%2Bh3vMX9Ru4hCIhQ5CQ6y9Z3hk4y53Z5rter2oXxQGJwTinSMmz3%2BIznENtdR%2FrKfGRgYcDeuAXsyYVLlhilTiABjC1fIIYIv%2FJG7yqD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87f0edb73e74b4f1-OSL
alt-svc: h3=":443"; ma=86400
|
|
| takelipin.xyz/mgwemzpad/173d7730df022d8bf5fcfa06d94c07fe.static.png | 104.21.78.128 | 200 OK | 4.1 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/173d7730df022d8bf5fcfa06d94c07fe.static.png IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typePNG image data, 531 x 531, 8-bit colormap, non-interlaced Hash61e96f37c5aba413bbd7c26543557eb3 3d85fe67cbb38bc11e65f1ffa5b8e5c7e6aa1bbb 3159983c76cc2b5499d241506504e9554bd13cc6f8b4ec8e26b2ce6b0d704d66
GET /mgwemzpad/173d7730df022d8bf5fcfa06d94c07fe.static.png HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:04 GMT
content-type: image/png
content-length: 4106
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "87b4b775f10daf6a032a41020308d848"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXauLRSJgIKWUDThUIaIKm9SrcVpjq1yP%2FrPAeD6c2qlr8EXxzMvt183ms%2FBjEc79sC2CKT77NA6q9KjTsmUsNhXrv%2FozCsnAenJLQEliJn3W8%2FF5OZYyC8ILetV16cK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87f0edb73e72b4f1-OSL
alt-svc: h3=":443"; ma=86400
|
|
| takelipin.xyz/mgwemzpad/8a3c7a902b8c4adf8a55cec0569ca06d.static.png | 104.21.78.128 | 200 OK | 169 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/8a3c7a902b8c4adf8a55cec0569ca06d.static.png IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typePNG image data, 533 x 363, 8-bit/color RGBA, non-interlaced Size169 kB (168989 bytes) Hash634f59e83aae6df6c034fa4a71118208 0984797c9b6a2a293d5f17a3acfae8eba895ca9f 93c9a2295b79f61da457d20ac666ae2de87f24291d860b8efef5f7263f6e7c68
GET /mgwemzpad/8a3c7a902b8c4adf8a55cec0569ca06d.static.png HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:04 GMT
content-type: image/png
content-length: 168989
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "6b78d9323de4a6aa0c662dfbe75eb4bb"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DCVlO6sCVEZVmlLmAzs6BjVrFDGkAYllrHlBTTfu6g6BnS3YtHBSlgxBEKphWElt%2FC8UfVgtGo%2B%2FMto2Pky5o0CziodssmhDZt9tDLag8mDAhfRdbi8YdpYrrFPuH%2F2u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87f0edb73e79b4f1-OSL
alt-svc: h3=":443"; ma=86400
|
|
| takelipin.xyz/mgwemzpad/630ecda0529b7e4c2ee389887a9a10aa.static.js | 104.21.78.128 | 200 OK | 4.9 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/630ecda0529b7e4c2ee389887a9a10aa.static.js IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typeJavaScript source, ASCII text Hash03d61bebb9362e3571c134d17e88261e c966e468ebbc5ac203bb35ea7b3a5cc586768b37 d25d6be4101c96b081881ae7f929b86cfc535abfadfdd3f62ebd71c17f76afdd
GET /mgwemzpad/630ecda0529b7e4c2ee389887a9a10aa.static.js HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e9f487001524fb22279b5a7a3256185d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6K2epkvLvjjuxmuwFkdZOw7%2BOcRiWTzns06G60GQE75cdrZMNZlt2E%2FNHWM2nebZy0TpWkfU0Pt5NTilkbYgvp%2Bd5mPxafgooLOEAQho22Qb%2FjgHTs2luYnHzPoDVOLJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87f0edb84fb5b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| phoashiw.net/zone?&pub=0&zone_id=7417207&is_mobile=false&domain=takelipin.xyz&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=7bc70f04-f5e5-4603-a910-c5c9863367ea&action=prerequest | 139.45.197.250 | 200 OK | 0 B |
URL POST HTTP/2phoashiw.net/zone?&pub=0&zone_id=7417207&is_mobile=false&domain=takelipin.xyz&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=7bc70f04-f5e5-4603-a910-c5c9863367ea&action=prerequest IP139.45.197.250:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerLet's Encrypt Subjectphoashiw.net Fingerprint12:E2:C2:5A:F8:C3:6C:34:5F:9E:3B:D2:D8:CD:40:77:A9:EA:BC:8B ValidityFri, 15 Mar 2024 06:33:24 GMT - Thu, 13 Jun 2024 06:33:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=7417207&is_mobile=false&domain=takelipin.xyz&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=7bc70f04-f5e5-4603-a910-c5c9863367ea&action=prerequest HTTP/1.1
Host: phoashiw.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/
Origin: https://takelipin.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:03:05 GMT
content-length: 0
x-trace-id: 687d714582934693623e9f7f57afcf93
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://takelipin.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/
Content-Type: text/plain;charset=UTF-8
Content-Length: 420
Origin: https://takelipin.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:03:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d47b06c808c8d710b93502e4f1064d3b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://takelipin.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/
Content-Type: text/plain;charset=UTF-8
Content-Length: 422
Origin: https://takelipin.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:03:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3540e7e8f5ed32077e6e7d1628676f51
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://takelipin.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/
Content-Type: text/plain;charset=UTF-8
Content-Length: 423
Origin: https://takelipin.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:03:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f8b05db86209cbf6ecfad6a9a823df17
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://takelipin.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://takelipin.xyz/
Origin: https://takelipin.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:03:05 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://takelipin.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashb7ee5b1c78dab8d25e19ac5c33634dbd 77b3e970e124331d52aad9ab3c5727736876dfd0 ee9f200045f310be825f9f874516fdf04a58634c0f07363e37112bc1517bc253
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/
Content-Type: application/json
Content-Length: 1045
Origin: https://takelipin.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:03:05 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://takelipin.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| takelipin.xyz/mgwemzpad?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 | 104.21.78.128 | 308 Permanent Redirect | 7.5 kB |
URL User Request GET HTTP/2takelipin.xyz/mgwemzpad?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 IP104.21.78.128:443
CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (7957), with no line terminators Hash8cc0476e165bac526adda6436561fc21 2bfc0d690f832d91f54bb6e33453e90418bd96da 2f2569a2b3796d9bb173eaeacd9d6e7b2282a72c3a35e9b8d967c8754f05a923
GET /mgwemzpad?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 308 Permanent Redirect
date: Sun, 05 May 2024 13:03:04 GMT
content-length: 0
location: /mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Df5qLTjEgZmANXksxGTZ7e4hRx7wIawKCAJyVj1kGnsQYyJpOB4fl41z2uk7O5hU67y8mRl6CiOC6c%2BIqA0PRX2f5%2BYQrLQYf4oH6hfA7KHmAC73es7dQLhR5z9tXtMk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87f0edb46a180b3d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| takelipin.xyz/mgwemzpad/7c54719486d752d52a13bccacf2cf359.static.css | 104.21.78.128 | 200 OK | 60 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/7c54719486d752d52a13bccacf2cf359.static.css IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typeASCII text, with very long lines (11831) Hash39279975798cdb8565e9b38656e22a4b 116f9f68aad4cf01b51046be681df533e7ff885b 395c2ca40b514b63aa516f6cf57bf7a605f71012e1ab5f3af25ff7b6a97a8652
GET /mgwemzpad/7c54719486d752d52a13bccacf2cf359.static.css HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:04 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"be36fdd4e369d1fdb68c5c4c5e260434"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KZBcKi3T%2FYTRV%2BCvMmSVqMvURD3IzCx4McWQCMvFaAGrHziDPJLx8CXb03XkVO9IjOvqTrVjIyurvfrWwtKqUr5N2A9Xhdk90%2Fmvj5mXJhHD9DdgPnX%2FcTV51kD2bGSv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87f0edb73e70b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| takelipin.xyz/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js | 104.21.78.128 | 200 OK | 12 kB |
URL GET HTTP/3takelipin.xyz/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typeJavaScript source, ASCII text, with very long lines (12331) Hash88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:04 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 15:20:25 GMT
etag: W/"66310c39-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8L1CRc6RkGdR7lPymdn0CncDUp15ZIU%2BbMN%2F0pmsBpL1Oegiwda8X%2B%2B3eNJDKbSGcoNWbx7Z%2FnUX0DISLQuNpBVdPs7yrmzWtzUj0bDBCqnyfpm7KlwZL8rPiwDyHfUP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f0edb73e81b4f1-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Tue, 07 May 2024 13:03:04 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| takelipin.xyz/mgwemzpad/like.png | 104.21.78.128 | 200 OK | 10 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/like.png IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (10468), with no line terminators Hashefe85536aed5cd669fd73fc4d8002e2f 5792c36f2e76aaa73e3b552a78d97c26b0b6cd9e e982b577243fa90815055fb47cae2659cc29caad44b29911eb9cd47f30492071
GET /mgwemzpad/like.png HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/7c54719486d752d52a13bccacf2cf359.static.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:05 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYDhyxaR7hkgVOK0cf%2BrCBKz6hhxa1AqVJI7bh3nHKf8Dj4u28n47D4nc6tE1mc6x4wko8QhX8XlalsuFj7OEjfHe9kYSqC%2FEyXTKqNKpvTOJhK%2F2nyH3EyPro%2FM68P9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87f0edb83fafb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| takelipin.xyz/mgwemzpad/88c24a70eeae16825cb88c6b122208a0.static.png | 104.21.78.128 | 200 OK | 4.1 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/88c24a70eeae16825cb88c6b122208a0.static.png IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typePNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced Hash4cdf3256cd7b8ec3917adb79d6bf457e bc615337e9223183a126c8fb649774866fb53e69 fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0
GET /mgwemzpad/88c24a70eeae16825cb88c6b122208a0.static.png HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:05 GMT
content-type: image/png
content-length: 4103
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "459dbb2fe1c535e489cd83d3cb1fada5"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UD9z4vdpO8TCMF7v0JDF64t7l2hZmyES6u5xOz3fRgpVNZ89gAJ3aBaNeqRjgMrZ0qoswutjN0ktbFjDSbAQPfBd5X1jl1e7b06b71Oiy2k9AynNji64qDEnPRoPZyYL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87f0edb9392db4f1-OSL
alt-svc: h3=":443"; ma=86400
|
|
| takelipin.xyz/sw-check-permissions-9372d.js?zoneId=7417207 | 104.21.78.128 | 200 OK | 566 B |
URL GET HTTP/3takelipin.xyz/sw-check-permissions-9372d.js?zoneId=7417207 IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typeASCII text, with very long lines (605), with no line terminators Hash27c09abe547979899437f551ac3dc001 125d94397f95ada047b6ba211cc946d55a6765ae 1501fc5c4c4ccd86285c7c73794a5c2d67a71f6609352b22e4b21db33de41c0b
GET /sw-check-permissions-9372d.js?zoneId=7417207 HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"c6ba28fa5924b173bf867021d842a344"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWnU2CyjubXXnoDmKRDyfuHWJJPjbuuYTjKNiBbIc9Aq53AneNiWV0EteedhHaSYGFar7BwsZgY%2BgqHw9nGZ9hOiZxO3Zk9StUGGuajwvsWOtckh7NOPByNFj3TeaRet"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87f0edbbdc48b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 | 104.21.78.128 | 200 OK | 7.5 kB |
URL User Request GET HTTP/2takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 IP104.21.78.128:443
CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (7957), with no line terminators Hash8cc0476e165bac526adda6436561fc21 2bfc0d690f832d91f54bb6e33453e90418bd96da 2f2569a2b3796d9bb173eaeacd9d6e7b2282a72c3a35e9b8d967c8754f05a923
GET /mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 May 2024 13:03:04 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0PVFvB8ga2r25FAyfvJ1KRTUwTGA0rbxXsUufMDl1r4Fh%2BfX8jK1NJzsbc0RYtTRhfIePNV0T3fwN4fa9fGKmt%2BOYueGUy6cTJb7IdEwedz7g39GjtpR710jJvT3vFdQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87f0edb50ab10b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| takelipin.xyz/mgwemzpad/cf9db0aa88167b8d2219bcde10757d78.static.js | 104.21.78.128 | 200 OK | 88 kB |
URL GET HTTP/3takelipin.xyz/mgwemzpad/cf9db0aa88167b8d2219bcde10757d78.static.js IP104.21.78.128:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerGoogle Trust Services LLC Subjecttakelipin.xyz Fingerprint35:66:44:8E:1B:42:1D:0E:7F:B9:6E:79:4A:00:6D:92:BC:AA:35:0E ValiditySat, 04 May 2024 12:11:19 GMT - Fri, 02 Aug 2024 12:11:18 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /mgwemzpad/cf9db0aa88167b8d2219bcde10757d78.static.js HTTP/1.1
Host: takelipin.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 05 May 2024 13:03:05 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"cd81fdefdd0599621470a78b8b8245f1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4yXxrrA%2BhQN2Lvep63bOzjjKnqajKYEOqmOcVXe1vaycX3f4RcqQQPsyxlVjuswasW72Rk%2FBlL%2Bck17n6i%2FMSIJlOIVVcMHR0F1stjTLg0kREh%2Fx9kJ0%2BIS3AfbPC%2Bak"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 87f0edb84fbdb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| phoashiw.net/pfe/current/micro.tag.min.js?z=7417207&sw=/sw-check-permissions-9372d.js | 139.45.197.250 | 200 OK | 37 kB |
URL GET HTTP/2phoashiw.net/pfe/current/micro.tag.min.js?z=7417207&sw=/sw-check-permissions-9372d.js IP139.45.197.250:443
Requested byhttps://takelipin.xyz/mgwemzpad/?bemobdata=c=01046546-535f-48cd-af25-0b46f018ddf3..l=3aba3d3f-74ad-48ac-9e34-c58cbf3c3a92..a=0..b=0..r=http://xtbws~BEMOB_DOT~bemobtrcks~BEMOB_DOT~com..ts=1714898682012 CertificateIssuerLet's Encrypt Subjectphoashiw.net Fingerprint12:E2:C2:5A:F8:C3:6C:34:5F:9E:3B:D2:D8:CD:40:77:A9:EA:BC:8B ValidityFri, 15 Mar 2024 06:33:24 GMT - Thu, 13 Jun 2024 06:33:23 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?z=7417207&sw=/sw-check-permissions-9372d.js HTTP/1.1
Host: phoashiw.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://takelipin.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 13:03:05 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|