| b2winadm-qeioqvnqg.com/assets/libs/bootstrap/dist/js/bootstrap.min.js | 172.67.199.129 | 200 OK | 15 kB |
URL GET HTTP/3b2winadm-qeioqvnqg.com/assets/libs/bootstrap/dist/js/bootstrap.min.js IP172.67.199.129:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typeJavaScript source, ASCII text, with very long lines (57791) Hashe1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/libs/bootstrap/dist/js/bootstrap.min.js HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/login
Cookie: bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 20:41:31 GMT
content-type: application/javascript
content-length: 15437
last-modified: Tue, 19 Mar 2024 01:29:51 GMT
etag: "e2d8-613f9691769e7-gzip"
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KJ6J8mwwEJLdYycIDRE22eEChksElXIvfT4cADW8ZaVaIs95%2BBui9rNWW%2B8NtLYpGhjmrXNOgKFDIuz2owdev8Wr%2BKx3aarRlAw%2F3nOPh%2FIAk4%2BV%2FrUed2RmfrG%2F%2FRJ4LxXDsT5Vyzjv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881cc01fb8081c0a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| b2winadm-qeioqvnqg.com/getAlarm?_=1715371266529 | 172.67.199.129 | 302 Found | 7.6 kB |
URL User Request GET HTTP/2b2winadm-qeioqvnqg.com/getAlarm?_=1715371266529 IP172.67.199.129:443
CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
Hash25fc04dcadf5b7ae09a9e6fa1d8ea967 86985e869151a42eb06a0849ad29d14765b6fec0 65839984cf06db372ecb7e10a18e1755c38479656deb5acfa207f82898fe3ab9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /getAlarm?_=1715371266529 HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 10 May 2024 20:41:29 GMT
content-type: text/html; charset=UTF-8
location: https://b2winadm-qeioqvnqg.com/login
cache-control: no-cache, private
set-cookie: bet2win_admin_session=eyJpdiI6InRaUzNKOUVHaFZPdm5BdHQvVlVMS1E9PSIsInZhbHVlIjoicHY2UWNNdUt4VDJLcjNwc1dHMW1VWUthM21Tek5hcnhpSStjVzVmNk5oQ1RHL3NsSlJFNVVuWFpWaFpqakM0ZHJCaWtVaXR2Z2lkUWh3SldNbEUrb2tyYzRuczg2TTZ6cVRrSEcvSlIydkU0dFhONHlIWEVETVlPZHpEeHMzaXEiLCJtYWMiOiIyZjE5ZDJmMTBkNmY2OGQyY2Y5OTViZGUyMTU0MzY4ZTQyNGM0OTk3ZjhkZjllYTFiMWRjMjFkMzY5NDk0YTc2IiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 22:41:29 GMT; Max-Age=7200; path=/; httponly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xJy4dnqDCi0YvKThmRjYacwZ4sULqj5CnGZLGehHdqHBegSM%2FOnqDFvenYckbf9utASt3ieacGybJ1lbu3QnUcHX0frJZTOHTXTu1xkzksR3yuxm4SWRqKOCvZWTYioAO0bLhoWlqmtF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881cc015eb90b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| b2winadm-qeioqvnqg.com/assets/libs/jquery/dist/jquery.min.js | 172.67.199.129 | 200 OK | 30 kB |
URL GET HTTP/3b2winadm-qeioqvnqg.com/assets/libs/jquery/dist/jquery.min.js IP172.67.199.129:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/libs/jquery/dist/jquery.min.js HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/login
Cookie: bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 20:41:31 GMT
content-type: application/javascript
content-length: 30307
last-modified: Tue, 19 Mar 2024 01:29:51 GMT
etag: "1538f-613f969175a47-gzip"
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8bLOI2kTjdUpju1gnfozkQSegANd3f%2FqOJ%2BAVL2kn5g3KoEeaQogbr7MexQUk1NcUg%2FEaCkdFPjtN0xVgQiyJZ7Np3VKXrojAO1Yo8l39hlBFh3yYA7OWNbVTUjNj6tkBIFXCLbpZbqt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881cc01fbfff1c0a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| b2winadm-qeioqvnqg.com/assets/images/logos/logo-icon.png | 172.67.199.129 | 200 OK | 18 kB |
URL GET HTTP/3b2winadm-qeioqvnqg.com/assets/images/logos/logo-icon.png IP172.67.199.129:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typePNG image data, 33 x 31, 8-bit/color RGBA, non-interlaced Hash88dea4feb241a942fef45a5152310d96 85b0cbb6d8fd98c744c0f3cc7de456ff86676ffe c47485e05e031836e588ff6889024f5e118f5cd9fca4eedf17a3ce690a782962
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/images/logos/logo-icon.png HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/login
Cookie: bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 20:41:31 GMT
content-type: image/png
content-length: 17700
last-modified: Tue, 19 Mar 2024 01:29:51 GMT
etag: "4524-613f9691798c7"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0VQNqh%2FlyochwshKR5GBL4wzRFQbvBkgo018mBJiNN8vKS5fuqKy%2Bog4RjEyxQZa67XBhiz%2BF9MUeBh6ZsTccBYQASrRZI0vd2jkLAQmAMtvB279AP7aZKt%2FkWD5bZ7eHnsveLq%2BKH22"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881cc01fbffd1c0a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/rubik/v8/iJWKBXyIfDnIV7nBrXk.ttf | 216.58.207.227 | 200 OK | 28 kB |
URL GET HTTP/2fonts.gstatic.com/s/rubik/v8/iJWKBXyIfDnIV7nBrXk.ttf IP216.58.207.227:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeTrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2015 The Rubik Project AuthorsRubikRegular2.000;UKWN;Rubik-RegularRubik RegularVersion Hash17bedde315941b70131ecf25e34e8f47 0143c159f471f0277cce105da0332bf0b2946cca 96f9c87907877d9861187cb3649c4f1e826fa2e3ba77da27f47ab14c23105d08
GET /s/rubik/v8/iJWKBXyIfDnIV7nBrXk.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b2winadm-qeioqvnqg.com
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28521
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 05:57:35 GMT
expires: Fri, 09 May 2025 05:57:35 GMT
cache-control: public, max-age=31536000
age: 139437
last-modified: Tue, 19 Feb 2019 22:39:32 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/rubik/v8/iJWHBXyIfDnIV7Eyjmmd8WU.ttf | 216.58.207.227 | 200 OK | 29 kB |
URL GET HTTP/2fonts.gstatic.com/s/rubik/v8/iJWHBXyIfDnIV7Eyjmmd8WU.ttf IP216.58.207.227:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeTrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2015 The Rubik Project AuthorsRubik MediumRegular2.000;UKWN;Rubik-MediumVersion 2.000R Hash1ea0be70443b012852c6c2379308c71c 2a231a17fe452d5957f4cb4bf5b5a1c29e8435c4 7cffca3a3bfa6e50e09b201324ecf13812ec47297e049aa6b974c42d1ea13e0b
GET /s/rubik/v8/iJWHBXyIfDnIV7Eyjmmd8WU.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b2winadm-qeioqvnqg.com
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29220
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 04:04:15 GMT
expires: Sat, 10 May 2025 04:04:15 GMT
cache-control: public, max-age=31536000
age: 59837
last-modified: Tue, 19 Feb 2019 22:40:36 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/rubik/v8/iJWHBXyIfDnIV7Eyjmmd8WU.ttf | 216.58.207.227 | 200 OK | 29 kB |
URL GET HTTP/2fonts.gstatic.com/s/rubik/v8/iJWHBXyIfDnIV7Eyjmmd8WU.ttf IP216.58.207.227:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeTrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2015 The Rubik Project AuthorsRubik MediumRegular2.000;UKWN;Rubik-MediumVersion 2.000R Hash1ea0be70443b012852c6c2379308c71c 2a231a17fe452d5957f4cb4bf5b5a1c29e8435c4 7cffca3a3bfa6e50e09b201324ecf13812ec47297e049aa6b974c42d1ea13e0b
GET /s/rubik/v8/iJWHBXyIfDnIV7Eyjmmd8WU.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b2winadm-qeioqvnqg.com
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29220
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 04:04:15 GMT
expires: Sat, 10 May 2025 04:04:15 GMT
cache-control: public, max-age=31536000
age: 59837
last-modified: Tue, 19 Feb 2019 22:40:36 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/rubik/v8/iJWKBXyIfDnIV7nBrXk.ttf | 216.58.207.227 | 200 OK | 28 kB |
URL GET HTTP/2fonts.gstatic.com/s/rubik/v8/iJWKBXyIfDnIV7nBrXk.ttf IP216.58.207.227:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeTrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2015 The Rubik Project AuthorsRubikRegular2.000;UKWN;Rubik-RegularRubik RegularVersion Hash17bedde315941b70131ecf25e34e8f47 0143c159f471f0277cce105da0332bf0b2946cca 96f9c87907877d9861187cb3649c4f1e826fa2e3ba77da27f47ab14c23105d08
GET /s/rubik/v8/iJWKBXyIfDnIV7nBrXk.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b2winadm-qeioqvnqg.com
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28521
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 05:57:35 GMT
expires: Fri, 09 May 2025 05:57:35 GMT
cache-control: public, max-age=31536000
age: 139437
last-modified: Tue, 19 Feb 2019 22:39:32 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| b2winadm-qeioqvnqg.com/assets/images/big/auth-bg.jpg | 172.67.199.129 | 200 OK | 116 kB |
URL GET HTTP/3b2winadm-qeioqvnqg.com/assets/images/big/auth-bg.jpg IP172.67.199.129:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x2000, components 3 Size116 kB (115936 bytes) Hash5d0f0ddd2e5eab5a307bbd580aad24f3 abc85c58c43f2e557fb9d2b68da90983dd9aa104 6e12de847d13d26be65010511d4244e3dd4757767dd166531fc66639534cd616
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/images/big/auth-bg.jpg HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/login
Cookie: bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 20:41:32 GMT
content-type: image/jpeg
content-length: 115936
last-modified: Tue, 19 Mar 2024 01:29:51 GMT
etag: "1c4e0-613f96917a867"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wCzJQ9P7yQKxK%2F3oHwj8rcpc7d8%2BRbDbxiynD4nBNvhMxL24DZl7BjFz%2FhMAUTxUkKFbqjuP4JxDrp5Edgm%2FjGFVR1mHk514TdzgmM4%2FwMgY1Lb2%2FlUdCmPUCvZCMIZhElTmHHq4W5r2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881cc027aec51c0a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| b2winadm-qeioqvnqg.com/dist/css/icons/themify-icons/fonts/themify.woff | 172.67.199.129 | 200 OK | 56 kB |
URL GET HTTP/3b2winadm-qeioqvnqg.com/dist/css/icons/themify-icons/fonts/themify.woff IP172.67.199.129:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typeWeb Open Font Format, CFF, length 56108, version 1.0 Hasha1ecc3b826d01251edddf29c3e4e1e97 9394f35bd2addd24666b79bfc36d4f9d247cb01d 0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/css/icons/themify-icons/fonts/themify.woff HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/dist/css/style.min.css
Cookie: bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 20:41:32 GMT
content-type: application/font-woff
content-length: 56108
last-modified: Tue, 19 Mar 2024 01:29:51 GMT
etag: "db2c-613f9691a57eb"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hceL1c2XP28BlKX8vESqmB7cHDMGwzSNHj4%2BAkeTzdvlrgS77soda1HYEDdjBUdLGnUR9LP%2FWuiSZKkIHuysVKkSKwJN9QS9qb6z16v3gqARiU0SCgejLMXhwQxi%2BNX1MfIesq8HtV4A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881cc027bed81c0a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| b2winadm-qeioqvnqg.com/assets/images/favicon.png | 172.67.199.129 | 200 OK | 17 kB |
URL GET HTTP/3b2winadm-qeioqvnqg.com/assets/images/favicon.png IP172.67.199.129:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hashc3dad2551adc8b320f6bd7296e43cd81 09763d502c21e8891895a4aedac67b5c22b802bc bf8897f1dc34cd600a6ed35c04ee84a1a6fa2c542bcf99b0b41dd2eb18fec7bc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/images/favicon.png HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/login
Cookie: bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 20:41:33 GMT
content-type: image/png
content-length: 17231
last-modified: Tue, 19 Mar 2024 01:29:51 GMT
etag: "434f-613f96917a867"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uDGixSvw%2Bin2n8Uy6oPMfz4TChof6mxNYKMc1CJjznbwcokd67f99GVSN1ibw8UZXyWLFOdSnDyjxMl8xVNr3a72TrJxeFhf2IX8UxdMbHAcv2050b8lcrGCNcTIj35NoCWRiFMqrMTb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881cc02bba291c0a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| b2winadm-qeioqvnqg.com/dist/css/style.min.css | 172.67.199.129 | 200 OK | 530 kB |
URL GET HTTP/3b2winadm-qeioqvnqg.com/dist/css/style.min.css IP172.67.199.129:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typeASCII text, with very long lines (48586) Size530 kB (530211 bytes) Hash34494b2a3d17f05e6448ad4240a4c752 18d8a4395cb1343890875b7192de7d7b30f96781 787bdc3d1cb9d853c9c37c9fe60d4ea0f8b82fc3f14075abca8b7347250cd72c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dist/css/style.min.css HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/login
Cookie: bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 20:41:31 GMT
content-type: text/css
last-modified: Tue, 19 Mar 2024 01:29:51 GMT
etag: "81723-613f9691a290b-gzip"
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydhRrrlm9Spa%2BIFDwcC3NcJIwCQQPbEiqpF28WDGemzlUpvfENkMyLOQIWzENG7fX9cCF90FYfaOO7vCZXH5FP9cfJh8C0I3uWulnj1e%2F9SQY6mrewwwjuD%2FECQvFL%2BCiDilXJo4Vhzb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881cc01faffc1c0a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| b2winadm-qeioqvnqg.com/login | 172.67.199.129 | 200 OK | 6.0 kB |
URL User Request GET HTTP/2b2winadm-qeioqvnqg.com/login IP172.67.199.129:443
CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typeHTML document, ASCII text, with very long lines (6316), with no line terminators Hashce8b73f566105e40f051c9a46af3b4f5 c9e283a6848af9f245c9080b82b8c24edf98f8e7 beb77227bdaf895dc2524b441374dd3c2bc58415cbde0218b99de99f4eb14b02
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: bet2win_admin_session=eyJpdiI6InRaUzNKOUVHaFZPdm5BdHQvVlVMS1E9PSIsInZhbHVlIjoicHY2UWNNdUt4VDJLcjNwc1dHMW1VWUthM21Tek5hcnhpSStjVzVmNk5oQ1RHL3NsSlJFNVVuWFpWaFpqakM0ZHJCaWtVaXR2Z2lkUWh3SldNbEUrb2tyYzRuczg2TTZ6cVRrSEcvSlIydkU0dFhONHlIWEVETVlPZHpEeHMzaXEiLCJtYWMiOiIyZjE5ZDJmMTBkNmY2OGQyY2Y5OTViZGUyMTU0MzY4ZTQyNGM0OTk3ZjhkZjllYTFiMWRjMjFkMzY5NDk0YTc2IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 20:41:30 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 22:41:30 GMT; Max-Age=7200; path=/
bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; expires=Fri, 10-May-2024 22:41:30 GMT; Max-Age=7200; path=/; httponly
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eaGtGDbL2BzBYD36jLIe8bDdJRitxya9KKAJ%2B%2FpNwAi9fq80dYV9MCINZaRWvtSWjvIjq8vF%2BcQi%2BE4CjGIYtgMaWsytanF8dPoZNFqFKeniUhFJOsJnF1mnxQMUFT6vAawxls%2Bw%2BLJf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881cc019c872b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| b2winadm-qeioqvnqg.com/assets/libs/popper.js/dist/umd/popper.min.js | 172.67.199.129 | 200 OK | 20 kB |
URL GET HTTP/3b2winadm-qeioqvnqg.com/assets/libs/popper.js/dist/umd/popper.min.js IP172.67.199.129:443
Requested byhttps://b2winadm-qeioqvnqg.com/login CertificateIssuerGoogle Trust Services LLC Subjectb2winadm-qeioqvnqg.com Fingerprint2B:61:22:D9:50:B9:4C:3B:4F:65:DB:B0:CE:81:50:BB:58:FD:C1:AE ValidityTue, 19 Mar 2024 03:43:03 GMT - Mon, 17 Jun 2024 03:43:02 GMT
File typeJavaScript source, ASCII text, with very long lines (20164) Hash83fb8c4d9199dce0224da0206423106f d8503645c17f9856868a7def3dc0505e19a95ec7 f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/libs/popper.js/dist/umd/popper.min.js HTTP/1.1
Host: b2winadm-qeioqvnqg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b2winadm-qeioqvnqg.com/login
Cookie: bet2win_admin_session=eyJpdiI6IkNhY0FOeUJwZlk3Z2dhbWFNNTBqTmc9PSIsInZhbHVlIjoicWZUNU0yZFJEY0R3ZGYzOUxuN0JaK21zQUo1aDAzcmdmZDVTK3Y2N3oyclJFZUFLSzJzYmxvcVE0bjNSK2dxSGluQUlyRTBYdit0ZWFYVWRGUkwxelJUdW4ycDVkTXdrNjdrS2FJZFNQSUM1QkdGMkNycXVWdkh0dEI1VjJlNWUiLCJtYWMiOiIyYzAwZjg5ZGYzNjdkMmU0OTUyYTA0NzhlYjhkYjQxNWY5OTIwN2Y3ZTU4ZDcxYmNhYTFjZjRkNzUyMDE5ZGUyIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlZIcVFKbW5kMVZBSmVFWGlnZnhtMHc9PSIsInZhbHVlIjoiR2xpeGNaU3RlbkhCeVJ2U3dwMHJ1Tms4WDMxVERwSDkrdU1ZS1IxRDY5MXI1dFpDcXFndnJnRk5aOWdFZzkvSnR2eU9zQnlNT0tjUkgwQURidDdFRjhrZzhicWlGUUJ2cUJqYm4xbE14NWV0VFNISG5qZzZZTTZOdzNaUzdZekUiLCJtYWMiOiJjODdmYTQ4NDYzYmJhODY2NzdkZWMyZWZhM2MyOWUyMTM4MjE1YTE2ODcyYzc0MmRjNzAwYTg0MGIwOTA2ZTYwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 20:41:31 GMT
content-type: application/javascript
content-length: 7239
last-modified: Tue, 19 Mar 2024 01:29:51 GMT
etag: "4f71-613f969174aa7-gzip"
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hMLJM8quubv0gJZHP05y%2F3U9DUxD12Ztu2BaoLVztF0r9W3qZnM2yEcIfn0M3Qp9DUV5jS94u8K6xgGqYOrPKUFypqfklHjt8CfhZ78OCW3w6MBr51btCiGlnDv1SvI2oPoo6%2FJqOa9k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881cc01fb8041c0a-OSL
alt-svc: h3=":443"; ma=86400
|
|