Report - brstej.com/

Report Overview

Visited public
2023-12-01 20:00:08
Tags
URL
brstej.com/
Finishing URL
wws.brstej.com/ind5
IP / ASN
104.21.56.199
#13335 CLOUDFLARENET
Title
موقع برستيج - مسلسلات عربية تركية

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-01 05:09:17	450 B	7.7 kB	104.17.24.14
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-01 08:06:52	1.3 kB	67 kB	151.101.2.137
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-30 20:01:36	1.0 kB	1.5 kB	139.45.195.8
gishejuy.com	unknown	2023-10-25	2023-10-25 15:14:32	2023-11-30 16:42:14	4.8 kB	86 kB	139.45.197.242
offerimage.com	304078	2019-06-10	2019-06-10 13:11:53	2023-12-01 12:59:37	2.3 kB	261 kB	104.22.32.172
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-12-01 13:22:24	1.0 kB	979 B	139.45.197.250
wws.brstej.com	unknown	2018-07-27	2023-08-20 19:03:15	2023-11-17 23:57:03	19 kB	4.3 MB	172.67.156.10
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-11-30 09:23:09	537 B	482 B	139.45.195.254
rndskittytor.com	31865	2021-08-09	2021-08-10 15:00:55	2023-12-01 11:32:34	3.5 kB	179 kB	139.45.197.238
cameesse.net	unknown	2023-10-18	2023-10-18 14:31:33	2023-11-28 21:11:27	9.3 kB	508 kB	139.45.197.242
netdna.bootstrapcdn.com	3413	2012-05-25	2012-09-07 17:11:00	2023-12-01 17:14:07	468 B	28 kB	104.18.11.207
d3x2.myfastcdn.com	123688	2019-06-03	2019-10-29 13:16:08	2023-11-24 15:20:22	484 B	44 kB	172.66.43.101
brstej.com	unknown	2018-07-27	2018-12-20 18:23:57	2023-07-19 02:44:15	479 B	938 kB	172.67.156.10
pushagim.com	176755	2019-04-15	2019-04-19 23:47:42	2023-11-24 16:57:59	961 B	19 kB	139.45.197.250
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-12-01 08:06:52	453 B	82 kB	104.18.11.207
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-11-30 22:37:49	409 B	20 kB	172.67.193.52
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-01 05:12:17	529 B	75 kB	172.64.141.13
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-01 06:26:25	898 B	146 kB	142.250.74.168
woafoame.net	unknown	2022-10-26	2022-10-26 14:50:26	2023-11-22 17:09:29	1.5 kB	44 kB	139.45.197.239
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-01 08:02:13	486 B	13 kB	142.250.74.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-01	medium	fleraprt.com	Sinkholed
2023-12-01	medium	gishejuy.com	Sinkholed
2023-12-01	medium	amunfezanttor.com	Sinkholed
2023-12-01	medium	amunfezanttor.com	Sinkholed
2023-12-01	medium	cameesse.net	Sinkholed
2023-12-01	medium	cameesse.net	Sinkholed
2023-12-01	medium	cameesse.net	Sinkholed
2023-12-01	medium	cameesse.net	Sinkholed
2023-12-01	medium	cameesse.net	Sinkholed
2023-12-01	medium	cameesse.net	Sinkholed
2023-12-01	medium	gishejuy.com	Sinkholed
2023-12-01	medium	gishejuy.com	Sinkholed
2023-12-01	medium	gishejuy.com	Sinkholed
2023-12-01	medium	gishejuy.com	Sinkholed
2023-12-01	medium	cameesse.net	Sinkholed
2023-12-01	medium	cameesse.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (51)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-12
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-12 08:23 Times Seen109008 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	unknown	ScriptElement	591 B	2023-11-14	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 04:37 Last Seen2024-08-20 19:40 Times Seen7 Hash b7926e44676801e2b8fef864204d29ed fd5ed175593ac49eeea0b494662d76877431eab1 5fda879f1bfa53a85533e09707d64bfee1e57e593c20f21696469146810a0ad7 Loading...

	www.googletagmanager.com/gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c	ScriptElement	281 kB	2023-12-01	2023-12-01
Pretty URL www.googletagmanager.com/gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 21:00 Last Seen2023-12-01 21:00 Times Seen1 Hash bf98ece4e4d368602b9d1624ddd9753b 76976e0c26a9950818c54cdeb1883e4af97ff63a e83785236d477183f9134a2bb548ded77d2e3362c4ba1b782ae55cc45a84bbf1 Loading...

	cameesse.net/27/b7af9eee900df9a8aa2af9ad8ee46174	ScriptElement	413 kB	2023-11-24	2024-08-20
Pretty URL cameesse.net/27/b7af9eee900df9a8aa2af9ad8ee46174 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-24 13:48 Last Seen2024-08-20 18:04 Times Seen548 Hash 1dc3ebe1459db3cde0597b21156f2665 0e5a8c7b79a34f4fffaeab7c7eb4f3a19b0d75f6 1a3f7f2cfe5fba958e9df1a38c0980aab5bb21225601ea849f9e6df4afe09f2e Loading...

	wws.brstej.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-05-12
Pretty URL wws.brstej.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-12 06:43 Times Seen31340 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	unknown	ScriptElement	4.3 kB	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash a7cdb65896aa57bcc3d21b22a79f3c32 d3abc4766b6ae26723415f85b0b6d345d4958058 d8eb5851a400e09f8d9e10c603844ffcd25dcf4c60c13be08e422cb6866507a0 Loading...

	unknown	ScriptElement	180 B	2023-04-16	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 02:35 Last Seen2024-08-21 06:41 Times Seen19 Hash f52b6e87c6805e527d4acbea1780ceae 018050b0e8de823cf42cd39ed43724c41e9a217f 0af3bb7df105fd4f7bacd0edcc9655dc6530f064a494d305a405850cc1666b98 Loading...

	gishejuy.com/400/6521330?var=2617099	ScriptElement	82 kB	2023-12-01	2023-12-01
Pretty URL gishejuy.com/400/6521330?var=2617099 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 21:00 Last Seen2023-12-01 21:00 Times Seen1 Hash 0652621f74f4c72a986281e382e05f6b a45615b80ce0294605b8f2be53062a16769c739b f90cf3ea652be449689c7701b3b0d02619efb491c7f28c144512f4f1e2cb2ea7 Loading...

	wws.brstej.com/js/melody.dev.js	ScriptElement	16 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/js/melody.dev.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen97 Hash f2bf056198be59f92547935fd4c968f0 cba85174a3d6d68fcff3a2e6238f1d6150b58fce 244926b75ad193faf7a694c602d5819576e2d953dc43849395dedfa841f5ea53 Loading...

	unknown	ScriptElement	216 B	2023-03-07	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-15 09:26 Times Seen174 Hash 901d05a394689754b24c53a14ff0bb94 16e6750d0db26beda439d20147af2cdf6ee85f6c c8d34bfa528cee7507080fac65baab9a6eacb046b4c097cc3201ff3bba0d09c1 Loading...

	www.googletagmanager.com/gtag/js?id=UA-61820443-1	ScriptElement	135 kB	2023-12-01	2023-12-01
Pretty URL www.googletagmanager.com/gtag/js?id=UA-61820443-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 21:00 Last Seen2023-12-01 21:00 Times Seen1 Hash 0957062c2bd936844fe23441779238d3 94fc71f09d7ebe78dd10a0c6d06e2f64ca177701 3448b50d8d482aa74e56f8ec3d6a091830b8fd169b23cb1d459edfa8e7030d19 Loading...

	wws.brstej.com/ind5	ScriptElement	0 B	0001-01-01	2025-05-12
Pretty URL wws.brstej.com/ind5 IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-12 08:57 Times Seen4661892 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cameesse.net/1?z=3360966&var=3002587	ScriptElement	43 kB	2023-12-01	2023-12-01
Pretty URL cameesse.net/1?z=3360966&var=3002587 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 21:00 Last Seen2023-12-01 21:00 Times Seen1 Hash ebf19a025bcf4a853bfc6f2b47e11351 6133cecff9fa8ca0df2d9a6fbc4cc19dce49abbe 63286a1af27b9eff81e71228a2cb05c92931a199f4633ce850f5ccf86ad6c24e Loading...

	wws.brstej.com/templates/echo/js/jquery.plugins.b.js	ScriptElement	9.1 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/templates/echo/js/jquery.plugins.b.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen91 Hash 8ac43cab1939c54d6bc974726fec41ca 8c44a11ac313388d254b30c162a6f1353074296d 9ea6b351a675e3bc0e648d6d41bafd700a5944f6e54778fe6beac548210c241a Loading...

	wws.brstej.com/templates/echo/js/melody.dev.js	ScriptElement	5.5 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/templates/echo/js/melody.dev.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen90 Hash 0465c9d8d0bd0da2a8a2a7a8945fb9fb 1cc25de2074cacb7cfb51e925be19510d8fefdfc c112a7633fcc9bf504030e0b6ac650aba21ed1198a5db17d74ddfd38ab3e248d Loading...

	unknown	ScriptElement	1.8 kB	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 8857c34f55218cbdc7ad1eca7374132d 5a559ef7c7cb00b014dffb34e585248fd14c3e75 980d7ced3b35e90d43fb4ac16110f045f42de893f173dcbda2f3e22e6ff098d4 Loading...

	unknown	ScriptElement	741 B	2023-03-07	2025-04-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15 Last Seen2025-04-04 09:24 Times Seen41 Hash 555d825ab99c88537a92b5047dd8566a 3d347dd34a7394335011a8d814e2c8fd05bfe4f5 2e59ae140fed734cacb9d5af9e7b172bba04bd369d812d80fd9ea9a12602a50d Loading...

	wws.brstej.com/templates/echo/js/jquery.cropit.js	ScriptElement	28 kB	2023-03-07	2025-05-12
Pretty URL wws.brstej.com/templates/echo/js/jquery.cropit.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2025-05-12 03:41 Times Seen231 Hash cd82e0edbcecf087be901e8e7ed0d035 2cedce9f87501152efa36eb1949d95c0ca4ff200 b8a0d09df5a79e5e9494b3061eeff55883870c66714879886348c5095faa7840 Loading...

	unknown	ScriptElement	154 B	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 5fb6eed987d024f66e98ec9d643c9fba 1882cd85d8c4a56b242db3fb6438b208f14aeb65 734681277b32e5c7e12c82816f5484c4eb0ef0edc86e5bc4131cfbb814fa2324 Loading...

	rndskittytor.com/400/3002587	ScriptElement	82 kB	2023-12-01	2023-12-01
Pretty URL rndskittytor.com/400/3002587 IP 139.45.197.238 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 21:00 Last Seen2023-12-01 21:00 Times Seen1 Hash 9d1e9ef085c574d76c88d8140c16dc8f 9e7e0f74d82e20f25e23808eab2debd663e7b49d f46e0bd783d2e789fc940109724ee094ee54015512eecf0e55e84b735584d3c6 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-12
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-12 08:46 Times Seen341303 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	unknown	ScriptElement	847 B	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 72d25878fedecc47db13727b2243e44f 0805dffe81598f8ef432948c7fa5ac445dcef8cd 14a819fb8126b2e4c1d87486ec8dbd5476421aff2dffe2305eae08b7a0a238d9 Loading...

	wws.brstej.com/templates/echo/js/slick.min.js	ScriptElement	40 kB	2023-03-07	2025-05-12
Pretty URL wws.brstej.com/templates/echo/js/slick.min.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-05-12 03:41 Times Seen75 Hash ed79a524576de38d04a004a482b42724 e7fb1cc9bdad19cf7296f90e23fa7c4b19b91880 34e8e27e1679a10fa7dd6192389f38fb491e89a482aea9690dd4c10538cc10bf Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js	ScriptElement	21 kB	2023-03-07	2025-05-11
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-11 23:08 Times Seen9729 Hash 56456db9d72a4b380ed3cb63095e6022 6dbce88aee15b42f29083df7a07513cf3b486ba0 66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2 Loading...

	unknown	ScriptElement	247 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash 99d7e509b94654ec171aaff5a6f507e2 d86c318e767c3959caecae57ccdc04663071f7e9 7b48d970515969f9f4aed068bdb435b72f0295a52b248dd563a210db7e7fdeb4 Loading...

	woafoame.net/5/2617099	ScriptElement	85 kB	2024-08-20	2024-08-20
Pretty URL woafoame.net/5/2617099 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash 91f598ddbd3d6485f10c52e31eb7ef96 f04aecbff3f709c48045f718094c6bf27b4c9822 a1236271a44b1c40fa5e0e5eba8edbdf97525e9ad37c3d705482690ab1be8d4f Loading...

	code.jquery.com/jquery-migrate-1.2.1.min.js	ScriptElement	7.2 kB	2023-03-07	2025-05-12
Pretty URL code.jquery.com/jquery-migrate-1.2.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-12 05:46 Times Seen4943 Hash eb05d8d73b5b13d8d84308a4751ece96 743052320809514fb788fe1d3df37fc87ce90452 1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js	ScriptElement	81 kB	2023-03-07	2025-05-08
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01 Last Seen2025-05-08 20:08 Times Seen494 Hash 21f815ff6d1883c4e81d821d38ff4070 386ea8bd17f21149c4e3a2303665fe6398e4e7d0 f67b782ec5a62c8fcedb89535bcf48cc02ae06a119e3b97fe2b875fad1ff358f Loading...

	unknown	EventHandler	0 B	0001-01-01	2025-05-12
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-12 08:57 Times Seen4661892 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	wws.brstej.com/js/bootstrap-notify.min.js	ScriptElement	8.2 kB	2023-03-07	2025-04-25
Pretty URL wws.brstej.com/js/bootstrap-notify.min.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-25 00:46 Times Seen179 Hash 5ba070af9d1b1a2782851940de30879f d33390fc88bf68bd23eb182d7dbc77f5227081b2 a13a07b242c80b57e0cbbacc6cfedb538d4d331ff1f9dff370519ec57407e450 Loading...

	unknown	ScriptElement	6.0 kB	2023-03-07	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15 Last Seen2025-04-15 09:26 Times Seen25 Hash fab201b7e2ce45bb184bc92980933ab5 bf6e3c5ee82842f422a7304159483bf5f906df95 7b7204ab22a1542b8bd6ee294de6fdddf03fb8f5af75d1b492c976f4aab5f311 Loading...

	pushagim.com/pfe/current/extra.min.js?z=3475873&var=3002587	ScriptElement	18 kB	2023-11-04	2024-08-20
Pretty URL pushagim.com/pfe/current/extra.min.js?z=3475873&var=3002587 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 06:40 Last Seen2024-08-20 20:59 Times Seen40 Hash d2b5377db87e56c74bc3c5e251087c27 522da126538d1db8adb63807d015bcc1fdea7a08 4eb3196601dab0886c740cde2fa9adf527e06b9e7c58c3dce8ad46dba0bb8b07 Loading...

	unknown	Function	2.4 kB	2024-08-20	2024-08-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash b72a754133866bb35a6fc2d4f28ac07e 8d920a974dd7f7e5584dabd4a1ffa7616c40a164 95fef64786b0923c56457540281c1c7675915045c873e66477d3f9f96acbf61e Loading...

	wws.brstej.com/templates/echo/js/jasny-bootstrap.min.js	ScriptElement	20 kB	2023-03-07	2025-05-12
Pretty URL wws.brstej.com/templates/echo/js/jasny-bootstrap.min.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-05-12 03:41 Times Seen201 Hash f6b6e524d29d54ada53e4172b9d91cf7 427153c7a2d83d2ca800e397779f29b857801ad2 e7ad856551c720cb7c6a24a8bf4a9d6b6b24c24f07109cde96366338e53a4ff8 Loading...

	unknown	ScriptElement	3.1 kB	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 567c56db1eaf725e91ff651665f8ffd0 a4a822f432d3ca1d9e2e0463cbfc33f28f967c53 439bfa53f6302ce0bae04b334fa4d1e60a422f14203aea9cf1ef7b2db5b623ce Loading...

	wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.3 kB	2023-12-01	2023-12-01
Pretty URL wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 21:00 Last Seen2023-12-01 21:00 Times Seen1 Hash abe9bb7e176a3636646613c9ba450470 092933a641d1fc716840eadae1966ed9e7f7ad90 0473b2968218d835b886b3bece6daea9fab94cf428c4f42827ceb78735529176 Loading...

	unknown	ScriptElement	439 B	2023-03-07	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-15 09:26 Times Seen173 Hash 86a6965e541a781a37d669b260561c55 d507b1712d0947c35ca109d78453ad0706543594 d08064727885699b455486366ac7a1b6e9e298d7cb1d94d4e491088d0bb8ab94 Loading...

	tzegilo.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 20:07 Last Seen2024-08-21 07:20 Times Seen2395 Hash 89e89aea544ea2785d49cc4cd9cf26f6 7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b 86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9 Loading...

	wws.brstej.com/templates/echo/js/theme.js	ScriptElement	44 kB	2023-03-10	2024-10-19
Pretty URL wws.brstej.com/templates/echo/js/theme.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2024-10-19 22:59 Times Seen33 Hash ec936f32dd9f5e2c8e3881703aa1ee95 48efb6cdbb051954b9265273247ea6675ddc15cb 35ff635a9e7b42762a78b36632593544829e2573d6ee8045aa14d01a7622b0fb Loading...

	wws.brstej.com/js/jquery.typewatch.js	ScriptElement	1.4 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/js/jquery.typewatch.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen93 Hash 127426292630387dbe0c8b903229a7d3 fe62c30bb3a0e02f549ee6323d55bfac5cf32239 04fd6ef5911c31cc109fa5cc24010a975df2fae28d156ccbfc849b7e844c11c8 Loading...

	unknown	EventHandler	79 B	2023-04-16	2025-04-28
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-16 10:54 Last Seen2025-04-28 03:03 Times Seen128 Hash c0cc0fb0141f52b9fc5bf5bf281531ac 29942c5675c543f8d2edc686e80cf4bf0e10bb70 74c38e29231738f71a0b9ebec39d21fcb041847dad58079457731f0481a6e7ea Loading...

	unknown	ScriptElement	330 B	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash bf4a3bccbd0242ef08b1261d2e131d7c 0c01f8286e8ada2d15ca2ec46031c33219ae1e47 105fbcb3b9f3ed97a199fc68c149b864c1f25304db740f27a7251465445c5b28 Loading...

	unknown	ScriptElement	2.3 kB	2023-04-11	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 10:43 Last Seen2025-04-15 09:26 Times Seen32 Hash 88a3609b3cde3749a15811e4b27418ea c5efa44f160d3903c48966c3f5623b8c4e2d8192 aa902b3d2c7b40b2750ed80b9f205f9258c71582a98441efcd5c469d02e3d97a Loading...

	wws.brstej.com/templates/echo/js/jquery.plugins.a.js	ScriptElement	9.5 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/templates/echo/js/jquery.plugins.a.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2024-10-23 22:55 Times Seen90 Hash 7edd7d96ee453442900875aa72c595c4 a09a3c791e560866562f26d8ac7f9621f369cfa2 d36a4d2e1e3ec14aa6fd41115d053a533999f0337d0f48859de361199f7359cb Loading...

	wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.3 kB	2023-12-01	2023-12-01
Pretty URL wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 20:32 Last Seen2023-12-01 21:06 Times Seen3 Hash 1879914274c7e65201cfca70c96a335d 90d60b27f5597d338cd4769e791fe926dad32ca0 efe846ffa7d8709608bbeb2b74a6a2961d6adad18ee02f20f14ff7cd159f082e Loading...

	unknown	Function	1.4 kB	2023-06-07	2024-11-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-06-07 22:16 Last Seen2024-11-10 17:49 Times Seen561 Hash a4951040210c1a13f3006d506c750587 38552c656ef4fbf104ec652c3ad3a4a76062f501 c444e5aeffcc46c5b62dd11508eecaec8227b0d29ce4c098cd43f7d076a00aa1 Loading...

	unknown	EventHandler	56 B	2023-04-16	2025-04-28
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-16 10:54 Last Seen2025-04-28 03:03 Times Seen128 Hash cae6f8624c66f13833c0cb65d1a7d4f3 38913a239bfe49bb031bc0bba5130fdde4a9dddd 41557c099d9a65a2febcf471b7cc43a2fc76a213f40eb129e19d06c2f3d64ce0 Loading...

	wws.brstej.com/templates/echo/js/jquery.readmore.js	ScriptElement	3.4 kB	2023-03-07	2024-10-23
Pretty URL wws.brstej.com/templates/echo/js/jquery.readmore.js IP 172.67.156.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:21 Last Seen2024-10-23 22:55 Times Seen90 Hash 9831a2bda29ff5d836acf4aca465c0cd 44deda013554c85237ddc16793a2065f5551249b e75fb4b26aa2ded1e757268828d3d759c05a85d92db75cd6b491f3f4cb6af769 Loading...

	unknown	ScriptElement	158 B	2023-03-10	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:55 Last Seen2025-04-15 09:26 Times Seen24 Hash 6637a3430b1fbb9f84840327d6bb2936 23cb2f20e77a711f6efb99178e61ad934f5354fe a7a95128c31365eaaa0c936444fe59ad0736ff8d1380b9d6fd8edde2d9ba7231 Loading...

	unknown	ScriptElement	291 B	2023-03-07	2025-04-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-04-15 09:26 Times Seen155 Hash 0b5c6ecfd31b214438c017f7840cab7d 5b0d464bbab33735e654f6d0b47dd2bcd47f8e5c e0d679f66eea8fae589016f89ff238618cabb4b802add68fcbf4d70498356ea1 Loading...

	wws.brstej.com/sandbox%20eval%20code		147 B	2023-04-11	2025-05-12
Pretty URL wws.brstej.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-12 08:46 Times Seen342106 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

HTTP Transactions (80)

URL IP Response Size

wws.brstej.com/22.png

172.67.156.10

200 OK

7.7 kB

URL GET HTTP/3
wws.brstej.com/22.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
PNG image data, 154 x 76, 8-bit/color RGBA, non-interlaced\012- data
Size
7.7 kB (7680 bytes)
Hash
f4c0a41fb57d2b80a773283ff7eb0b28
a96333eded453d3eb644d125b5a84b1c6dbe9c6e
d837675d97b03d4ec8ef632453cffc2d031c949a16a17641d03dd6c3ae1fa1b2

HTTP Headers

GET /22.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/png
content-length: 7680
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sun, 07 Jan 2024 02:40:58 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 743321
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fd%2FwXA5nUq4FqWsFUy79ar3UYyi5yY%2B3F7OVZE0JALIRXiuunJIjVbPgggD1i7QgMt9F9uVJb%2BQU7wBI1%2BGwVWfrDEAlZHtO23kMEgsCrHZh4OX6jLBTk%2Bc11pC7HmjY1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a54efd56ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/0b7cd07b.jpg

172.67.156.10

200 OK

86 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/0b7cd07b.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 25.0 (Windows), datetime=2023:12:01 03:09:04], progressive, precision 8, 1280x720, components 3\012- data
Size
86 kB (86075 bytes)
Hash
b937130e3f002119fc5ec229aeaa403c
c384a88025978750577f423f6ed6f5d73421caa7
3ac5a5a12ce04fd387c21008062330dff7b90e4f3de8532c851f23282069c1bb

HTTP Headers

GET /uploads/articles/0b7cd07b.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/jpeg
content-length: 86075
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Tue, 30 Jan 2024 01:13:34 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 51707
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R5K17TWm7i0FyYDQcY0o%2Fffi%2BBBUxmhb2MYkKtsNuTGBKySHANXfehsQyZO27breovNU1rDnPiNSe9%2BT29lFgp5DrJlZnEedpdv7xGmFQlyvrHZjvsL9RYYGjJt69FMShA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a56f2856ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/801000ef.jpg

172.67.156.10

200 OK

163 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/801000ef.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
163 kB (163434 bytes)
Hash
77c12d289c5ca51d4a71591e4bed9ced
7f89ba63b43f42e95a2026861223627d9ea19b5a
91f89cbc9891fa67715ea8c2d58e6cc886d3d0d7a77e6851afb8a7c7f25ff1a2

HTTP Headers

GET /uploads/articles/801000ef.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/jpeg
content-length: 163434
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Mon, 08 Jan 2024 07:29:01 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 827170
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyUoM8lc87aOpF1YGTD3m45ethZvmoSxa3mzHqaRx01Dw%2BbJo8HMFQ%2FVk4sHwk%2FzLmUuTPAx2LkDCdm4GLVXHxCJ2yrKcfSQISH8CT%2F7TpSwczlcSP45%2Bwc1%2Bshz0Hw15w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a56f2956ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/953de6e5.jpg

172.67.156.10

200 OK

97 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/953de6e5.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1080, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], progressive, precision 8, 1280x720, components 3\012- data
Size
97 kB (97072 bytes)
Hash
7d2db4e696a2a6c01f1b211bf05cf522
840a3d7713624b7ac59f2499ac4bf10b6e09e64f
aab92fdf0543fe48bfa37677be44d041499ffc1a5f1a6b799eb696d666368a6d

HTTP Headers

GET /uploads/articles/953de6e5.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/jpeg
content-length: 97072
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 27 Jan 2024 07:44:35 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 132808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VLkOesF3Iw1VlwxQaRGOm0iGqhcZ9N98WrmASykKcooC%2FSI3fOnXrLQNinEMNzFBnxrKRyfiQY3ghXJZsFRbacLcn43nki4z24drEpYdIMx3pZCTyxPf7MKJ6ZtiNceiag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a57f2c56ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/f00feb0d.jpg

172.67.156.10

200 OK

100 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/f00feb0d.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
100 kB (100171 bytes)
Hash
544d6d4e8fc872c8618f7c882517623b
3681489fe6feea7e9438c2392a3498c1bdd4eb02
2a88e0cf8439cdb0a197c46d2217d16eb7c21d439e44f9f80ff031558e2ee03f

HTTP Headers

GET /uploads/articles/f00feb0d.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/jpeg
content-length: 100171
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Thu, 11 Jan 2024 05:25:54 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 659948
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4bmaE3824nkEAIR1SgHNalxHoBmupVtlIrYPnWluqenP82RzhOsCUzwjjjsig%2BHc35MWM0pn822E2aebpJOVfWeaFQKRYB1TKBMq9wndsRKQcSKoky8jipU%2BmOV57qjdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a57f2d56ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/img/icon-play-32.png

172.67.156.10

200 OK

795 B

URL GET HTTP/3
wws.brstej.com/templates/echo/img/icon-play-32.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
795 B (795 bytes)
Hash
f3653d1fc8de9d6101eee0f1437a54d5
3be0d1b3e5901913f8b229175fbde76235933260
8962429449a13955dc953a619a622a96dbf2a727718cf2c9c2e572558f7f0070

HTTP Headers

GET /templates/echo/img/icon-play-32.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/png
content-length: 795
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sun, 31 Dec 2023 02:12:01 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 569822
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bn%2B3zuS%2BHB62pG3bDwfK00MFVgfZQ0MrUa2UbV7oZpwwF0NoRXKBsjiRpDO%2BCKvmRa6%2FJZq1wNVogf7BbHf8kY%2BPX2YorMyCyzEhK5dyqQa9QUYWK0y2JQv%2BrDc8cNbJGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a5ffc156ae-OSL
alt-svc: h3=":443"; ma=86400

use.fontawesome.com/releases/v5.8.2/webfonts/fa-solid-900.woff2

172.64.141.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.8.2/webfonts/fa-solid-900.woff2
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74328, version 329.-17695\012- data
Size
74 kB (74328 bytes)
Hash
64b3e814a66c2719b15abf8f7998bd73
fa5c5d34c7c375aa3e101f0b8104b6cdbcacd6a6
0fe6a4357505cb0d3ca8ba0671ad57df6b7410ca02cb8065eed58e2c0381e640

HTTP Headers

GET /releases/v5.8.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: font/woff2
content-length: 74328
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "64b3e814a66c2719b15abf8f7998bd73"
last-modified: Fri, 22 Sep 2023 01:45:59 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 129718
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DtqOtilohhs6J2fgFOSutVqAveh844B7IaRHCWRfJ7pONB9%2FOlI3Qjj2TinT8FBWAVpesw2pzWyZLLSTwnj1BU3OCouZFBlrH1h2L7YtGAgGRpIaXHPppQhn8dtJpD4D0MztJQCR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a6a97f634d-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wws.brstej.com/uploads/articles/327b1df3.jpg

172.67.156.10

200 OK

96 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/327b1df3.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1080, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], progressive, precision 8, 1280x720, components 3\012- data
Size
96 kB (95657 bytes)
Hash
e16114e3bc411b3a9b31066eee232d25
e97fcc9c8d81cadc624ac00a6d86555562c9241d
17a707a9293b89ed42bae5070694ec3f31a78c7490f7f63156a9055e440937f1

HTTP Headers

GET /uploads/articles/327b1df3.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/jpeg
content-length: 95657
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Wed, 10 Jan 2024 19:17:34 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 734860
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2NKx%2BvG4hIzH3BxKSh%2BauLAISSqxb7uVKI4ve%2Bzz17Bek%2FJBOHoKp76PpKONHU8v1wQY%2F06CTlKJfyAM1g%2BK7MNUGbu97zq8pM8xFC%2F%2FN%2FCGilo%2Baqck7EpAsNRsKy0wvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a7a9b356ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/ec9cd2d0.jpg

172.67.156.10

200 OK

80 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/ec9cd2d0.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size
80 kB (79683 bytes)
Hash
065449bbf7c6da37a76fac2e9ee8ecc3
35eebd71438fc81a10b1c39600a30b68b0090127
8c5bd7a6e7a3d3794d798e616b04547f2cac4ffa44b425adcb9d5b8b1ec8affe

HTTP Headers

GET /uploads/articles/ec9cd2d0.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/jpeg
content-length: 79683
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Mon, 08 Jan 2024 07:00:26 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 475896
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=63Mio56rs81VIqa1K1NWGbmNEDVAxbf7PPUIUs5ybF4Tid2l%2Fl0Jc1PRqiwd7wCtfniJuKmelvxT1R%2BPwmrV0FWroWdc0ZLR0cU4%2Be7j2i5qErKb%2BMk8sZb0Zmvdy%2BWedw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a7a9bc56ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/cebfc6d1.jpg

172.67.156.10

200 OK

114 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/cebfc6d1.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=720, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1280], baseline, precision 8, 1280x720, components 3\012- data
Size
114 kB (114289 bytes)
Hash
64207d14b52efa90f8b4dbb87630f093
e5386b8e153ace1ac170a5b16d4776f2c3e28b31
c668caf7e8871e0fbfd6ef4752ffe9016874c402972e4a5db500a9e7adb40c1b

HTTP Headers

GET /uploads/articles/cebfc6d1.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/jpeg
content-length: 114289
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Wed, 10 Jan 2024 08:22:44 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 818988
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6B%2BJioOZRWRIMS3bCaDBHKy4%2FIkJCW6iJsdk7ZlwWC0tR%2FDa02jY0yR%2FSfkVb3J4R0qyjC98QI7lcuLBof5epu4mVXtUExMD1bboy698o370xuN8EbG34Np0FL9OELTyMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a7c9dc56ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/0722a253.jpg

172.67.156.10

200 OK

115 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/0722a253.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=720, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1280], baseline, precision 8, 1280x720, components 3\012- data
Size
115 kB (114587 bytes)
Hash
0ea248b64df8829c38eaafd3a9c0290b
bad6e6d57c0eb4293de5639bd7bf1c97e01e593a
d37076a17ec93857424e237a830e85af5e409c9e018fe932c130069de32b0677

HTTP Headers

GET /uploads/articles/0722a253.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/jpeg
content-length: 114587
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Mon, 08 Jan 2024 06:03:49 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 793783
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uCKXjsZrumzNNeloc0XaFWwZ5LzE8UplZ63dL7oz3jKEASjLJovuSIiDB%2Fmr2t1Dj%2FIS%2B3dQhP6NGIzeobRKuXDlagx%2FDSmDTFfdfApsnnz3yy4qOsq79WBxnGUJmNhdiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a7c9dd56ae-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

104.17.24.14

200 OK

6.6 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20831)
Size
6.6 kB (6646 bytes)
Hash
56456db9d72a4b380ed3cb63095e6022
6dbce88aee15b42f29083df7a07513cf3b486ba0
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

HTTP Headers

GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 6646
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-520c"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 581714
expires: Wed, 20 Nov 2024 19:59:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5bBRrbH2DsLSxPmGh6yraORS3VbPvwyOvxV7q2tDro7YF67DuyOt9ubdxb1pUQs48RZKMNbVxMJ6JH2%2FU%2Ffta0s1ku4YJE%2FRd%2Bl2XcZAQH7k1u3uIokmS8C9cp743N1eKShZ%2FQF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82ede9a89a591bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-migrate-1.2.1.min.js

151.101.2.137

200 OK

3.1 kB

URL GET HTTP/2
code.jquery.com/jquery-migrate-1.2.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7085)
Size
3.1 kB (3063 bytes)
Hash
eb05d8d73b5b13d8d84308a4751ece96
743052320809514fb788fe1d3df37fc87ce90452
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

HTTP Headers

GET /jquery-migrate-1.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1c1f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 01 Dec 2023 19:59:48 GMT
age: 6556991
x-served-by: cache-lga21931-LGA, cache-bma1647-BMA
x-cache: HIT, HIT
x-cache-hits: 26, 215920
x-timer: S1701460789.586822,VS0,VE0
vary: Accept-Encoding
content-length: 3063
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 01 Dec 2023 19:59:48 GMT
age: 3006100
x-served-by: cache-lga13628-LGA, cache-bma1664-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 49279
x-timer: S1701460789.594462,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-61820443-1

142.250.74.168

200 OK

52 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-61820443-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
52 kB (51619 bytes)
Hash
0957062c2bd936844fe23441779238d3
94fc71f09d7ebe78dd10a0c6d06e2f64ca177701
3448b50d8d482aa74e56f8ec3d6a091830b8fd169b23cb1d459edfa8e7030d19

HTTP Headers

GET /gtag/js?id=UA-61820443-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 19:59:48 GMT
expires: Fri, 01 Dec 2023 19:59:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51619
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=608d481b62bc4a0f9b0deaa339fca103

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=608d481b62bc4a0f9b0deaa339fca103
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
26b0059e137ea0d122dfe3cfe5f70409
81887581ab5fc3ebc5ebec6ae8d60b0d35ebb62c
b4c2d2e337106eadbf33dd48a1b89fd2f12317eac26393a60d14163afffea20f

HTTP Headers

GET /gid.js?userId=608d481b62bc4a0f9b0deaa339fca103 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:48 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

woafoame.net/5/2617099

139.45.197.239

200 OK

39 kB

URL GET HTTP/2
woafoame.net/5/2617099
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectwoafoame.net
Fingerprint46:19:66:C1:66:62:79:05:0E:B5:09:CC:A9:7E:D2:F1:D0:C4:BE:BB
ValidityThu, 30 Nov 2023 05:09:59 GMT - Wed, 28 Feb 2024 05:09:58 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
39 kB (39345 bytes)
Hash
2fabaec5807fbee7db5154ec45d8a99c
1e01fadd5b2ba02e964ed56d3777b5633d632ba6
57b5addc3161e20b6185e861bc6158dbc0345c323a2798a286aa6529f0333274

HTTP Headers

GET /5/2617099 HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: application/javascript
x-trace-id: 17bc286fbf7a38f3b0ca41f930b54717
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:48 GMT; path=/; secure; SameSite=None
oaidts=1701460788; expires=Sat, 30 Nov 2024 19:59:48 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

wws.brstej.com/templates/echo/js/jquery.plugins.b.js

172.67.156.10

200 OK

39 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jquery.plugins.b.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (8918)
Size
39 kB (39408 bytes)
Hash
8ac43cab1939c54d6bc974726fec41ca
8c44a11ac313388d254b30c162a6f1353074296d
9ea6b351a675e3bc0e648d6d41bafd700a5944f6e54778fe6beac548210c241a

HTTP Headers

GET /templates/echo/js/jquery.plugins.b.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=9509
expires: Fri, 08 Dec 2023 03:46:08 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 569822
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lbTtqMxRe3lidl%2Bd%2FRi9u1EaCLjX%2BVzhF5mbP8iSBGuOiZmaN5brXQ0AJVift8T%2BnAMJRNR%2FkD7t8dw1NYE9jxYf1WvfMMDEduTzZE5iID95xLIJf1%2BMKTV47dxPSRzUrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a80a3a56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-3.5.1.min.js

151.101.2.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 01 Dec 2023 19:59:49 GMT
age: 3006101
x-served-by: cache-lga13628-LGA, cache-bma1664-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 49280
x-timer: S1701460789.304360,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.156.10

302 Found

503 B

URL GET HTTP/3
wws.brstej.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
data
Size
503 B (503 bytes)
Hash
cefd12b3c0a5f931203e29677e594cb1
b12b6e7bd92f7d4481664ab03ded3be09e0feb87
a2a7aaf0f3467750e9aef9a8fa057fb877ea62c86437ad391ff490b70970e207

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 01 Dec 2023 19:59:48 GMT
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FlULNbXevZ3dvaScLdUmhMA5SONjOqtIOxAJNW7Cwdo4I9pA73iuLEM%2F1wdbwkH4ZNBHhCu7ifpuS6veKe%2BAyIJVHnuM1qQjGHm%2B7oxR9EP%2BrriaYBMJ5RTAQGrqVTgFLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a86a9556ae-OSL
alt-svc: h3=":443"; ma=86400

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
FingerprintA4:AF:A0:00:99:C9:85:E5:30:F6:F3:F2:B5:4F:AE:4F:D0:46:74:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1357
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 01 Dec 2023 20:00:28 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://wws.brstej.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

wws.brstej.com/cdn-cgi/challenge-platform/h/b/jsd/r/82ede9a078f456ae

172.67.156.10

200 OK

95 kB

URL POST HTTP/3
wws.brstej.com/cdn-cgi/challenge-platform/h/b/jsd/r/82ede9a078f456ae
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
DIY-Thermocam raw data (Lepton 3.x), scale 20065-28005, spot sensor temperature 3715504275456.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 18318076880873922886631424.000000\012- data
Size
95 kB (94645 bytes)
Hash
167bd48df00739fc5bfc6dad74eb32cc
fd9b9a5f6adadb958ba7ae010a5b1da1793f6c14
b8f8e156d6ccaab91bf442814c29d659a420ca98d415185840e1c87c9bccd2b4

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/82ede9a078f456ae HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12181
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=ly8pZDzbucolsNuSYBHByZBHDFu7GXHxueH8PsMk02A-1701460789-0-1-730ca2d2.73a07051.5b213570-0.2.1701460789; path=/; expires=Sat, 30-Nov-24 19:59:49 GMT; domain=.brstej.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2FRKASUPhgmAk7%2FWzDSoXF%2FWgzZk7VtQV%2BcjjDEnZVaDCHpkWnnuDbC9YGJzKBalzqH67IJguHA1bNok7p%2FcRtOSQis5budACXm5cSYJHv5WMW1pQcTW%2Fh16enrp1ggDFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9ab6dce56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/a91594bc.jpg

172.67.156.10

200 OK

134 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/a91594bc.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=720, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1280], progressive, precision 8, 1280x720, components 3\012- data
Size
134 kB (133579 bytes)
Hash
a43f2fa930d313553e1d0d4bd863311a
b240aa33946eac214ca01d8f36d14422e05ea782
a92421cfb598caf9551ec7750fb6e0ed72a92c78f5aea5107559637016ae9b22

HTTP Headers

GET /uploads/articles/a91594bc.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c; cf_clearance=ly8pZDzbucolsNuSYBHByZBHDFu7GXHxueH8PsMk02A-1701460789-0-1-730ca2d2.73a07051.5b213570-0.2.1701460789; prefetchAd_2617099=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: image/jpeg
content-length: 133579
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sun, 07 Jan 2024 09:08:59 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 471325
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6HEfeSHQrZvFs9kW6yJ4I%2BXi5m2TD4z2jai%2F5CXS%2BB1z7SNf2gaUaSkGEjErGShW6U6jdANLYRgopWWkg65EXd8Iet8KAFY9RccdcuAxgonIQ78RyGCctdyMvnzZGqG7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9b0fbfa56ae-OSL
alt-svc: h3=":443"; ma=86400

gishejuy.com/500/6521330?excludes=&oaid=608d481b62bc4a0f9b0deaa339fca103&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/6521330?excludes=&oaid=608d481b62bc4a0f9b0deaa339fca103&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6521330?excludes=&oaid=608d481b62bc4a0f9b0deaa339fca103&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c

142.250.74.168

200 OK

93 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
93 kB (93096 bytes)
Hash
bf98ece4e4d368602b9d1624ddd9753b
76976e0c26a9950818c54cdeb1883e4af97ff63a
e83785236d477183f9134a2bb548ded77d2e3362c4ba1b782ae55cc45a84bbf1

HTTP Headers

GET /gtag/js?id=G-4F9Y2X30YT&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 19:59:50 GMT
expires: Fri, 01 Dec 2023 19:59:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93096
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

my.rtmark.net/gid.js?pub=0&userId=&zoneId=3475873&checkDuplicate=true&ymid=&var=3002587

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=3475873&checkDuplicate=true&ymid=&var=3002587
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
26b0059e137ea0d122dfe3cfe5f70409
81887581ab5fc3ebc5ebec6ae8d60b0d35ebb62c
b4c2d2e337106eadbf33dd48a1b89fd2f12317eac26393a60d14163afffea20f

HTTP Headers

GET /gid.js?pub=0&userId=&zoneId=3475873&checkDuplicate=true&ymid=&var=3002587 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Cookie: ID=608d481b62bc4a0f9b0deaa339fca103
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:50 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/b89a854cfb66584b3f5fef24e571e8b5.png

104.22.32.172

200 OK

93 kB

URL GET HTTP/2
offerimage.com/www/images/b89a854cfb66584b3f5fef24e571e8b5.png
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
93 kB (92662 bytes)
Hash
b89a854cfb66584b3f5fef24e571e8b5
9bb5f94bcc641c8cfbc2e24f0a2af5bd07a3a1ea
7228a1274993f4e608b4f0952b2197db136917df3d8ae95ea16a9a34769945e7

HTTP Headers

GET /www/images/b89a854cfb66584b3f5fef24e571e8b5.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: image/png
content-length: 92662
last-modified: Thu, 10 Dec 2020 16:03:56 GMT
etag: "5fd246ec-169f6"
expires: Sat, 02 Dec 2023 05:52:54 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 50816
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9b578962e0d-ARN
X-Firefox-Spdy: h2

pushagim.com/zone?pub=0&zone_id=3475873&is_mobile=false&domain=wws.brstej.com&var=3002587&ymid=&var_3=

139.45.197.250

200 OK

949 B

URL GET HTTP/2
pushagim.com/zone?pub=0&zone_id=3475873&is_mobile=false&domain=wws.brstej.com&var=3002587&ymid=&var_3=
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectpushagim.com
Fingerprint4E:CB:50:CB:A3:58:61:9D:E9:C7:EC:16:25:D6:65:A7:30:39:68:FC
ValidityMon, 06 Nov 2023 16:36:27 GMT - Sun, 04 Feb 2024 16:36:26 GMT

File type
JSON data\012- , ASCII text, with very long lines (948)
Size
949 B (949 bytes)
Hash
0a265cc966e3a76177d53aca5f900d90
70cec946b2797423db1c1bbe7e06968d93dd7709
854c06ba01eddf0abac06fcc558de50e2a92d9f9ec2194d1752680030ffa1914

HTTP Headers

GET /zone?pub=0&zone_id=3475873&is_mobile=false&domain=wws.brstej.com&var=3002587&ymid=&var_3= HTTP/1.1
Host: pushagim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: application/json; charset=utf-8
content-length: 949
x-trace-id: 353318e466e550bc18051f6638f5848c
access-control-allow-origin: https://wws.brstej.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

rndskittytor.com/500/3002587?excludes=&oaid=608d481b62bc4a0f9b0deaa339fca103&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0

139.45.197.238

200 OK

0 B

URL GET HTTP/2
rndskittytor.com/500/3002587?excludes=&oaid=608d481b62bc4a0f9b0deaa339fca103&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrndskittytor.com
FingerprintE2:D3:8E:9A:13:B9:59:FD:9E:47:CF:9C:9E:73:B4:F3:6B:73:5E:DC
ValidityTue, 28 Nov 2023 00:27:44 GMT - Mon, 26 Feb 2024 00:27:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/3002587?excludes=&oaid=608d481b62bc4a0f9b0deaa339fca103&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
17 kB (16973 bytes)
Hash
6fe0a8e6dd1827229a93f3a64a823866
a44f50cf061ab8a3eceb6fc2f691a9007c9f4168
2fc6186bece84189796cdd4ea7e4da6702d65784eb734765ab1ae9704de98cd8

HTTP Headers

GET /www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: image/jpeg
content-length: 16973
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674404-424d"
expires: Sat, 02 Dec 2023 14:11:18 GMT
last-modified: Wed, 29 Nov 2023 14:00:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 20912
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9b6a9d12e0d-ARN
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint94:5D:BD:F9:F6:55:6B:83:55:25:90:4A:5F:E4:CF:19:5E:6B:A2:51
ValidityWed, 22 Nov 2023 20:33:33 GMT - Tue, 20 Feb 2024 20:33:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://wws.brstej.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint94:5D:BD:F9:F6:55:6B:83:55:25:90:4A:5F:E4:CF:19:5E:6B:A2:51
ValidityWed, 22 Nov 2023 20:33:33 GMT - Tue, 20 Feb 2024 20:33:32 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
5722d7fca3e14d8fd6a1d1c7af7956c2
f0fbbbfbf53662eea7ddcf17c33c9e0f3297dd61
c6807f73fe45d85fb7f739ea9ee4eaca1d2bb3d2db7c4b79487bafbf489f93c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wws.brstej.com/
Content-Type: application/json
Content-Length: 503
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://wws.brstej.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cameesse.net/9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=608d481b62bc4a0f9b0deaa339fca103

139.45.197.242

200 OK

0 B

URL POST HTTP/2
cameesse.net/9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=608d481b62bc4a0f9b0deaa339fca103
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=608d481b62bc4a0f9b0deaa339fca103 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 01 Dec 2023 19:59:51 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

cameesse.net/11?rnd=1860013577&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=83

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=1860013577&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=83
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=1860013577&z=3360966&b=17227367&var=3002587&varid=0&rqtdbc=1&rcvdbc=1&btp=1&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=83 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=608d481b62bc4a0f9b0deaa339fca103; oaidts=1701460790
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:51 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: b7a3977c753c54f18605845e0d07f1dd
access-control-expose-headers: X-Sc
set-cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:51 GMT; secure; SameSite=None
oaidts=1701460790; expires=Sat, 30 Nov 2024 19:59:51 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

139.45.197.242

200 OK

46 kB

URL POST HTTP/2
cameesse.net/9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=608d481b62bc4a0f9b0deaa339fca103
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
46 kB (45466 bytes)
Hash
ddd211fabebafbc37d82d4986e0b438f
b36e6c5a6eee4ac9e31407cdb423b8e3486e8eb7
9eca97876833de18179187bddabe002dabdf2261adc9a0322787321f3f20008e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=3360966&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwws.brstej.com%2Find5&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&var=3002587&oaid=608d481b62bc4a0f9b0deaa339fca103 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1263
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=47563bdb300144609d56840024b507a2; oaidts=1701460790
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:51 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 3e7669d3424b834dd2d934364e26d470
access-control-expose-headers: X-Sc
set-cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:51 GMT; secure; SameSite=None
oaidts=1701460790; expires=Sat, 30 Nov 2024 19:59:51 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.101%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D

139.45.197.242

204 No Content

0 B

URL GET HTTP/2
cameesse.net/15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.101%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.101%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=608d481b62bc4a0f9b0deaa339fca103; oaidts=1701460790
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 01 Dec 2023 19:59:52 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 0c6a04fc2c04e46f4ee65abaf285808e
access-control-expose-headers: X-Sc
set-cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:52 GMT; secure; SameSite=None
oaidts=1701460790; expires=Sat, 30 Nov 2024 19:59:52 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

cameesse.net/15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.104%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D

139.45.197.242

204 No Content

0 B

URL GET HTTP/2
cameesse.net/15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.104%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.104%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=608d481b62bc4a0f9b0deaa339fca103; oaidts=1701460790
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 01 Dec 2023 19:59:54 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 8f0f810ec7fbebf8f165d3ba9f006d4c
access-control-expose-headers: X-Sc
set-cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:54 GMT; secure; SameSite=None
oaidts=1701460790; expires=Sat, 30 Nov 2024 19:59:54 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

cameesse.net/15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A7.107%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D

139.45.197.242

204 No Content

0 B

URL GET HTTP/2
cameesse.net/15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A7.107%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /15?rnd=2157299043&z=3360966&var=3002587&varid=0&rb=0xQmcHDqDoiZlRZQInzdx5DtTvTETvisDZ8cW8pto3I66k9vZ33eCS5RTNf1wxFPMAYB3GF_DvR7w-zvoQ7znlQourKS8Q1GEdqhw7oMY4euG04vN8Jz40lq-0QpvQfau0RhrlvZ5m8qeHJgmXpiEYetwmAlLLEWTwxrgFwgTiFnL0z0BMhCN1h4oltBz-s8kKmm74_a62oM07QypIPlhjRdnHnLQvF6RKMY6qM-p4F6GLqLdaijCstzUNU0QvOEOcpUNnhUpv7K4-wGh7Ns4XHoV5MAS2FqBxvB4FVxpJ63fkLyUCmtsNO92-EXtvWAAZ2xdzsjgt7G_NgZnW8CsHl8jh5k-5lnl1HWZ312MJIrXvH9amKUVdQtP3lWullt-T6wfHxjjKoIKysKX6ssMh8Gjpd87mo5S-GKdkTGeo5nTbC267hJSSDwfiwJYbgulyTQG3waHc9_x454b3ldm6emEBJ0L6ZVIdWdSJjTUCzmA15tYiaum0HHSe8FJSgOcw3AJ9T5J3FRkwo8H3hs27IeHFdp-K3hTYuNuAYK7Zerul_IDb5IqPIJVByiSQIMR7f-3zSkGkTtfOWBJQ3csqCc-fK5bsGf17cXyib3Z2Xk5iHCsiSLtPI_yMZ4l29atKqxYXQ4piRy2p8bDjWL-MkRaAKPA_WHTzXFDg==&ruid=aaae35b5-944c-4444-8223-0ff4c7784701&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A7.107%2C%22location%22%3A%22https%3A%2F%2Fwws.brstej.com%2Find5%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A5%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=608d481b62bc4a0f9b0deaa339fca103; oaidts=1701460790
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Fri, 01 Dec 2023 19:59:58 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 5ee75c38877dfc749f2ff9ec9dac773b
access-control-expose-headers: X-Sc
set-cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:58 GMT; secure; SameSite=None
oaidts=1701460790; expires=Sat, 30 Nov 2024 19:59:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

gishejuy.com/impression/iyHE0gj_ISW_KiDjz6_eYgmuFiSDZdl0JTQylKGMAF5Re-6c9Szl7lFrI0-BmYlXU0KN3oDJ-RB_XzTj6p-R9wGpTH5g46lWLiWwDhw4Fm8qJOfKSO09Wy4UhTX5HdkfD_450_OpwSdbZ3Cb_ZsY_B7oX8gHEcyn6jU5NUgSrFRa-6X0sMwE8oXxzXKWKmL1HsknwrN4CIJjGZHhHWs3AUOKjvzXqV7lrr13C9Z0TpJWPJ-qYHQ0fSAuS_23xfKnX3oDEt0iqp_EVa0AhQnUxP7638J-uqip1aL2H3-qQax3kS_43KQjeZVMMNyDrSSO095Wh036oie4VkbYS3stRBukqOGUTauzF769LDfveJVouc4rIQVpK5DUHjX-y7jngoQzz0e2XwEnalSVLrTmsGi2tkOIKz4F9ILu-3aR6dZxcCzdHOmjtvzy5DLJ4ndFZm7tmqPB9DFrnqDa-uggq_J9Vi9z9eN31hOR-wUiZ_nbqxSx3qvbpmMecImDQ8whUZBtVfP1S4jWBxa0rrA-MEtTQa3soVvxCRcV4lJBrsf2hxcHeD26IjnhUypic4jRX0w5n81HcJ3vbt45w6QwBOaX5Bc8-yKXOmFbsX05PHeyRLLocdC2MbX5hzYak3FNoxWyoLYzQX_NMEtX?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/iyHE0gj_ISW_KiDjz6_eYgmuFiSDZdl0JTQylKGMAF5Re-6c9Szl7lFrI0-BmYlXU0KN3oDJ-RB_XzTj6p-R9wGpTH5g46lWLiWwDhw4Fm8qJOfKSO09Wy4UhTX5HdkfD_450_OpwSdbZ3Cb_ZsY_B7oX8gHEcyn6jU5NUgSrFRa-6X0sMwE8oXxzXKWKmL1HsknwrN4CIJjGZHhHWs3AUOKjvzXqV7lrr13C9Z0TpJWPJ-qYHQ0fSAuS_23xfKnX3oDEt0iqp_EVa0AhQnUxP7638J-uqip1aL2H3-qQax3kS_43KQjeZVMMNyDrSSO095Wh036oie4VkbYS3stRBukqOGUTauzF769LDfveJVouc4rIQVpK5DUHjX-y7jngoQzz0e2XwEnalSVLrTmsGi2tkOIKz4F9ILu-3aR6dZxcCzdHOmjtvzy5DLJ4ndFZm7tmqPB9DFrnqDa-uggq_J9Vi9z9eN31hOR-wUiZ_nbqxSx3qvbpmMecImDQ8whUZBtVfP1S4jWBxa0rrA-MEtTQa3soVvxCRcV4lJBrsf2hxcHeD26IjnhUypic4jRX0w5n81HcJ3vbt45w6QwBOaX5Bc8-yKXOmFbsX05PHeyRLLocdC2MbX5hzYak3FNoxWyoLYzQX_NMEtX?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/iyHE0gj_ISW_KiDjz6_eYgmuFiSDZdl0JTQylKGMAF5Re-6c9Szl7lFrI0-BmYlXU0KN3oDJ-RB_XzTj6p-R9wGpTH5g46lWLiWwDhw4Fm8qJOfKSO09Wy4UhTX5HdkfD_450_OpwSdbZ3Cb_ZsY_B7oX8gHEcyn6jU5NUgSrFRa-6X0sMwE8oXxzXKWKmL1HsknwrN4CIJjGZHhHWs3AUOKjvzXqV7lrr13C9Z0TpJWPJ-qYHQ0fSAuS_23xfKnX3oDEt0iqp_EVa0AhQnUxP7638J-uqip1aL2H3-qQax3kS_43KQjeZVMMNyDrSSO095Wh036oie4VkbYS3stRBukqOGUTauzF769LDfveJVouc4rIQVpK5DUHjX-y7jngoQzz0e2XwEnalSVLrTmsGi2tkOIKz4F9ILu-3aR6dZxcCzdHOmjtvzy5DLJ4ndFZm7tmqPB9DFrnqDa-uggq_J9Vi9z9eN31hOR-wUiZ_nbqxSx3qvbpmMecImDQ8whUZBtVfP1S4jWBxa0rrA-MEtTQa3soVvxCRcV4lJBrsf2hxcHeD26IjnhUypic4jRX0w5n81HcJ3vbt45w6QwBOaX5Bc8-yKXOmFbsX05PHeyRLLocdC2MbX5hzYak3FNoxWyoLYzQX_NMEtX?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: OAID=608d481b62bc4a0f9b0deaa339fca103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:59 GMT
content-type: image/gif
content-length: 43
x-trace-id: 6cfa37b551b3cb69eef0a0fe382ca4a0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

rndskittytor.com/impression/Qj8ALbW4YupnwcdbBIVaH1SKJFhQ55uZCfjwFLgUhmadq1BO8OzFqd7dGVncnOxpi-cX1i8aFsKJ37dLL4XShygYtGoU6l1eWsg1iw1sd6APaPzXv_qhJdxRqessq3SukGhrS-LTlQMKlab24H-Ob6f8bQcX5B59uGHb_oCQXREV0_PGbDmLo6lkeaQ_3KDK4gvNu2_Xwuaj6zqaL5vZG3oCCXOjj0mpJxPluvcMWUX8Sy5qJJNqJ0mVBzTVUUg73KFxCSNULk9fC57nrje3K5CEx_GDTySgKLOUVcocMvlzbHh54bHiMXHEH0l1FNxKDe_kcRrP4ppYIOwVmq7crWvhFu8VycRXemr-X3fvy8cTBvFZy8iul9zwo_lANnK_vQ2diZdOORFERYBbSDtjzsyLUyixpWDEJTtndGZtWnu6iHE5RlUdSYvEz19S5Zjlm9Q_lsvG9CPvdNNBDGEbzRXWGvqHT88_KVCz_yvd1H2LxGtXhS5q2wBJfynKt_I_d943cr-93oxENnxGEZNY2hlnhLjdZo2Y0Z1M-k2yBnROdTq2jRtUbvQiAaFUQfaO0XoVDwrerERblv4Gfwam1jS5UcLNppA-9luQtUfqXgBil47p6OVKeyZEW5dRO249ZuwfuA9TWNUmoHQ3RbbbZLPWSyvduznnPXtrsSL4bKLpFPtunpKc4SmxFIQRvquDcowRttjDtOO10mAW6JNv5euv_Ou4iP8I?_z=3002587&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0

139.45.197.238

200 OK

43 B

URL GET HTTP/2
rndskittytor.com/impression/Qj8ALbW4YupnwcdbBIVaH1SKJFhQ55uZCfjwFLgUhmadq1BO8OzFqd7dGVncnOxpi-cX1i8aFsKJ37dLL4XShygYtGoU6l1eWsg1iw1sd6APaPzXv_qhJdxRqessq3SukGhrS-LTlQMKlab24H-Ob6f8bQcX5B59uGHb_oCQXREV0_PGbDmLo6lkeaQ_3KDK4gvNu2_Xwuaj6zqaL5vZG3oCCXOjj0mpJxPluvcMWUX8Sy5qJJNqJ0mVBzTVUUg73KFxCSNULk9fC57nrje3K5CEx_GDTySgKLOUVcocMvlzbHh54bHiMXHEH0l1FNxKDe_kcRrP4ppYIOwVmq7crWvhFu8VycRXemr-X3fvy8cTBvFZy8iul9zwo_lANnK_vQ2diZdOORFERYBbSDtjzsyLUyixpWDEJTtndGZtWnu6iHE5RlUdSYvEz19S5Zjlm9Q_lsvG9CPvdNNBDGEbzRXWGvqHT88_KVCz_yvd1H2LxGtXhS5q2wBJfynKt_I_d943cr-93oxENnxGEZNY2hlnhLjdZo2Y0Z1M-k2yBnROdTq2jRtUbvQiAaFUQfaO0XoVDwrerERblv4Gfwam1jS5UcLNppA-9luQtUfqXgBil47p6OVKeyZEW5dRO249ZuwfuA9TWNUmoHQ3RbbbZLPWSyvduznnPXtrsSL4bKLpFPtunpKc4SmxFIQRvquDcowRttjDtOO10mAW6JNv5euv_Ou4iP8I?_z=3002587&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrndskittytor.com
FingerprintE2:D3:8E:9A:13:B9:59:FD:9E:47:CF:9C:9E:73:B4:F3:6B:73:5E:DC
ValidityTue, 28 Nov 2023 00:27:44 GMT - Mon, 26 Feb 2024 00:27:43 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/Qj8ALbW4YupnwcdbBIVaH1SKJFhQ55uZCfjwFLgUhmadq1BO8OzFqd7dGVncnOxpi-cX1i8aFsKJ37dLL4XShygYtGoU6l1eWsg1iw1sd6APaPzXv_qhJdxRqessq3SukGhrS-LTlQMKlab24H-Ob6f8bQcX5B59uGHb_oCQXREV0_PGbDmLo6lkeaQ_3KDK4gvNu2_Xwuaj6zqaL5vZG3oCCXOjj0mpJxPluvcMWUX8Sy5qJJNqJ0mVBzTVUUg73KFxCSNULk9fC57nrje3K5CEx_GDTySgKLOUVcocMvlzbHh54bHiMXHEH0l1FNxKDe_kcRrP4ppYIOwVmq7crWvhFu8VycRXemr-X3fvy8cTBvFZy8iul9zwo_lANnK_vQ2diZdOORFERYBbSDtjzsyLUyixpWDEJTtndGZtWnu6iHE5RlUdSYvEz19S5Zjlm9Q_lsvG9CPvdNNBDGEbzRXWGvqHT88_KVCz_yvd1H2LxGtXhS5q2wBJfynKt_I_d943cr-93oxENnxGEZNY2hlnhLjdZo2Y0Z1M-k2yBnROdTq2jRtUbvQiAaFUQfaO0XoVDwrerERblv4Gfwam1jS5UcLNppA-9luQtUfqXgBil47p6OVKeyZEW5dRO249ZuwfuA9TWNUmoHQ3RbbbZLPWSyvduznnPXtrsSL4bKLpFPtunpKc4SmxFIQRvquDcowRttjDtOO10mAW6JNv5euv_Ou4iP8I?_z=3002587&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: OAID=608d481b62bc4a0f9b0deaa339fca103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:59 GMT
content-type: image/gif
content-length: 43
x-trace-id: a6b2f962042bc297a8c4be0f01de48dc
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

gishejuy.com/500/6521330?excludes=10242831&oaid=608d481b62bc4a0f9b0deaa339fca103&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
gishejuy.com/500/6521330?excludes=10242831&oaid=608d481b62bc4a0f9b0deaa339fca103&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6521330?excludes=10242831&oaid=608d481b62bc4a0f9b0deaa339fca103&var=2617099&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:59 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://wws.brstej.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.238

200 OK

94 kB

URL GET HTTP/2
rndskittytor.com/500/3002587?excludes=&oaid=608d481b62bc4a0f9b0deaa339fca103&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrndskittytor.com
FingerprintE2:D3:8E:9A:13:B9:59:FD:9E:47:CF:9C:9E:73:B4:F3:6B:73:5E:DC
ValidityTue, 28 Nov 2023 00:27:44 GMT - Mon, 26 Feb 2024 00:27:43 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
94 kB (93830 bytes)
Hash
cf6a9797eafe72e50e2fcbde1a9b58b9
31a753608b4628809ef97c02831fa02750c99220
f3fe8301f793dff553d09bc24adea245f6f2d0bf109700155d0a592ef27f08d4

HTTP Headers

GET /500/3002587?excludes=&oaid=608d481b62bc4a0f9b0deaa339fca103&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: OAID=4ca09a257612412fb17ff98ff874df1b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: application/javascript
x-trace-id: b3f6bf0bb1314de59b722b703f7fff10
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://wws.brstej.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:50 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png

104.22.32.172

200 OK

66 kB

URL GET HTTP/2
offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
66 kB (66121 bytes)
Hash
3d08aacb36c7474e0d13b60f8f4adc14
e4af2de372b5e3a2211579a5973ef7ed160e7be4
54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c

HTTP Headers

GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:59 GMT
content-type: image/png
content-length: 66121
last-modified: Mon, 12 Oct 2020 05:50:58 GMT
etag: "5f83eec2-10249"
expires: Sat, 02 Dec 2023 17:20:02 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 9597
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9edcbb52e0d-ARN
X-Firefox-Spdy: h2

offerimage.com/www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg

104.22.32.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
17 kB (16973 bytes)
Hash
6fe0a8e6dd1827229a93f3a64a823866
a44f50cf061ab8a3eceb6fc2f691a9007c9f4168
2fc6186bece84189796cdd4ea7e4da6702d65784eb734765ab1ae9704de98cd8

HTTP Headers

GET /www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:59 GMT
content-type: image/jpeg
content-length: 16973
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674404-424d"
expires: Sat, 02 Dec 2023 14:11:18 GMT
last-modified: Wed, 29 Nov 2023 14:00:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 20921
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9edfc092e0d-ARN
X-Firefox-Spdy: h2

gishejuy.com/impression/eiOLx2T8_CinUZi4ob1q_R2dRyJ3vR-Z5Sx4VfBgJ76sZj60WYO6OcEo7BlfqXtNqkCscsX2QANkMirSMG1beFtTi9sdyP_jW909_XlzX_j8DKlNUhdEgFsb3LdxfcLV8mXBBO1mNXpQZDfdRx604DlKQ2vqXztJOZflreOU2ZFvwdE82vT7qG0F-Ifno56hURGCIk6opt9B9OEzUHnr7cqaolZw4x2_YuJCE4p7hYXaVfuqq7k7ivSuuGlVVyCwWfGlUNskpJ1_R-Hr3MuYcc-_lgwf0GP9iOnkUtr1DpNO0b9hgWn3xT1EctR41Vb_Hg8HmQsewRyfmY8BqzgWYE6rLenVOE61OYidFcdH7Nx3zSK4AsB3SPxxGCg9RMlK5IdxYT7k1-TVGSs-pNKqZiVfvXOB9QqGoabL7UpZUanR4GTak38aGOcNBszKzReTiMP-V6DLf2czY4HJE-LKiewcZ4NmjdO3_uNR2HZ5NnsDE4e6uH6GSYyAsMRToBs9YJLW5_OHBxmvzy1q8ov_kGhXr3VxmwUGw1ASGlO9IGj914te3AV3vWggv6-blvPde4ENdHW3tTsOz4mzgdW3Cmf7oIw-gWCucwkeT-v4drgnZqNk1rAt78RDSw1QNdiIJsBwKInQPOmkGfMj?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0

139.45.197.242

43 B

URL
gishejuy.com/impression/eiOLx2T8_CinUZi4ob1q_R2dRyJ3vR-Z5Sx4VfBgJ76sZj60WYO6OcEo7BlfqXtNqkCscsX2QANkMirSMG1beFtTi9sdyP_jW909_XlzX_j8DKlNUhdEgFsb3LdxfcLV8mXBBO1mNXpQZDfdRx604DlKQ2vqXztJOZflreOU2ZFvwdE82vT7qG0F-Ifno56hURGCIk6opt9B9OEzUHnr7cqaolZw4x2_YuJCE4p7hYXaVfuqq7k7ivSuuGlVVyCwWfGlUNskpJ1_R-Hr3MuYcc-_lgwf0GP9iOnkUtr1DpNO0b9hgWn3xT1EctR41Vb_Hg8HmQsewRyfmY8BqzgWYE6rLenVOE61OYidFcdH7Nx3zSK4AsB3SPxxGCg9RMlK5IdxYT7k1-TVGSs-pNKqZiVfvXOB9QqGoabL7UpZUanR4GTak38aGOcNBszKzReTiMP-V6DLf2czY4HJE-LKiewcZ4NmjdO3_uNR2HZ5NnsDE4e6uH6GSYyAsMRToBs9YJLW5_OHBxmvzy1q8ov_kGhXr3VxmwUGw1ASGlO9IGj914te3AV3vWggv6-blvPde4ENdHW3tTsOz4mzgdW3Cmf7oIw-gWCucwkeT-v4drgnZqNk1rAt78RDSw1QNdiIJsBwKInQPOmkGfMj?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0
IP
139.45.197.242:0
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/eiOLx2T8_CinUZi4ob1q_R2dRyJ3vR-Z5Sx4VfBgJ76sZj60WYO6OcEo7BlfqXtNqkCscsX2QANkMirSMG1beFtTi9sdyP_jW909_XlzX_j8DKlNUhdEgFsb3LdxfcLV8mXBBO1mNXpQZDfdRx604DlKQ2vqXztJOZflreOU2ZFvwdE82vT7qG0F-Ifno56hURGCIk6opt9B9OEzUHnr7cqaolZw4x2_YuJCE4p7hYXaVfuqq7k7ivSuuGlVVyCwWfGlUNskpJ1_R-Hr3MuYcc-_lgwf0GP9iOnkUtr1DpNO0b9hgWn3xT1EctR41Vb_Hg8HmQsewRyfmY8BqzgWYE6rLenVOE61OYidFcdH7Nx3zSK4AsB3SPxxGCg9RMlK5IdxYT7k1-TVGSs-pNKqZiVfvXOB9QqGoabL7UpZUanR4GTak38aGOcNBszKzReTiMP-V6DLf2czY4HJE-LKiewcZ4NmjdO3_uNR2HZ5NnsDE4e6uH6GSYyAsMRToBs9YJLW5_OHBxmvzy1q8ov_kGhXr3VxmwUGw1ASGlO9IGj914te3AV3vWggv6-blvPde4ENdHW3tTsOz4mzgdW3Cmf7oIw-gWCucwkeT-v4drgnZqNk1rAt78RDSw1QNdiIJsBwKInQPOmkGfMj?_z=6521330&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.312.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: OAID=608d481b62bc4a0f9b0deaa339fca103
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 20:00:02 GMT
content-type: image/gif
content-length: 43
x-trace-id: 53055413ac474ad776b11c1a0069525a
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png

104.22.32.172

200 OK

66 kB

URL GET HTTP/2
offerimage.com/www/images/3d08aacb36c7474e0d13b60f8f4adc14.png
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
\012- data
Size
66 kB (66121 bytes)
Hash
3d08aacb36c7474e0d13b60f8f4adc14
e4af2de372b5e3a2211579a5973ef7ed160e7be4
54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c

HTTP Headers

GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:00:02 GMT
content-type: image/png
content-length: 66121
last-modified: Mon, 12 Oct 2020 05:50:58 GMT
etag: "5f83eec2-10249"
expires: Sat, 02 Dec 2023 17:20:02 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 9600
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 82edea004d282e0d-ARN
X-Firefox-Spdy: h2

wws.brstej.com/index_old.php

172.67.156.10

302 Found

938 kB

URL User Request GET HTTP/3
wws.brstej.com/index_old.php
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type

Size
938 kB (937753 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index_old.php HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Fri, 01 Dec 2023 19:59:47 GMT
content-type: text/html; charset=UTF-8
location: /ind5
cache-control: max-age=2592000
expires: Thu, 28 Dec 2023 19:54:15 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgE5rU9VE6TguxY8uVrq2A85Yho4Y%2BJ5Fzytk1cpt0y3VqBTEnEc9FQJsCrhob2DBY6G6zSWB%2BSDFyeS2Lxf5455Cqw3wj64UMohMg2fhQ4ylkzpZdvxECbwmiSDH%2Fczmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a0088a56ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/ind5

172.67.156.10

200 OK

938 kB

URL User Request GET HTTP/3
wws.brstej.com/ind5
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type

Size
938 kB (937753 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ind5 HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
set-cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c; path=/
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PvjA1xZC4cmLplbv49%2FX2hLGPX%2Fm7kWG93Hiqw9YdCpm7bKkvkzmwP3kL8eGKQMD3cZ2Zp4Hk0MC0H47YLpbHaB6b%2Fndd4TQqv26c9%2F1Em%2Bmz3%2BSeWJc6oOb6TON77L4MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a078f456ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/js/melody.dev.js

172.67.156.10

200 OK

16 kB

URL GET HTTP/3
wws.brstej.com/js/melody.dev.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2302)
Size
16 kB (15865 bytes)
Hash
f2bf056198be59f92547935fd4c968f0
cba85174a3d6d68fcff3a2e6238f1d6150b58fce
244926b75ad193faf7a694c602d5819576e2d953dc43849395dedfa841f5ea53

HTTP Headers

GET /js/melody.dev.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=23108
expires: Fri, 29 Dec 2023 10:50:18 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 146307
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5Z99O%2FYLNIdTlZetm84NEBQfykCXVeaIoOmoO2ULaYelduiNNYImXJMCMo0iel%2BXdVheJqE4csPoUSXZuW03wBAefVWC0hH%2BZ%2F4oU5aXojhQh7lm5jM9SR1h2zVjhMAvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a81a4d56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/js/bootstrap-notify.min.js

172.67.156.10

200 OK

8.2 kB

URL GET HTTP/3
wws.brstej.com/js/bootstrap-notify.min.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (8540), with no line terminators
Size
8.2 kB (8216 bytes)
Hash
d0084824fa4041e8ec98bf9d11d6d9e6
511e08759bed4b71d75fc3d6929918e7ab1dc6eb
06365f15c222c6cd5751f5b1c027be557898324121b4708bec2a51c03a77ed2c

HTTP Headers

GET /js/bootstrap-notify.min.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 02 Dec 2023 01:39:02 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 841416
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q5IdTBaOd8RHlARQLEpwkQngjdhec63Bx0s0RRokVQdVTLkgDGW1C4KvWpBRSz6waLCqNTbL6TGAZ%2B1kAe0m%2BMPM0JPMU8vWdN%2BwHqFU6JVjkMLOsQluLOM2poDbgSlM8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a81a4e56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/js/slick.min.js

172.67.156.10

200 OK

40 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/slick.min.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32012)
Size
40 kB (40461 bytes)
Hash
ed79a524576de38d04a004a482b42724
e7fb1cc9bdad19cf7296f90e23fa7c4b19b91880
34e8e27e1679a10fa7dd6192389f38fb491e89a482aea9690dd4c10538cc10bf

HTTP Headers

GET /templates/echo/js/slick.min.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 02 Dec 2023 04:56:28 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 303877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2Bsoj4yYMfAsOMeZOkdGsAO7pabpeGtsZ0rSruyjHSZHHYK9ABtSiI%2F5iWmsV74m8dgUyQoB4pUb8L7%2Fc06jTG%2FqyQfm%2Bbs4vD6Tz92aIX6m8yheLs1QAt%2F%2BC5KTxRcxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a83a6356ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/img/azpple-touch-icon.png

172.67.156.10

200 OK

4.4 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/img/azpple-touch-icon.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
PNG image data, 116 x 73, 8-bit/color RGBA, non-interlaced\012- data
Size
4.4 kB (4380 bytes)
Hash
103f4ecf53114bcc8f93ae36529c4f09
44a0fcb9df587157f7ac86b44481ce170150715d
ecca4c221950231379c89c45ffe8580621f9e80e1d77a453861502f61a01db7a

HTTP Headers

GET /templates/echo/img/azpple-touch-icon.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: image/png
content-length: 4380
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Sat, 27 Jan 2024 06:28:37 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 133819
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2Ft0JjlK8Z80QTSlhX0eNpUGQyCHSFKFgx7TBdgT2eiXNTkEXH3MHryYv%2FDhSiIpMcX1mpM%2FAqd3nsHR5ZtLyf%2BtcC8ACE1T70uuP%2BWX0XisZ6prPKR4WHAefZGhqeR2Ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9ab9df656ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/js/jquery.cropit.js

172.67.156.10

200 OK

28 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jquery.cropit.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (27266)
Size
28 kB (27578 bytes)
Hash
cd82e0edbcecf087be901e8e7ed0d035
2cedce9f87501152efa36eb1949d95c0ca4ff200
b8a0d09df5a79e5e9494b3061eeff55883870c66714879886348c5095faa7840

HTTP Headers

GET /templates/echo/js/jquery.cropit.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
expires: Tue, 12 Dec 2023 04:53:45 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 152310
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRkmqN1g996XZfHspYuOlWvgl51o2l8joT8eIii5UgRIh8wlwaP%2FD3qCgpr13YorJ9cOPJYo70PohwHZfD57lUHHvtMzbN3NFQKJahlWBxxWLexPFQt5A951DmqxPUm%2FiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a7fa2056ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/js/theme.js

172.67.156.10

200 OK

44 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/theme.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type

Size
44 kB (43639 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /templates/echo/js/theme.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=44718
expires: Thu, 14 Dec 2023 02:44:31 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 407634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X62Q5Q6mvkMhMvSuMkL%2BFuMGvKT%2ByKw8qEOOibnORXqd87TSxHY6ACLWGhoUIyMaNKidBhxQSBPI1qZN8Unx33wUZL2bnSUbZrt7vBuuJNzRz48uTpeDW%2BtUdSiGdheh7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a82a5556ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css

104.18.11.207

200 OK

27 kB

URL GET HTTP/3
netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04
ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT

File type
ASCII text, with very long lines (26548)
Size
27 kB (26711 bytes)
Hash
0831cba6a670e405168b84aa20798347
05ea25bc9b3ac48993e1fee322d3bc94b49a6e22
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

HTTP Headers

GET /font-awesome/4.4.0/css/font-awesome.min.css HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"0831cba6a670e405168b84aa20798347"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 11/18/2022 06:19:10
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 863
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2562857f0a167db0963d48453a4431f8
cdn-cache: HIT
cf-cache-status: HIT
age: 751071
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ede9aeb95b56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

d3x2.myfastcdn.com/www/images/f15dbe580a237f0d067aa9c11c74f177.png?width=984

172.66.43.101

200 OK

43 kB

URL GET HTTP/2
d3x2.myfastcdn.com/www/images/f15dbe580a237f0d067aa9c11c74f177.png?width=984
IP
172.66.43.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint9B:E0:88:3B:1B:31:56:B9:D9:94:4F:4F:54:13:FB:0B:2F:17:37:7F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
43 kB (42760 bytes)
Hash
30dfa8f99fd1b894a13124afca5d3f0b
1a633e0cd811da1c79144281db3e4cb1fa0b758a
4e1e68518abbc63ade654c8b3c511879445421873579cf422c60c70808807881

HTTP Headers

GET /www/images/f15dbe580a237f0d067aa9c11c74f177.png?width=984 HTTP/1.1
Host: d3x2.myfastcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:51 GMT
content-type: image/webp
content-length: 42760
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
edge-cache-tag: 614095050190827332879261464066804609414,613570411217116831189459287628353010494,29ecf9b93bbf306179626feeda1fab70
etag: "a1772a76de23e0060a65906211d11fee"
last-modified: Thu, 26 Oct 2023 12:46:23 GMT
req-referer: https://sportshub.stream/
status: 200 OK
surrogate-reporting: width=900,height=600,bytes=78438,owidth=900,oheight=600,obytes=322865
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 2072
x-backend-name: LA_nlb204
cache-control: max-age=86400
age: 35916
vary: ImageFormat, Accept-Encoding
x-vcl-time-ms: 1
expires: Sat, 02 Dec 2023 10:01:15 GMT
timing-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 82ede9b90f6e5697-OSL
X-Firefox-Spdy: h2

wws.brstej.com/play.png

172.67.156.10

404 Not Found

315 B

URL GET HTTP/3
wws.brstej.com/play.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /play.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VSvPe%2BkoQ6ByXSBv%2FKlYHRDjbhaqzoYaK4bEzxYP%2F3H4U7oGGmSRHTbnPKmIdPV6zmZIwid7I9%2F2sn%2FMUuhpUbmZmfDISyhRMgpAUSrASV9%2FT2vskjtq2AWaFnXn1%2FLe0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a5ffc356ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

172.67.156.10

200 OK

7.3 kB

URL GET HTTP/3
wws.brstej.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7331), with no line terminators
Size
7.3 kB (7331 bytes)
Hash
abe9bb7e176a3636646613c9ba450470
092933a641d1fc716840eadae1966ed9e7f7ad90
0473b2968218d835b886b3bece6daea9fab94cf428c4f42827ceb78735529176

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKUaY5c39TqxeZLO1NC3Vfd22vWAsHrydPieKSppTv8dJo0nTE14eHC8p6qXBMpJ8OTR4tbLuTzOzwJ7Wx%2BllOkzsNRAxlESxOcGyIhGjm5i%2Fx533OSznl76osrGGKsrJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9aa5c7f56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/img/favicon-16x16.png

172.67.156.10

200 OK

4.4 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/img/favicon-16x16.png
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
PNG image data, 116 x 73, 8-bit/color RGBA, non-interlaced\012- data
Size
4.4 kB (4380 bytes)
Hash
103f4ecf53114bcc8f93ae36529c4f09
44a0fcb9df587157f7ac86b44481ce170150715d
ecca4c221950231379c89c45ffe8580621f9e80e1d77a453861502f61a01db7a

HTTP Headers

GET /templates/echo/img/favicon-16x16.png HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: image/png
content-length: 4380
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Thu, 11 Jan 2024 05:09:13 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 748450
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2TNeF%2FjwLSK3A6Ha%2BqnLNrImntKqletFL7jRz0WReBG5%2Fcg%2F4hJ6s%2B4j1iH%2BwPc1QEpeaSf%2B0lsYolDWBKxJssmiP4Ojhp2fqFI1hnCNZZ%2FdD9p4WyUxxG25AlB28CaDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9ab9df856ae-OSL
alt-svc: h3=":443"; ma=86400

rndskittytor.com/400/3002587

139.45.197.238

200 OK

82 kB

URL GET HTTP/2
rndskittytor.com/400/3002587
IP
139.45.197.238:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectrndskittytor.com
FingerprintE2:D3:8E:9A:13:B9:59:FD:9E:47:CF:9C:9E:73:B4:F3:6B:73:5E:DC
ValidityTue, 28 Nov 2023 00:27:44 GMT - Mon, 26 Feb 2024 00:27:43 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
82 kB (82227 bytes)
Hash
9d1e9ef085c574d76c88d8140c16dc8f
9e7e0f74d82e20f25e23808eab2debd663e7b49d
f46e0bd783d2e789fc940109724ee094ee54015512eecf0e55e84b735584d3c6

HTTP Headers

GET /400/3002587 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: application/javascript
x-trace-id: ead2a004d6dfff9b3021ce541b5babe5
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=4ca09a257612412fb17ff98ff874df1b; expires=Sat, 30 Nov 2024 19:59:49 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

wws.brstej.com/

172.67.156.10

302 Found

938 kB

URL User Request GET HTTP/3
wws.brstej.com/
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type

Size
938 kB (937753 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Fri, 01 Dec 2023 19:59:47 GMT
content-type: text/html; charset=UTF-8
location: /index_old.php
cache-control: max-age=2592000
expires: Thu, 28 Dec 2023 19:54:15 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=suIfqI%2BBIuAXDU8K6XcOBByPwLec8bqOQT1Bz442lshlw%2Fzj21Yj44oG9o4eH4sBmZouYi8%2BF21Bw6r3w68QOxQhq2zhsEZebF%2FYZilMRyPF%2BXqJu%2F9Cv%2BBvbQC0s4FAYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede99fa80756ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/ajax.php?p=stats&do=show&aid=904&at=1

172.67.156.10

200 OK

43 B

URL GET HTTP/3
wws.brstej.com/ajax.php?p=stats&do=show&aid=904&at=1
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
data
Size
43 B (43 bytes)
Hash
f8e45aa54c4a24b696dfcb766493aec9
8bc411d3bca3df9a58c3a4bc445819243a29e752
e8907089cf8aa5f0efba39f845694bbe3dee7762b397ee7b9f66d3cb727241bd

HTTP Headers

GET /ajax.php?p=stats&do=show&aid=904&at=1 HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: image/gif
pragma: no-cache
x-frame-options: SAMEORIGIN
expires: Wed, 5 Feb 1986 06:06:06 GMT
cache-control: must-revalidate
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZpe7KOgW2dut%2Foxr7LiL%2FFkrEouzHAyF6uXbyoS5FW%2FWcVh0236XGzKZzHMxMdU3F23z3RU86UlmCLsKULDEPgWY8B0po5VlT2B%2BqEac41cb9XXwpnSyfLJEtjfe7i9zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a57f2e56ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/css/fonts/Droid.Arabic.Kufi.ttf

172.67.156.10

200 OK

82 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/css/fonts/Droid.Arabic.Kufi.ttf
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Digitized data copyright \251 2010, Google Corporation.RegularDroid Arabic Kufi:Version 1.00Vers\012- data
Size
82 kB (81544 bytes)
Hash
a0c3e1769ab6afabe688540dfa7047cd
d50de62714d47f0175a0468ce3693358b87fb286
31c6665135ae41b092153cd6480be82fad706ca9bd465784be70c00b8643308d

HTTP Headers

GET /templates/echo/css/fonts/Droid.Arabic.Kufi.ttf HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: font/ttf
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
access-control-allow-origin: *
expires: Fri, 12 Jan 2024 02:30:40 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 297228
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1O6UMgmE6ZJ7Ie30bxNGKkTVF917rjn09lpgxgdr7%2BgZEIvKRWeuTxGBbU%2B7RyK5NHtCqiQIVjtVOGZmcYoF%2FT0m8wHkf90yc%2BGsYCWo8TMxrUN2Q4Q7tJRHConNlNWVVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a5ffc456ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

172.67.156.10

200 OK

7.3 kB

URL GET HTTP/3
wws.brstej.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7337), with no line terminators
Size
7.3 kB (7337 bytes)
Hash
1879914274c7e65201cfca70c96a335d
90d60b27f5597d338cd4769e791fe926dad32ca0
efe846ffa7d8709608bbeb2b74a6a2961d6adad18ee02f20f14ff7cd159f082e

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c; cf_clearance=ly8pZDzbucolsNuSYBHByZBHDFu7GXHxueH8PsMk02A-1701460789-0-1-730ca2d2.73a07051.5b213570-0.2.1701460789; prefetchAd_2617099=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LHEcOmQGK9ksmDtGWdMR%2Fgt7NfJAM%2FA6jMhJGJYi7AWWvv5ZwduN%2FhacgGoDzdjf3aWrwp0aVUtyw2P07WiN1Vv5877RLftouISWbIXv1NxLvVEeNkFTRPUEnwsucvSMlw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9aef98f56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/uploads/articles/257638d9.jpg

172.67.156.10

200 OK

61 kB

URL GET HTTP/3
wws.brstej.com/uploads/articles/257638d9.jpg
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1080, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], progressive, precision 8, 1280x720, components 3\012- data
Size
61 kB (60874 bytes)
Hash
b25381739554db17670c0275ee5b234f
0cbf96fdc38819db37ac6dc8271588b6b46062ce
4dfa7c96354a55dc0d48286d985252481bc33dfaa1631b0975d2319be1bb37d3

HTTP Headers

GET /uploads/articles/257638d9.jpg HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c; cf_clearance=ly8pZDzbucolsNuSYBHByZBHDFu7GXHxueH8PsMk02A-1701460789-0-1-730ca2d2.73a07051.5b213570-0.2.1701460789; prefetchAd_2617099=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: image/jpeg
content-length: 60874
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Thu, 11 Jan 2024 01:45:31 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 710867
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BL%2Fk6OpjtlPNrStzTuMGnANUazKTxZyi61yjqC5p9cQ3iZacc6AozMcQsqF94f0oO81c5VGjKBR%2BRnGuBj8Ppkz2lO238BcUOBxKlBJR4zy0RM5Ip4jRB9txT6qpwqH4mQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9b0fbf856ae-OSL
alt-svc: h3=":443"; ma=86400

wws.brstej.com/templates/echo/js/jquery.readmore.js

172.67.156.10

200 OK

3.4 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jquery.readmore.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3525), with no line terminators
Size
3.4 kB (3399 bytes)
Hash
c6979ecdd1afd6a79e4c9d8b62bfd064
e5e8f421833447bee665616bfc9fda7bc705d78f
8ba9cdb40fceabda5c5ad2269d4546003256e4c0a770687343cee216fe267cb0

HTTP Headers

GET /templates/echo/js/jquery.readmore.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=3422
expires: Fri, 08 Dec 2023 08:39:13 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 569822
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIEHNq30I1z3vOlz4okwzDAAwhSQdMSGePiLWecZ95hXztzivgt4oz5PJ84qhhTmVvhLDjAsMMLmG27KOQzrL8M2HugDNnqFksO7S1cXnknCybIgma%2FaMPV9WxnBak0oAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a7fa2a56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gishejuy.com/400/6521330?var=2617099

139.45.197.242

200 OK

82 kB

URL GET HTTP/2
gishejuy.com/400/6521330?var=2617099
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint99:91:AA:4E:BA:FC:75:A0:0A:79:EE:F6:15:64:FA:15:B2:BC:61:31
ValidityWed, 25 Oct 2023 09:21:45 GMT - Tue, 23 Jan 2024 09:21:44 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
82 kB (82033 bytes)
Hash
0652621f74f4c72a986281e382e05f6b
a45615b80ce0294605b8f2be53062a16769c739b
f90cf3ea652be449689c7701b3b0d02619efb491c7f28c144512f4f1e2cb2ea7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/6521330?var=2617099 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: application/javascript
x-trace-id: ccdc648a46c44ed977fe796fd3200328
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=9f59fa286ac04f46b82d59913f6ff48b; expires=Sat, 30 Nov 2024 19:59:48 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/1?z=3360966&var=3002587

139.45.197.242

200 OK

43 kB

URL GET HTTP/2
cameesse.net/1?z=3360966&var=3002587
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
ASCII text, with very long lines (41880)
Size
43 kB (42875 bytes)
Hash
ebf19a025bcf4a853bfc6f2b47e11351
6133cecff9fa8ca0df2d9a6fbc4cc19dce49abbe
63286a1af27b9eff81e71228a2cb05c92931a199f4633ce850f5ccf86ad6c24e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=3360966&var=3002587 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 230d27c85a6fa11ad7dedb255020566f
access-control-expose-headers: X-Sc
x-sc: MR7PzAMD6W4dLUkzndm6UGmGGJSVuxL7ytVBQkhUP6uxNetsTv_0555P1yw0RJGRfDWo51jlQgKgNB91pycvj8rsME4=
set-cookie: scm=1; expires=Sat, 30 Nov 2024 19:59:50 GMT; secure; SameSite=None
OAID=47563bdb300144609d56840024b507a2; expires=Sat, 30 Nov 2024 19:59:50 GMT; secure; SameSite=None
oaidts=1701460790; expires=Sat, 30 Nov 2024 19:59:50 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

wws.brstej.com/templates/echo/js/jasny-bootstrap.min.js

172.67.156.10

200 OK

20 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jasny-bootstrap.min.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (343)
Size
20 kB (20042 bytes)
Hash
f6b6e524d29d54ada53e4172b9d91cf7
427153c7a2d83d2ca800e397779f29b857801ad2
e7ad856551c720cb7c6a24a8bf4a9d6b6b24c24f07109cde96366338e53a4ff8

HTTP Headers

GET /templates/echo/js/jasny-bootstrap.min.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
expires: Thu, 30 Nov 2023 04:51:08 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
cf-cache-status: HIT
age: 841416
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xYi%2BQQ64plwMxH1dfaUvM1%2FgH2Fnf9u7G9Mjes2svyaPrs6UE%2FHvx0c1zFlAq%2B4jR88WBKriVWlQAQRsbOwmVPW4nnQPzoKviQZ9Il8KEJBhZZu6C9Un0dsrEhc2r8aTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a80a3c56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wws.brstej.com/js/jquery.typewatch.js

172.67.156.10

200 OK

1.4 kB

URL GET HTTP/3
wws.brstej.com/js/jquery.typewatch.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1476), with no line terminators
Size
1.4 kB (1440 bytes)
Hash
f3989a1b6fad291e198cac5399cb0bd7
4e98f0e4f6c96bef7e8d95be4af3b772895ca1ff
d9ee03f77286531633c2ea6bc7dcc3141322ecb2967e57990a280ad719c2d5c8

HTTP Headers

GET /js/jquery.typewatch.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=1745
expires: Thu, 30 Nov 2023 11:09:27 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 407634
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oq1fidsHFQVZ73mAs0TBn0QV2Eauqo%2FOv24Daww32Fi2Sf%2BMB7DZv%2BgwzbOiAQ4%2FcJLWiMq30hPaApV3R73mitHFqMt8fMTVNPtQC1oxiTGpWGUQyc34aRi2jaqA3TzKQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a81a5156ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js

104.18.11.207

200 OK

81 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subjectbootstrapcdn.com
Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04
ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT

File type
ASCII text, with very long lines (65299)
Size
81 kB (80927 bytes)
Hash
21f815ff6d1883c4e81d821d38ff4070
386ea8bd17f21149c4e3a2303665fe6398e4e7d0
f67b782ec5a62c8fcedb89535bcf48cc02ae06a119e3b97fe2b875fad1ff358f

HTTP Headers

GET /bootstrap/4.5.2/js/bootstrap.bundle.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"21f815ff6d1883c4e81d821d38ff4070"
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 01/04/2023 07:42:15
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1075
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2cc78e6ee64a941bd69b1729fa57e785
cdn-cache: HIT
cf-cache-status: HIT
age: 133414
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ede9a87ec356a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

woafoame.net/?rb=vstzhF89sU07R-m-JgtOuxUnCHF776r6_PL6xOpWjkAwqNvYlQqgrEe7JgUk7ev-YfhUByMBI3MWFoLBsj4S52EFAfYERgR6MhApFgt_RB2FxZt4N5hBfVKYxJv_42ngu9wzq7dx9bv5f06GXsbjicyBDrZJNsjepsYn99jO3DC9Fj8ZrD01upgVjfzaaYIxHtC4LgRH8zXGkqAeRw9F8Mf0ZWQPNgl-XXWvXchBCJs%3D&request_ab2=0&zoneid=2617099&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=2dc7c9a1-ffa4-482d-9738-ef54d893108d&userId=608d481b62bc4a0f9b0deaa339fca103&m=link

139.45.197.239

200 OK

1.7 kB

URL GET HTTP/2
woafoame.net/?rb=vstzhF89sU07R-m-JgtOuxUnCHF776r6_PL6xOpWjkAwqNvYlQqgrEe7JgUk7ev-YfhUByMBI3MWFoLBsj4S52EFAfYERgR6MhApFgt_RB2FxZt4N5hBfVKYxJv_42ngu9wzq7dx9bv5f06GXsbjicyBDrZJNsjepsYn99jO3DC9Fj8ZrD01upgVjfzaaYIxHtC4LgRH8zXGkqAeRw9F8Mf0ZWQPNgl-XXWvXchBCJs%3D&request_ab2=0&zoneid=2617099&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=2dc7c9a1-ffa4-482d-9738-ef54d893108d&userId=608d481b62bc4a0f9b0deaa339fca103&m=link
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectwoafoame.net
Fingerprint46:19:66:C1:66:62:79:05:0E:B5:09:CC:A9:7E:D2:F1:D0:C4:BE:BB
ValidityThu, 30 Nov 2023 05:09:59 GMT - Wed, 28 Feb 2024 05:09:58 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1768), with no line terminators
Size
1.7 kB (1748 bytes)
Hash
c2462c5ac8c1d04f668078d6898fe97b
f2c6a95d0da364c32fe698a5059859d13b3ada39
b975eb9221d7ad33193fcbd061fdc628a6c55003459fbae22ec4ad3181ac001b

HTTP Headers

GET /?rb=vstzhF89sU07R-m-JgtOuxUnCHF776r6_PL6xOpWjkAwqNvYlQqgrEe7JgUk7ev-YfhUByMBI3MWFoLBsj4S52EFAfYERgR6MhApFgt_RB2FxZt4N5hBfVKYxJv_42ngu9wzq7dx9bv5f06GXsbjicyBDrZJNsjepsYn99jO3DC9Fj8ZrD01upgVjfzaaYIxHtC4LgRH8zXGkqAeRw9F8Mf0ZWQPNgl-XXWvXchBCJs%3D&request_ab2=0&zoneid=2617099&js_build=iclick-v1.635.3-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fwws.brstej.com%2Find5&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.635.3-auto&bs=2dc7c9a1-ffa4-482d-9738-ef54d893108d&userId=608d481b62bc4a0f9b0deaa339fca103&m=link HTTP/1.1
Host: woafoame.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wws.brstej.com/
Origin: https://wws.brstej.com
DNT: 1
Connection: keep-alive
Cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; oaidts=1701460788
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: application/json
x-trace-id: 42ce3f31307576ee708e1360b40b5e59
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://wws.brstej.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=608d481b62bc4a0f9b0deaa339fca103; expires=Sat, 30 Nov 2024 19:59:49 GMT; path=/; secure; SameSite=None
oaidts=1701460789; expires=Sat, 30 Nov 2024 19:59:49 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 08 Dec 2023 19:59:49 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

wws.brstej.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

172.67.156.10

200 OK

12 kB

URL GET HTTP/3
wws.brstej.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (12331)
Size
12 kB (12332 bytes)
Hash
88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 16:06:21 GMT
etag: W/"65660ffd-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f4n%2FUnrF3olgtNqEcimE53ZRzpQWr3UbmLPUxUu71leCZo3P1XzhZHt%2BCHki5UD7U%2FweeEawf%2F39wWO7qZPNAK2jvZMcWZZnK3FT%2B56RWrqIezN6%2BwpYo0jKr6fST%2BJRNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9a57f3056ae-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 03 Dec 2023 19:59:48 GMT
cache-control: max-age=172800, public
content-encoding: gzip

wws.brstej.com/templates/echo/js/jquery.plugins.a.js

172.67.156.10

200 OK

9.5 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/jquery.plugins.a.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9736), with no line terminators
Size
9.5 kB (9490 bytes)
Hash
4983c6c466a34742eab06d54aa11c249
4f14efc4cbf9f23228dea8e955bd14247111d5df
6f05eefe0dec7b5f620b6af01a87efeb1d59dd64f912abb4bbd7468b314d0a26

HTTP Headers

GET /templates/echo/js/jquery.plugins.a.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=9792
expires: Fri, 08 Dec 2023 08:39:13 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 566656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ek9RXx7wfnGvXVo%2BkKDddbItFnJVV%2BCjugdnBnt5KpcT1oSTr7U%2BTS9m3TEAFXDsrMo%2B3ZgZbz2eH6DZc7bkI7zBpQCQQgAUtBRHeKGujt%2BOuLnS%2BSofJDgqYY5YcV5sGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a81a5256ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700

142.250.74.138

200 OK

12 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text
Size
12 kB (11978 bytes)
Hash
06596cfa2dee431129c328e050b9fb2a
1a991c51ab2b2da5647e83f481e7d18d60a45b3b
bf6fe0ffee1d57731da4d1cf3cfe88e1effa9b36c51a85018a91ed43b91c3de6

HTTP Headers

GET /css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 19:59:49 GMT
date: Fri, 01 Dec 2023 19:59:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cameesse.net/27/b7af9eee900df9a8aa2af9ad8ee46174

139.45.197.242

200 OK

413 kB

URL GET HTTP/2
cameesse.net/27/b7af9eee900df9a8aa2af9ad8ee46174
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
ASCII text, with very long lines (65523)
Size
413 kB (412914 bytes)
Hash
1dc3ebe1459db3cde0597b21156f2665
0e5a8c7b79a34f4fffaeab7c7eb4f3a19b0d75f6
1a3f7f2cfe5fba958e9df1a38c0980aab5bb21225601ea849f9e6df4afe09f2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/b7af9eee900df9a8aa2af9ad8ee46174 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Cookie: scm=1; OAID=47563bdb300144609d56840024b507a2; oaidts=1701460790
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: c32e633f146fab372c154ede33d2ebb6
cache-control: max-age:290304000, public
last-modified: Fri, 24 Nov 2023 06:46:08 GMT
expires: Fri, 24 Dec 2083 06:46:08 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

wws.brstej.com/templates/echo/js/melody.dev.js

172.67.156.10

200 OK

5.5 kB

URL GET HTTP/3
wws.brstej.com/templates/echo/js/melody.dev.js
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5563), with no line terminators
Size
5.5 kB (5480 bytes)
Hash
b9e7f1086ce052fb015b62ba9b802cc8
028189983cce5f22f346b9f9a944ee97eb19e9bd
b437704f63a38076015a3c20504d59e6fd292e14e7267eec35715621c05c36a9

HTTP Headers

GET /templates/echo/js/melody.dev.js HTTP/1.1
Host: wws.brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/ind5
Cookie: PHPSESSID=24fe0ec01643494841834da78f5b008c
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 01 Dec 2023 19:59:48 GMT
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=7677
expires: Mon, 11 Dec 2023 06:23:58 GMT
last-modified: Tue, 20 Jan 2037 04:20:42 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 651798
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HbTBZv9VcMJ%2Bm0L1Jcg4hOZjCScE89B8goz1c5YtUTyI7ZMeNPS101Kx6nfjnzQrCzL0NnI7bRYyLqUFHLo%2F5RCEM9w43WFm1cu2qGF4HPtTLDUCFAn0BARDXqskGXEhAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ede9a81a4c56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tzegilo.com/stattag.js

172.67.193.52

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint52:B8:ED:73:BB:55:6F:9C:F8:97:7C:04:34:2B:AD:DB:55:0A:C9:6A
ValidityThu, 05 Oct 2023 17:59:18 GMT - Wed, 03 Jan 2024 17:59:17 GMT

File type
ASCII text, with very long lines (18369)
Size
19 kB (19019 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 19:59:49 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5487
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Kdo%2BiWME5qCDCv4ClOPeAfbYFgP6vhFuqEzIF%2F%2FOhbBTulthNuihDAndWcu34ZC8yRF6W3EUftFhzCmgQ2buGnSqD6Hqs0ehFzdAgNOyINqRn%2FJuU8QSKmENWzmNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede9acce4256b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pushagim.com/pfe/current/extra.min.js?z=3475873&var=3002587

139.45.197.250

200 OK

18 kB

URL GET HTTP/2
pushagim.com/pfe/current/extra.min.js?z=3475873&var=3002587
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://wws.brstej.com/ind5
Certificate
IssuerLet's Encrypt
Subjectpushagim.com
Fingerprint4E:CB:50:CB:A3:58:61:9D:E9:C7:EC:16:25:D6:65:A7:30:39:68:FC
ValidityMon, 06 Nov 2023 16:36:27 GMT - Sun, 04 Feb 2024 16:36:26 GMT

File type
ASCII text, with very long lines (17550), with no line terminators
Size
18 kB (17550 bytes)
Hash
d2b5377db87e56c74bc3c5e251087c27
522da126538d1db8adb63807d015bcc1fdea7a08
4eb3196601dab0886c740cde2fa9adf527e06b9e7c58c3dce8ad46dba0bb8b07

HTTP Headers

GET /pfe/current/extra.min.js?z=3475873&var=3002587 HTTP/1.1
Host: pushagim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wws.brstej.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 01 Dec 2023 19:59:50 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2023 13:38:02 GMT
etag: W/"65649bba-448e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

brstej.com/

172.67.156.10

301 Moved Permanently

938 kB

URL User Request GET HTTP/2
brstej.com/
IP
172.67.156.10:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC0:05:62:A6:F9:77:CC:BA:00:0D:EE:B0:95:4D:22:8E:B5:5F:D0:6E
ValidityTue, 07 Mar 2023 00:00:00 GMT - Tue, 05 Mar 2024 23:59:59 GMT

File type

Size
938 kB (937753 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: brstej.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 01 Dec 2023 19:59:47 GMT
location: https://wws.brstej.com/
cache-control: max-age=3600
expires: Fri, 01 Dec 2023 20:59:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=10JdnkTrAJT8IV3xMuXysEZ8t6udKHdMfviJgRWOCUH1Wouy3ZQ6w9qvv7SHoZ1lIK1BQymjSSQSU1ZxokFv1DuPNUZkYxwF2KZooMSMySJgR2vaJCiWy7Edpc54"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ede99f5c93b503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (51)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP