Report - rplnd44.com/bot/1000/e0bf50871296df5a1e8bf89cf6922876/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=0

Report Overview

Submitted URL
rplnd44.com/bot/1000/e0bf50871296df5a1e8bf89cf6922876/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=0
IP
173.214.250.52
ASN
#15317 SERVEREL-AS
Submitted
2024-04-26 13:23:38
Access
public
Website Title
Нажмите Разрешить
Final URL
ptpios.ucoz.net/index.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ahaurgoo.net	unknown	2022-10-03	2022-10-03	2024-04-18	1.0 kB	16 kB	139.45.197.251
trel.do.am	unknown	unknown	No data	No data	508 B	475 B	195.216.243.16
ptpios.ucoz.net	unknown	unknown	2022-11-30	2022-11-30	1.5 kB	22 kB	195.216.243.20
ilsilz.ucoz.org	unknown	2005-11-05	2022-08-05	2023-11-04	967 B	31 kB	195.216.243.20
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-25	1.3 kB	1.9 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-25	4.0 kB	4.7 kB	139.45.197.250
tmix.ucoz.net	unknown	unknown	No data	No data	937 B	16 kB	193.109.246.67
nicksstevmark.com	unknown	unknown	2020-12-04	2023-03-14	426 B	27 kB	212.117.190.201
rplnd44.com	unknown	unknown	No data	No data	581 B	55 kB	173.214.250.52
seofan.ucoz.ru	unknown	2005-08-20	2015-01-29	2015-06-15	904 B	16 kB	193.109.246.6
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-26	1.3 kB	94 kB	142.250.74.170
eu.rexpush.club	unknown	2023-05-11	2023-05-26	2024-03-05	612 B	37 kB	62.122.170.145
eu.rplnd67.com	unknown	unknown	No data	No data	619 B	56 kB	109.206.163.206
firego.ucoz.net	unknown	unknown	No data	No data	1.3 kB	19 kB	193.109.246.67
choupsee.com	93673	2020-12-13	2020-12-19	2024-02-25	3.9 kB	57 kB	139.45.197.251
forlumineoner.com	298831	2020-04-08	2020-04-27	2024-04-18	3.5 kB	39 kB	139.45.197.229
ghoop.ru	unknown	2021-01-26	2021-03-29	2023-09-30	1.9 kB	3.1 kB	87.236.16.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	ahaurgoo.net	Sinkholed
2024-04-26	medium	ahaurgoo.net	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	forlumineoner.com/pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var=	15 kB	2024-04-25	2024-05-06
Pretty URL forlumineoner.com/pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var= IP 139.45.197.229 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:19:47 Last Seen2024-05-06 04:46:01 Times Seen138 Hash ffdd38e0a5a1a47cb341a116a3318e0e 2fd730feff506cf56e14c531e9d89cdea2cca424 7d8e97e9586d3f04c4a2a703692378868e49120c6159d079ae7ed1eca2ca2b5c Loading...

	unknown	73 kB	2024-04-26	2024-05-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:23:45 Last Seen2024-05-02 19:12:43 Times Seen12 Hash 5bbe376b5677a5f07051dfa9c6f3221a fb0f0dbb4d45faeaf905d778949d9480f8c19d0a ab0af71125c64d7b60915222764907708423f47cf5ea23f54d7162127696485e Loading...

	ptpios.ucoz.net/index.html	0 B	2023-03-07	2024-05-06
Pretty URL ptpios.ucoz.net/index.html IP 195.216.243.20 ASN #57724 Ddos-Guard Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 19:35:29 Times Seen37382937 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-05-06
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 19:20:40 Times Seen109031 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	unknown	103 B	2024-04-26	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:23:45 Last Seen2024-04-26 15:23:45 Times Seen1 Hash 9f40710782ab30e28a5019095462a94b 9a68603aca1b284b6931ab3bd4b89279fe41c03f 0d6be6e0196482ad27f9945a73a368489752dee565c9054c6d4d8fd026f65b82 Loading...

	nicksstevmark.com/pn07uscr/f/tr/zavbn/1808242/lib.js	28 kB	2024-04-26	2024-04-26
Pretty URL nicksstevmark.com/pn07uscr/f/tr/zavbn/1808242/lib.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 15:23:45 Last Seen2024-04-26 15:23:45 Times Seen1 Hash ef65c509c2f8feebb464b1f5de1c82ee e6e43d21b4e98489bc940edee4a7d4b460ec098d c8b4464fa16b8e51c55096b4d8ff8757c6d866e6f3b8677beedfe4de21ea5b2c Loading...

		Size	First Seen	Last Seen
	#1 Eval - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-05-06
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-06 19:35:29 Times Seen37382937 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	#2 Eval - 7bdfc9d45988da97fd0fc52cc43e86e8	80 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 15:23:45 Last Seen2024-04-26 15:23:45 Times Seen1 Hash 7bdfc9d45988da97fd0fc52cc43e86e8 ead0bf5e88d02b510a8e83048e77ed920ad5e3a0 58079b269674b9c3c26e20d4b7523c29bd83cbdf38fb581e7cdc2307fd40e458 Loading...

HTTP Transactions (52)

URL IP Response Size

rplnd44.com/bot/1000/e0bf50871296df5a1e8bf89cf6922876/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=0

173.214.250.52

54 kB

URL
rplnd44.com/bot/1000/e0bf50871296df5a1e8bf89cf6922876/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=0
IP
173.214.250.52:0
ASN
#15317 SERVEREL-AS

File type
gzip compressed data, max speed, from Unix
Size
54 kB (54466 bytes)
Hash
c1bfdde6a1efeafae197511626121d60
74e6309f947e9c11a983395b83348737d35c27c4
dcc72ca7f5b1381457a91d529ac7136ad21b6fb9a2eadaea9460fd832a851e5e

HTTP Headers

GET /bot/1000/e0bf50871296df5a1e8bf89cf6922876/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=0 HTTP/1.1
Host: rplnd44.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:13 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-WoW64, Sec-CH-UA-Bitness, Sec-CH-UA-Model
permissions-policy: ch-ua=(self "https://rexpush.club"), ch-ua-mobile=(self "https://rexpush.club"), ch-ua-platform=(self "https://rexpush.club"), ch-ua-full-version=(self "https://rexpush.club"), ch-ua-full-version-list=(self "https://rexpush.club"), ch-ua-platform-version=(self "https://rexpush.club"), ch-ua-arch=(self "https://rexpush.club"), ch-ua-wow64=(self "https://rexpush.club"), ch-ua-bitness=(self "https://rexpush.club"), ch-ua-model=(self "https://rexpush.club")
content-encoding: gzip
X-Firefox-Spdy: h2

ilsilz.ucoz.org/favicon.ico

195.216.243.20

15 kB

URL
ilsilz.ucoz.org/favicon.ico
IP
195.216.243.20:0
ASN
#57724 Ddos-Guard Ltd

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ilsilz.ucoz.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilsilz.ucoz.org/srz.html
Cookie: __ddg1_=rUsHGqB2HIDjiWYMr7oa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 26 Apr 2024 13:23:15 GMT
content-type: image/x-icon
content-length: 15086
last-modified: Tue, 23 Apr 2024 12:18:09 GMT
etag: "6627a701-3aee"
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

ghoop.ru/

87.236.16.239

274 B

URL
ghoop.ru/
IP
87.236.16.239:0
ASN
#198610 Beget LLC

File type
HTML document, ASCII text
Size
274 B (274 bytes)
Hash
dde72ae232dc63298465861482d7bb93
557c5dbebc35bc82280e2a744a03ce5e78b3e6fb
0032588b8d93a807cf0f48a806ccf125677503a6fabe4105a6dc69e81ace6091

HTTP Headers

GET / HTTP/1.1
Host: ghoop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trel.do.am/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Fri, 26 Apr 2024 13:23:15 GMT
content-type: text/html
content-length: 274
last-modified: Mon, 27 May 2019 13:11:00 GMT
etag: "5cebe1e4-112"
accept-ranges: bytes
X-Firefox-Spdy: h2

ghoop.ru/arrow.png

87.236.16.239

1.4 kB

URL
ghoop.ru/arrow.png
IP
87.236.16.239:0
ASN
#198610 Beget LLC

File type
PNG image data, 100 x 170, 8-bit colormap, non-interlaced
Size
1.4 kB (1354 bytes)
Hash
54188b7a40cf4bede7f8b5f15726e9fa
298763c52fc42329204f0b60824011c54867f869
7001ee4fe402fd79c88f197d46843afadb035933299c80781217a7e9711875c1

HTTP Headers

GET /arrow.png HTTP/1.1
Host: ghoop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Cookie: beget=begetok
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Fri, 26 Apr 2024 13:23:15 GMT
content-type: image/png
content-length: 1354
last-modified: Thu, 24 Jun 2021 07:09:09 GMT
etag: "60d42f95-54a"
expires: Sun, 26 May 2024 13:23:15 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.170

200 OK

30 kB

URL GET HTTP/3
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 11:06:17 GMT
expires: Fri, 25 Apr 2025 11:06:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 94618
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ghoop.ru/favicon.ico

87.236.16.239

163 B

URL
ghoop.ru/favicon.ico
IP
87.236.16.239:0
ASN
#198610 Beget LLC

File type
HTML document, ASCII text, with CRLF line terminators
Size
163 B (163 bytes)
Hash
565584cb0a6470ad17a7b8db7f7d21e2
9620dd5fe0e7f3933c12a781c1619765cd667d8b
3e8eb6f707697b440983f2db12d72fbdcee8b01e7ae5133484b88aa46905ea14

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ghoop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Cookie: beget=begetok
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx-reuseport/1.21.1
date: Fri, 26 Apr 2024 13:23:16 GMT
content-type: text/html
content-length: 163
X-Firefox-Spdy: h2

ahaurgoo.net/zone?&pub=0&zone_id=4025455&is_mobile=false&domain=ghoop.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=9ef21585-09f3-4557-beb9-1e582fc9b6ee&action=prerequest

139.45.197.251

0 B

URL
ahaurgoo.net/zone?&pub=0&zone_id=4025455&is_mobile=false&domain=ghoop.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=9ef21585-09f3-4557-beb9-1e582fc9b6ee&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=4025455&is_mobile=false&domain=ghoop.ru&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=9ef21585-09f3-4557-beb9-1e582fc9b6ee&action=prerequest HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:16 GMT
content-length: 0
x-trace-id: 123342d0136e3c481cf0fce9d8d03218
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

39 B

URL
jouteetu.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 231
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:16 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1882bdefad13941f52feac9948ee481b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

39 B

URL
jouteetu.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 233
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:16 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 77905a88049748195aac92194fe7fd20
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ahaurgoo.net/pfe/current/micro.tag.min.js?z=4025455&sw=/sw-check-permissions-a7b09.js

139.45.197.251

15 kB

URL
ahaurgoo.net/pfe/current/micro.tag.min.js?z=4025455&sw=/sw-check-permissions-a7b09.js
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
gzip compressed data, max speed, from Unix
Size
15 kB (14718 bytes)
Hash
79ab4f5f20178d8996c060bb397118cb
1c4b2573fec4c28a0fabe5f38102b69cac5b9e97
05c6f230d524bab329e3cd7e74295e02df901851cc6350c1759b308d2ee09038

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4025455&sw=/sw-check-permissions-a7b09.js HTTP/1.1
Host: ahaurgoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:16 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ghoop.ru/
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
d6dc23d9ecb4cf2eaa7cfc4d9d54fa07
9fb0e44c8df953b05c82b8abc4596fb8acc5b5fa
29df316b51ae4f68e203c2445b23c3028cc7deba2b8d0ec4c37c8d545c6c47eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ghoop.ru/
Content-Type: application/json
Content-Length: 860
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:16 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

39 B

URL
jouteetu.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 243
Origin: https://ghoop.ru
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:22 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7ad4f43a022122ee851adc6948a7e164
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ghoop.ru
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ilsilz.ucoz.org/favicon.ico

195.216.243.20

15 kB

URL
ilsilz.ucoz.org/favicon.ico
IP
195.216.243.20:0
ASN
#57724 Ddos-Guard Ltd

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ilsilz.ucoz.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilsilz.ucoz.org/dklg.html
Cookie: __ddg1_=rUsHGqB2HIDjiWYMr7oa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 26 Apr 2024 13:23:22 GMT
content-type: image/x-icon
content-length: 15086
last-modified: Tue, 23 Apr 2024 12:18:09 GMT
etag: "6627a701-3aee"
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

eu.rexpush.club/js/s_d79ad80dafddd695eb2d4c2838248468.min.js?tag=1436&attempt=0&rnd=549106876&lnd=bot&v=2&token=1de133fdd6d09a8f7c181063ca24304f&click_id=%24%7Bclick_id%7D&sub1=%24%7Bsub1%7D&sub2=%24%7Bsub2%7D&sub3=%24%7Bsub3%7D&tb=&t_rdr=

62.122.170.145

37 kB

URL
eu.rexpush.club/js/s_d79ad80dafddd695eb2d4c2838248468.min.js?tag=1436&attempt=0&rnd=549106876&lnd=bot&v=2&token=1de133fdd6d09a8f7c181063ca24304f&click_id=%24%7Bclick_id%7D&sub1=%24%7Bsub1%7D&sub2=%24%7Bsub2%7D&sub3=%24%7Bsub3%7D&tb=&t_rdr=
IP
62.122.170.145:0
ASN
#50245 Serverel Inc.

File type
gzip compressed data, max speed, from Unix
Size
37 kB (37062 bytes)
Hash
08234ba67efcc26737a2bd65d8e686d2
f1e3ee58ca81d5bbc4dd5f1b85026072d15f94da
7244c144903f52a80b814da7f1132cba20aeb2fecc8b0733f1cc512c195e0de1

HTTP Headers

GET /js/s_d79ad80dafddd695eb2d4c2838248468.min.js?tag=1436&attempt=0&rnd=549106876&lnd=bot&v=2&token=1de133fdd6d09a8f7c181063ca24304f&click_id=%24%7Bclick_id%7D&sub1=%24%7Bsub1%7D&sub2=%24%7Bsub2%7D&sub3=%24%7Bsub3%7D&tb=&t_rdr= HTTP/1.1
Host: eu.rexpush.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eu.rplnd67.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:22 GMT
content-type: text/javascript;charset=UTF-8
set-cookie: _f_30d9ff6106b5fe28d448dd5186c64932=4; expires=Mon, 24-Apr-2034 13:23:22 GMT; Max-Age=315360000; path=/; domain=.rexpush.club; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

seofan.ucoz.ru/mo.html

193.109.246.6

144 B

URL
seofan.ucoz.ru/mo.html
IP
193.109.246.6:0
ASN
#204343 Compubyte Limited

File type
HTML document, ASCII text
Size
144 B (144 bytes)
Hash
6f0135ecd01848b505ec1bc13b13b642
8b882bd65341f230f34ad0a7d2e0353565eaaa9c
2e1c3b474b7f00f1bad15e429ce730312dd13b4878d7d7bd4c730a9dc4770b0c

HTTP Headers

GET /mo.html HTTP/1.1
Host: seofan.ucoz.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 13:23:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 16 May 2024 13:23:19 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

seofan.ucoz.ru/favicon.ico

193.109.246.6

15 kB

URL
seofan.ucoz.ru/favicon.ico
IP
193.109.246.6:0
ASN
#204343 Compubyte Limited

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: seofan.ucoz.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://seofan.ucoz.ru/mo.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 13:23:20 GMT
Content-Type: image/x-icon
Content-Length: 15086
Last-Modified: Tue, 23 Apr 2024 12:18:05 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "6627a6fd-3aee"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

eu.rplnd67.com/bot/1436/1de133fdd6d09a8f7c181063ca24304f/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=1

109.206.163.206

56 kB

URL
eu.rplnd67.com/bot/1436/1de133fdd6d09a8f7c181063ca24304f/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=1
IP
109.206.163.206:0
ASN
#50245 Serverel Inc.

File type
HTML document, ASCII text, with very long lines (64132), with CRLF line terminators
Size
56 kB (55491 bytes)
Hash
4e279bbc897374f786f824fca67f2d33
a596989f34ac4d49ddb5eb256d74813bff8e4790
04be49d6e4d0e802a8668cec4751457acf565b6694f6e555f8470b092a1a6e77

HTTP Headers

GET /bot/1436/1de133fdd6d09a8f7c181063ca24304f/?click_id=${click_id}&sub1=${sub1}&sub2=${sub2}&sub3=${sub3}&fullscreen=1 HTTP/1.1
Host: eu.rplnd67.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilsilz.ucoz.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:22 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-WoW64, Sec-CH-UA-Bitness, Sec-CH-UA-Model
permissions-policy: ch-ua=(self "https://eu.rexpush.club"), ch-ua-mobile=(self "https://eu.rexpush.club"), ch-ua-platform=(self "https://eu.rexpush.club"), ch-ua-full-version=(self "https://eu.rexpush.club"), ch-ua-full-version-list=(self "https://eu.rexpush.club"), ch-ua-platform-version=(self "https://eu.rexpush.club"), ch-ua-arch=(self "https://eu.rexpush.club"), ch-ua-wow64=(self "https://eu.rexpush.club"), ch-ua-bitness=(self "https://eu.rexpush.club"), ch-ua-model=(self "https://eu.rexpush.club")
content-encoding: gzip
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.170

200 OK

30 kB

URL GET HTTP/3
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 11:06:17 GMT
expires: Fri, 25 Apr 2025 11:06:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 94626
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

firego.ucoz.net/arrow.png

193.109.246.67

200 OK

1.4 kB

URL GET HTTP/1.1
firego.ucoz.net/arrow.png
IP
193.109.246.67:443
ASN
#204343 Compubyte Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
PNG image data, 100 x 170, 8-bit colormap, non-interlaced
Size
1.4 kB (1354 bytes)
Hash
54188b7a40cf4bede7f8b5f15726e9fa
298763c52fc42329204f0b60824011c54867f869
7001ee4fe402fd79c88f197d46843afadb035933299c80781217a7e9711875c1

HTTP Headers

GET /arrow.png HTTP/1.1
Host: firego.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 13:23:24 GMT
Content-Type: image/png
Content-Length: 1354
Last-Modified: Wed, 13 Jan 2021 20:14:11 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5fff5493-54a"
Expires: Thu, 16 May 2024 13:23:24 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

choupsee.com/pfe/current/tag.min.js?z=3859177

139.45.197.251

200 OK

7.1 kB

URL GET HTTP/2
choupsee.com/pfe/current/tag.min.js?z=3859177
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.1 kB (7099 bytes)
Hash
626fdcd8e8a08c3bd03978afb140d01b
d103f7cb0b410f4c382c8528a26db8b9b9e98ddf
783174c3506cad3548b12b3b7c9d04c9bb8cb98b3b052aa83061093ad058a16b

HTTP Headers

GET /pfe/current/tag.min.js?z=3859177 HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

firego.ucoz.net/favicon.ico

193.109.246.67

200 OK

15 kB

URL GET HTTP/1.1
firego.ucoz.net/favicon.ico
IP
193.109.246.67:443
ASN
#204343 Compubyte Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: firego.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 13:23:24 GMT
Content-Type: image/x-icon
Content-Length: 15086
Last-Modified: Tue, 23 Apr 2024 12:18:12 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "6627a704-3aee"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

choupsee.com/custom

139.45.197.251

200 OK

0 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

choupsee.com/custom

139.45.197.251

200 OK

0 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

firego.ucoz.net/sw.js

193.109.246.67

200 OK

1.2 kB

URL GET HTTP/1.1
firego.ucoz.net/sw.js
IP
193.109.246.67:443
ASN
#204343 Compubyte Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2734)
Size
1.2 kB (1184 bytes)
Hash
979c7c47d5dae394f79b315577cbe24e
119fd04fc5e95cd71ea33df083d0ca4bede99daa
b823ad4d4513c9acfe975b37f0ffb4f9d4e0b7cfb617640ede556ec568af97b2

HTTP Headers

GET /sw.js HTTP/1.1
Host: firego.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/index.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 13:23:24 GMT
Content-Type: text/javascript
Last-Modified: Wed, 13 Jan 2021 20:11:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5fff53e7-aaf"
Expires: Thu, 16 May 2024 13:23:24 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

choupsee.com/custom

139.45.197.251

200 OK

39 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Content-Type: application/json
Content-Length: 376
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 06cc7548f2fbadcf7203e6d0133b1afe
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

choupsee.com/custom

139.45.197.251

200 OK

39 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Content-Type: application/json
Content-Length: 747
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5ff5f95dad60020eb6486db494e239dc
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ghoop.ru/sw-check-permissions-a7b09.js?zoneId=4025455

87.236.16.239

293 B

URL
ghoop.ru/sw-check-permissions-a7b09.js?zoneId=4025455
IP
87.236.16.239:0
ASN
#198610 Beget LLC

File type
Java source, ASCII text
Size
293 B (293 bytes)
Hash
78ab2da61e64db0ae166c0d3fcbba3d1
7aea21433c7107772829a0f45cbf346cf1256d74
df9de3bbf0a37631555f1bbfb0498c68e0ceaab942cd9ea70b1a60beae02b315

HTTP Headers

GET /sw-check-permissions-a7b09.js?zoneId=4025455 HTTP/1.1
Host: ghoop.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ghoop.ru/
Cookie: beget=begetok
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Fri, 26 Apr 2024 13:23:16 GMT
content-type: application/x-javascript
last-modified: Sat, 06 Mar 2021 19:34:09 GMT
vary: Accept-Encoding
etag: W/"6043d931-236"
expires: Fri, 03 May 2024 13:23:16 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

choupsee.com/custom

139.45.197.251

200 OK

39 B

URL OPTIONS HTTP/2
choupsee.com/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Content-Type: application/json
Content-Length: 385
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9d19099b6f01abcc2893886e1da68f0d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

trel.do.am/vio.html

195.216.243.16

119 B

URL
trel.do.am/vio.html
IP
195.216.243.16:0
ASN
#57724 Ddos-Guard Ltd

File type
HTML document, ASCII text
Size
119 B (119 bytes)
Hash
920e69fc4930d5b81f7c028f5103ca2e
007274f578b92130ba6723152a32b0dd49885686
11d70238ab2e85ae5e885e1464b0c6086a9aea919c5a790f2d24e349f609b3b4

HTTP Headers

GET /vio.html HTTP/1.1
Host: trel.do.am
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilsilz.ucoz.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=rTVBVoyi6Ts1nzFlme40; Domain=.do.am; HttpOnly; Path=/; Expires=Sat, 26-Apr-2025 13:23:15 GMT
date: Fri, 26 Apr 2024 13:23:13 GMT
content-type: text/html
expires: Thu, 16 May 2024 13:23:13 GMT
cache-control: max-age=1728000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
a9e30b77edf3293eb74f459b1a916642
bdbdd3a649adf57814cb0a3136ff46e7c6733c26
25749aee7bdc7049fa371b083ed3e4a09cb23fbad91e7d859e2b3d59b9e149ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Content-Type: application/json
Content-Length: 509
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

choupsee.com/pfe/current/universal.min.js?v=3.1.504

139.45.197.251

200 OK

45 kB

URL GET HTTP/2
choupsee.com/pfe/current/universal.min.js?v=3.1.504
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
gzip compressed data, max speed, from Unix
Size
45 kB (45068 bytes)
Hash
3b1f398a435f9689264e4cefeddb6b60
d82b57341ed815d144cddf567a1192561e457557
9974632a70559e4fa6aadcf0eae7f6de697c0ab10fa2fbac3dec4ed60f368785

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.504 HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:51 GMT
etag: W/"662a3513-15efa"
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

tmix.ucoz.net/ghr.html

193.109.246.67

151 B

URL
tmix.ucoz.net/ghr.html
IP
193.109.246.67:0
ASN
#204343 Compubyte Limited

File type
HTML document, Unicode text, UTF-8 (with BOM) text
Size
151 B (151 bytes)
Hash
50fefb93e88d48aa810eff6918930cf6
aea8bdf028d53c5bbfdf39bd4fb2a209cde1b7ab
a35cae6b46e4562f23955550b8d4209199a7a872499f738fd7b1e3db745563ae

HTTP Headers

GET /ghr.html HTTP/1.1
Host: tmix.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://firego.ucoz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 13:23:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Expires: Thu, 16 May 2024 13:23:31 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

tmix.ucoz.net/favicon.ico

193.109.246.67

15 kB

URL
tmix.ucoz.net/favicon.ico
IP
193.109.246.67:0
ASN
#204343 Compubyte Limited

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tmix.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmix.ucoz.net/ghr.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 13:23:31 GMT
Content-Type: image/x-icon
Content-Length: 15086
Last-Modified: Tue, 23 Apr 2024 12:18:12 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "6627a704-3aee"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.170

200 OK

30 kB

URL GET HTTP/3
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 11:06:17 GMT
expires: Fri, 25 Apr 2025 11:06:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 94634
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ptpios.ucoz.net/arrow.png

195.216.243.20

200 OK

1.4 kB

URL GET HTTP/2
ptpios.ucoz.net/arrow.png
IP
195.216.243.20:443
ASN
#57724 Ddos-Guard Ltd

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
PNG image data, 100 x 170, 8-bit colormap, non-interlaced
Size
1.4 kB (1354 bytes)
Hash
54188b7a40cf4bede7f8b5f15726e9fa
298763c52fc42329204f0b60824011c54867f869
7001ee4fe402fd79c88f197d46843afadb035933299c80781217a7e9711875c1

HTTP Headers

GET /arrow.png HTTP/1.1
Host: ptpios.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/index.html
Cookie: __ddg1_=Rpxkm3zathUeGB9DD5dE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: image/png
content-length: 1354
last-modified: Sat, 05 Dec 2020 17:04:16 GMT
etag: "5fcbbd90-54a"
expires: Thu, 16 May 2024 13:23:31 GMT
cache-control: max-age=1728000
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

nicksstevmark.com/pn07uscr/f/tr/zavbn/1808242/lib.js

212.117.190.201

200 OK

26 kB

URL GET HTTP/2
nicksstevmark.com/pn07uscr/f/tr/zavbn/1808242/lib.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint88:6E:05:79:44:57:36:C0:D9:C9:0D:B3:2C:CC:DC:2E:09:0A:DC:C7
ValidityTue, 09 Jan 2024 12:40:58 GMT - Sat, 06 Jul 2024 21:59:00 GMT

File type
gzip compressed data, from Unix
Size
26 kB (25746 bytes)
Hash
e473325e083e3c919f593ef87f4f1a78
c59b17ce73b695416e3fd3d2d19851930359357f
37b5bfdd1324beac8172122c5a250ed18b7d5fee9ce5be80989e2c8fd041b110

HTTP Headers

GET /pn07uscr/f/tr/zavbn/1808242/lib.js HTTP/1.1
Host: nicksstevmark.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: script
set-cookie: CHCK=1; Path=/; Expires=Fri, 30 May 2025 13:23:31 GMT; Secure; SameSite=None
UID=2404260823d440fb6810c84008b049176510; Path=/; Expires=Fri, 30 May 2025 13:23:31 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

forlumineoner.com/pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var=

139.45.197.229

200 OK

7.1 kB

URL GET HTTP/2
forlumineoner.com/pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var=
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.1 kB (7082 bytes)
Hash
11cace970c868b873834ec89d1693c25
b5c98d0720b51446d90a2d6d1c06d74b94f8e9cf
69c2736fc6a1cd1747548cf3bd355cb5cbd5807dcc5a48f8d20806a41b41ef4f

HTTP Headers

GET /pfe/current/tag.min.js?pub=1&t=standalone&z=1808242&var= HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:49 GMT
etag: W/"662a3511-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

0 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 765
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7ceb979a6a792d03a2c94c387a3d3238
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/custom

139.45.197.229

200 OK

39 B

URL OPTIONS HTTP/2
forlumineoner.com/custom
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 393
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 786b66eaeb7adcf72c1f1f5db1e82b0d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

forlumineoner.com/pfe/current/standalone.min.js?v=3.1.504

139.45.197.229

200 OK

28 kB

URL GET HTTP/2
forlumineoner.com/pfe/current/standalone.min.js?v=3.1.504
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (27738 bytes)
Hash
5bbe376b5677a5f07051dfa9c6f3221a
fb0f0dbb4d45faeaf905d778949d9480f8c19d0a
ab0af71125c64d7b60915222764907708423f47cf5ea23f54d7162127696485e

HTTP Headers

GET /pfe/current/standalone.min.js?v=3.1.504 HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:49 GMT
etag: W/"662a3511-11c35"
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
67257f392ffb7d706f7b464f556f9968
6eb827cb27fa9d33e0c48d14d1e0b815a46442b2
9cd4d7ab0aaa008dce332b65af3204cba29fd1d52b99c6cc4ccc36cf9f5ca8f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 509
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
77084f5d6445c3e14c733c219342c8e7
febd9ef8d66eb1aaac7f39af5d052f415463fa0c
51bcd73d98385a96ec387af58da1558d670645af5d2a67e30fb143484e3a0ffa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 509
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
8a590ce39afbbe4b18b3377f387e6c5b
dce2b746abfb2d5fef39c1d3a0f4d15d976a45b3
32ada610bfae1835fd7c51cb3bcbb76496ec5f35935dabbdadb51372e4f82f1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Content-Type: application/json
Content-Length: 509
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptpios.ucoz.net/index.html

195.216.243.20

200 OK

4.4 kB

URL User Request GET HTTP/2
ptpios.ucoz.net/index.html
IP
195.216.243.20:443
ASN
#57724 Ddos-Guard Ltd

Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4609), with no line terminators
Size
4.4 kB (4414 bytes)
Hash
3862d129c9ac2b40082a253187b151bc
63c312502de14539d3567f7f04c5f8e810362ab9
aba60d4c701dfac6034159843c66e9e27959fce7f26fbed04f4dbf0c2d2f7904

HTTP Headers

GET /index.html HTTP/1.1
Host: ptpios.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tmix.ucoz.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=Rpxkm3zathUeGB9DD5dE; Domain=.ucoz.net; HttpOnly; Path=/; Expires=Sat, 26-Apr-2025 13:23:30 GMT
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: text/html
expires: Thu, 16 May 2024 13:23:31 GMT
cache-control: max-age=1728000
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

choupsee.com/zone?pub=0&zone_id=3859177&is_mobile=false&domain=firego.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.251

200 OK

880 B

URL GET HTTP/2
choupsee.com/zone?pub=0&zone_id=3859177&is_mobile=false&domain=firego.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://firego.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectchoupsee.com
Fingerprint4C:1C:F1:FB:87:5D:C3:B4:C1:76:B6:B9:5A:40:5D:31:DC:31:50:2E
ValidityWed, 27 Mar 2024 05:23:53 GMT - Tue, 25 Jun 2024 05:23:52 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (977), with no line terminators
Size
880 B (880 bytes)
Hash
7908bfdb9ae29e96ae0a95b9b84edd25
91f9f7269910df112b5169b7202e93d456ed8de8
361d2b758ded32a652008daa8ad6c84a9eb2bc55c4885941fc2db2577dc7f566

HTTP Headers

GET /zone?pub=0&zone_id=3859177&is_mobile=false&domain=firego.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: choupsee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://firego.ucoz.net/
Origin: https://firego.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:23 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 9a17cbefecfb0d303da58ab9ec8dd244
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://firego.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

forlumineoner.com/zone?pub=1&zone_id=1808242&is_mobile=false&domain=ptpios.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504

139.45.197.229

200 OK

863 B

URL GET HTTP/2
forlumineoner.com/zone?pub=1&zone_id=1808242&is_mobile=false&domain=ptpios.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504
IP
139.45.197.229:443
ASN
#9002 RETN Limited

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerLet's Encrypt
Subjectforlumineoner.com
FingerprintEE:7F:FC:04:62:36:59:D1:96:FB:E4:5E:A0:C9:5B:C7:3A:C0:4F:B1
ValidityWed, 27 Mar 2024 20:13:33 GMT - Tue, 25 Jun 2024 20:13:32 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (958), with no line terminators
Size
863 B (863 bytes)
Hash
962a270e64b3a96e67fcfd0a8ca4e2f3
e11b45e3e441442931df8b012623bf8a55ba2d40
64049dc3eb07b341be58e0c84fc1faaa7fc02951629aad172b9f4fbdbc76dbce

HTTP Headers

GET /zone?pub=1&zone_id=1808242&is_mobile=false&domain=ptpios.ucoz.net&var=&ymid=&var_3=&tg=0&sw=3.1.504 HTTP/1.1
Host: forlumineoner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptpios.ucoz.net/
Origin: https://ptpios.ucoz.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 863
x-trace-id: 510c0a4b9b6453b83ab3caae79769e05
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ptpios.ucoz.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptpios.ucoz.net/favicon.ico

195.216.243.20

200 OK

15 kB

URL GET HTTP/2
ptpios.ucoz.net/favicon.ico
IP
195.216.243.20:443
ASN
#57724 Ddos-Guard Ltd

Requested by
https://ptpios.ucoz.net/index.html
Certificate
IssuerGoGetSSL
Subject*.ucoz.net
FingerprintD4:7C:40:25:6E:5E:E4:80:18:C0:C9:BB:9F:7A:BB:CD:65:03:EF:99
ValidityWed, 20 Mar 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
12e586b55ae88e7db200e9e77f39cf91
e229d2c29ff74dc720d8f73da2fb7d6a5cf0f2f7
441ab4f4da564d1e43c1b117270dc5320dc993e6fb849479bfc82c8bcc60469b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ptpios.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptpios.ucoz.net/index.html
Cookie: __ddg1_=Rpxkm3zathUeGB9DD5dE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Fri, 26 Apr 2024 13:23:31 GMT
content-type: image/x-icon
content-length: 15086
last-modified: Tue, 23 Apr 2024 12:18:09 GMT
etag: "6627a701-3aee"
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (52)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash