Report - trochoi3k.wap.sh

Report Overview

Visited public
2025-04-22 08:52:34
Tags
URL
trochoi3k.wap.sh
Finishing URL
trochoi3k.wap.sh/
IP / ASN
54.36.158.41
#16276 OVH SAS
Title
Wap Tải Game Hay - Trochoi2k.Wap.Sh

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xtgem.com	168884	2006-11-15	2012-05-22	2025-04-21	444 B	976 B	188.114.97.11
taiapp.mobi	unknown	unknown	2015-07-23	2025-04-21	3.6 kB	0 B	0.0.0.0
http	528123	unknown	2016-08-19	2025-04-18	412 B	0 B	0.0.0.0
mgyccfrshz.com	unknown	2023-03-06	2023-03-14	2025-04-09	3.7 kB	151 kB	212.117.190.201
trochoi3k.wap.sh	unknown	2006-08-02	2017-01-25	2025-04-21	1.0 kB	41 kB	54.36.158.41
u-on.eu	457211	unknown	2012-06-19	2025-04-21	395 B	1.7 kB	192.99.9.229
cif.images.xtstatic.com	unknown	2011-12-13	2013-12-16	2025-04-21	532 B	309 B	141.94.172.213
4.thumbs.xtstatic.com	unknown	2011-12-13	2017-02-03	2025-04-10	552 B	1.3 kB	141.94.172.213
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-16	408 B	6.7 kB	142.250.74.10
enif.images.xtstatic.com	unknown	2011-12-13	2013-12-11	2025-04-21	533 B	309 B	141.94.172.213

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-22	medium	taiapp.mobi	Sinkholed
2025-04-22	medium	taiapp.mobi	Sinkholed
2025-04-22	medium	taiapp.mobi	Sinkholed
2025-04-22	medium	taiapp.mobi	Sinkholed
2025-04-22	medium	taiapp.mobi	Sinkholed
2025-04-22	medium	taiapp.mobi	Sinkholed
2025-04-22	medium	http	Sinkholed
2025-04-22	medium	taiapp.mobi	Sinkholed
2025-04-22	medium	taiapp.mobi	Sinkholed
2025-04-22	medium	taiapp.mobi	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	trochoi3k.wap.sh/	ScriptElement	734 B	2023-07-23	2025-05-01
Pretty URL trochoi3k.wap.sh/ IP 54.36.158.41 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 17:52 Last Seen2025-05-01 20:22 Times Seen16 Hash 9c2621cd1397a11b668318724c7dfe8c c8d09afedb44bfd0fa2cf33dd056bd0ee4ab19b0 e175e5a78be47f0445989cf4ef6dbb427e695f6ff307c220a7e91ba77ed55670 Loading...

	trochoi3k.wap.sh/	ScriptElement	405 B	2023-03-07	2025-05-01
Pretty URL trochoi3k.wap.sh/ IP 54.36.158.41 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:07 Last Seen2025-05-01 20:22 Times Seen160 Hash 06cbd507f0ed8c1e24a311d1a6989f47 1bfa1bdc02352f69a4db9573f405a86d274224ee d566eef474285bfa9beeedaffb7ca86e0389f1e2300a2a4a2bbf3a07a83ec8fa Loading...

	trochoi3k.wap.sh/	ScriptElement	1.1 kB	2023-03-07	2025-05-01
Pretty URL trochoi3k.wap.sh/ IP 54.36.158.41 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:07 Last Seen2025-05-01 20:22 Times Seen158 Hash b627b0dd75b1bfbb07498cd850475493 096877695b19b764ec1234a5b3b9c137b9722777 419ef7905e04d4ee315a6e15684f571a68fb0965eb8cc3f2da6998476767f57c Loading...

	mgyccfrshz.com/q/tdl/95/dnt/2014799/kep.js	ScriptElement	135 kB	2025-04-22	2025-04-22
Pretty URL mgyccfrshz.com/q/tdl/95/dnt/2014799/kep.js IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-22 08:52 Last Seen2025-04-22 08:52 Times Seen1 Hash 0249ec17b1f89140027f32c9a5a2f99c 18d9c46480e0e5013b0ed7bdc3e118bc533fa861 b72945408a321cf31dd78dca2cf5798f7112ba43c90a48418a7cc512a0f31051 Loading...

	mgyccfrshz.com/get/2014799?p=2014799&jp=_clrglwickldunfvevabjqf&nojs=0&abvar=0&febuild=1.0.533&t=0&wcks=1&wgl=1&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=3&es=13&ge=2&th=sBfdcHx-hPEz&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&vcv=Mesa&vcn=llvmpipe&ix=0&x=1280&y=1024&md=0&psu=LtV5utfaHR0cHM6Ly90cm9jaG9pM2sud2FwLnNoLw&afid=5462405320473088&eclog=0&snc=0&ssc=0&vp=0&dto=2&im=1&noch=1&de=0&cs=5&uf=0&freq=0	ScriptElement	12 kB	2025-04-22	2025-04-22
Pretty URL mgyccfrshz.com/get/2014799?p=2014799&jp=_clrglwickldunfvevabjqf&nojs=0&abvar=0&febuild=1.0.533&t=0&wcks=1&wgl=1&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=3&es=13&ge=2&th=sBfdcHx-hPEz&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&vcv=Mesa&vcn=llvmpipe&ix=0&x=1280&y=1024&md=0&psu=LtV5utfaHR0cHM6Ly90cm9jaG9pM2sud2FwLnNoLw&afid=5462405320473088&eclog=0&snc=0&ssc=0&vp=0&dto=2&im=1&noch=1&de=0&cs=5&uf=0&freq=0 IP 212.117.190.201 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-22 08:52 Last Seen2025-04-22 08:52 Times Seen1 Hash ecfe033e1e14f9cc4f5b22962ce67e9c fe99e7a04013bce8f443744ed1cd7543c4699ebe 30ced7c8127fc9395f4d995cd00f95986a219c3635cbcc329e02b175b94ca59d Loading...

	trochoi3k.wap.sh/	ScriptElement	4.5 kB	2025-04-22	2025-04-22
Pretty URL trochoi3k.wap.sh/ IP 54.36.158.41 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-22 08:52 Last Seen2025-04-22 08:52 Times Seen1 Hash 44a776874c179041f3c966bf115d1d69 fd272c727e89652da3133f6410ed16741cad155d 37bf2f033b396087579ec1833ce25f6e0543e0c4e2a4950f121054c4749c8406 Loading...

HTTP Transactions (22)

URL IP Response Size

4.thumbs.xtstatic.com/100/50/-/495fbca2b631df32fdf495de8d15a2a4/backtooldschool.xtgem.com/images/blog/pair-of-vintage-old-school-fru-25084.jpg

141.94.172.213

200 OK

1.0 kB

URL GET
4.thumbs.xtstatic.com/100/50/-/495fbca2b631df32fdf495de8d15a2a4/backtooldschool.xtgem.com/images/blog/pair-of-vintage-old-school-fru-25084.jpg
IP
141.94.172.213:443
ASN
#16276 OVH SAS

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerLet's Encrypt
Subjectxtstatic.com
Fingerprint78:2A:6E:F4:D7:AC:A4:F4:4D:3B:08:3F:5F:8D:0E:E4:9F:37:7F:40
ValidityFri, 18 Apr 2025 09:18:54 GMT - Thu, 17 Jul 2025 09:18:53 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 37x50, components 3
Size
1.0 kB (1024 bytes)
Hash
435e6d952e58fe421047e953a91b00d9
20922af16ce1aaf0bd2640913543ce69886cdda5
5779990ed13069c4e0f89c3a63c0b0c9950e7443c38c9b4b2f40e7fee06148bf

HTTP Headers

GET /100/50/-/495fbca2b631df32fdf495de8d15a2a4/backtooldschool.xtgem.com/images/blog/pair-of-vintage-old-school-fru-25084.jpg HTTP/1.1
Host: 4.thumbs.xtstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trochoi3k.wap.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Apr 2025 08:52:14 GMT
Cache-Control: max-age=172800, pre-check=172800
Expires: Thu, 24 Apr 2025 08:52:14 GMT
Last-Modified: Mon, 07 Apr 2025 05:44:07 GMT
Sent-XS: 0.000
X-Ngz: 1
ETag: "400-0"
Content-Length: 1024
Content-Type: image/jpeg

taiapp.mobi/img/iwin.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/iwin.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/iwin.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fonts.googleapis.com/css?family=Open+Sans

142.250.74.10

200 OK

6.0 kB

URL GET
fonts.googleapis.com/css?family=Open+Sans
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
ASCII text, with very long lines (1572)
Size
6.0 kB (5973 bytes)
Hash
207f621b4209616283d091a5a0f8cd49
d34e96207b74c7446771ed458ddb74ae78121e93
5780dcb011235f74ebd060a2e1d7e214e3bd12e13982bf4bd7fbe052d3d55f63

HTTP Headers

GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 22 Apr 2025 08:52:20 GMT
date: Tue, 22 Apr 2025 08:52:20 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

enif.images.xtstatic.com/tp.gif

141.94.172.213

200 OK

42 B

URL GET
enif.images.xtstatic.com/tp.gif
IP
141.94.172.213:443
ASN
#16276 OVH SAS

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerLet's Encrypt
Subjectxtstatic.com
Fingerprint78:2A:6E:F4:D7:AC:A4:F4:4D:3B:08:3F:5F:8D:0E:E4:9F:37:7F:40
ValidityFri, 18 Apr 2025 09:18:54 GMT - Thu, 17 Jul 2025 09:18:53 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /tp.gif HTTP/1.1
Host: enif.images.xtstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trochoi3k.wap.sh/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Apr 2025 08:52:14 GMT
Last-Modified: Sat, 16 Nov 2019 11:03:28 GMT
ETag: "2a-59774aa04e000"
Accept-Ranges: bytes
Content-Length: 42
Cache-Control: max-age=2592000
Expires: Thu, 22 May 2025 08:52:14 GMT
Content-Type: image/gif

taiapp.mobi/img/avatar.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/avatar.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/avatar.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

taiapp.mobi/img/ionline.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/ionline.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ionline.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

taiapp.mobi/img/kpah.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/kpah.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/kpah.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

taiapp.mobi/img/trachanhquan.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/trachanhquan.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/trachanhquan.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

taiapp.mobi/img/nlcg.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/nlcg.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/nlcg.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

http//trochoi2k.wap.sh/img/favicon.ico

0.0.0.0

0 B

URL GET
http//trochoi2k.wap.sh/img/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET //trochoi2k.wap.sh/img/favicon.ico HTTP/1.1
Host: http
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

trochoi3k.wap.sh/

54.36.158.41

200 OK

26 kB

URL User Request GET
trochoi3k.wap.sh/
IP
54.36.158.41:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subject*.wap.sh
Fingerprint12:E1:99:64:42:4D:A1:F7:BB:86:AB:A9:AB:17:22:DA:E9:9F:F1:23
ValidityFri, 14 Mar 2025 10:17:29 GMT - Thu, 12 Jun 2025 10:17:28 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4177), with CRLF, LF line terminators
Size
26 kB (26101 bytes)
Hash
392e561acb77f01c886c0e48e1709cea
994051ff2724418699f9af2b4668ccbfbe8e0817
1d550691f2e0869402ea045a34d92dd840cb7b32f6de08ee30546853bee2770d

HTTP Headers

GET / HTTP/1.1
Host: trochoi3k.wap.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Apr 2025 08:52:12 GMT
Vary: Host,Accept-Encoding
Set-Cookie: _xta_uid=f54bbbfbeae232448a5e6f1586223772; expires=Thu, 22-Apr-2027 08:52:13 GMT; Max-Age=63072000; path=/; domain=.wap.sh; httponly
_xta_vid=cae21ae77eb78df6bc88a19b08afc5fd-1745311933; expires=Tue, 22-Apr-2025 09:22:13 GMT; Max-Age=1800; path=/; domain=.wap.sh; httponly
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Encoding: gzip
Content-Length: 6717
Content-Type: text/html;charset=UTF-8

mgyccfrshz.com/q/tdl/95/dnt/2014799/kep.js

212.117.190.201

200 OK

135 kB

URL GET
mgyccfrshz.com/q/tdl/95/dnt/2014799/kep.js
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint7F:8C:94:8D:10:33:6A:BE:93:E2:C1:3F:21:57:40:ED:C4:D3:EB:5A
ValidityMon, 03 Mar 2025 23:41:19 GMT - Sat, 30 Aug 2025 21:59:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
135 kB (134631 bytes)
Hash
0249ec17b1f89140027f32c9a5a2f99c
18d9c46480e0e5013b0ed7bdc3e118bc533fa861
b72945408a321cf31dd78dca2cf5798f7112ba43c90a48418a7cc512a0f31051

HTTP Headers

GET /q/tdl/95/dnt/2014799/kep.js HTTP/1.1
Host: mgyccfrshz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trochoi3k.wap.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 22 Apr 2025 08:52:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 17 Apr 2025 10:47:39 GMT
vary: Accept-Encoding
etag: W/"6800dc4b-20ea5"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

trochoi3k.wap.sh/img/logo.png

54.36.158.41

200 OK

14 kB

URL GET
trochoi3k.wap.sh/img/logo.png
IP
54.36.158.41:443
ASN
#16276 OVH SAS

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerLet's Encrypt
Subject*.wap.sh
Fingerprint12:E1:99:64:42:4D:A1:F7:BB:86:AB:A9:AB:17:22:DA:E9:9F:F1:23
ValidityFri, 14 Mar 2025 10:17:29 GMT - Thu, 12 Jun 2025 10:17:28 GMT

File type
PNG image data, 266 x 39, 8-bit/color RGBA, non-interlaced
Size
14 kB (13688 bytes)
Hash
5d492aa732cf24f6c440113c6ffb1e9d
ab3b0cce4ae558e91ff2960678f8255cc1e74e2c
044a0d1879677c580ed1f15e59f0b194e1437f17f4521df5f6d6551c0d595cc8

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: trochoi3k.wap.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _xta_uid=f54bbbfbeae232448a5e6f1586223772; _xta_vid=cae21ae77eb78df6bc88a19b08afc5fd-1745311933; test
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Apr 2025 08:52:13 GMT
Set-Cookie: _xta_uid=f54bbbfbeae232448a5e6f1586223772; expires=Thu, 22-Apr-2027 08:52:13 GMT; Max-Age=63072000; path=/; domain=.wap.sh; httponly
Cache-Control: max-age=2592000
Expires: Thu, 22 May 2025 08:52:13 GMT
X-Ngz: 1
Last-Modified: Mon, 03 Aug 2015 08:37:35 GMT
ETag: "3578-51c6414cf71c0"
Content-Length: 13688
Content-Type: image/png

taiapp.mobi/img/gopet.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/gopet.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gopet.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

xtgem.com/images/close2.png?v=0.01

188.114.97.11

200 OK

564 B

URL GET
xtgem.com/images/close2.png?v=0.01
IP
188.114.97.11:443
ASN
#13335 CLOUDFLARENET

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerGoogle Trust Services
Subjectxtgem.com
Fingerprint8B:D8:ED:20:0D:76:8E:B6:38:D8:AF:28:27:F0:32:2A:1E:5A:4D:9C
ValidityTue, 01 Apr 2025 00:59:39 GMT - Mon, 30 Jun 2025 01:58:07 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
564 B (564 bytes)
Hash
865dce1b2a4002b9a85f75ea622f4000
f56c8218b5ca721a9e5a3daec742a6f38c33c075
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3

HTTP Headers

GET /images/close2.png?v=0.01 HTTP/1.1
Host: xtgem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trochoi3k.wap.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 22 Apr 2025 08:52:13 GMT
content-type: image/png
content-length: 564
server: cloudflare
accept-ranges: bytes
last-modified: Sat, 16 Nov 2019 11:03:28 GMT
etag: "234-59774aa04e000"
cache-control: max-age=2592000
expires: Mon, 12 May 2025 00:03:18 GMT
x-ngz: 1
cf-cache-status: HIT
age: 895735
cf-ray: 9343e2413ef4b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

taiapp.mobi/img/army.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/army.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/army.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

u-on.eu/c.php?u=78757

192.99.9.229

200 OK

1.4 kB

URL GET
u-on.eu/c.php?u=78757
IP
192.99.9.229:443
ASN
#16276 OVH SAS

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerLet's Encrypt
Subjectu-on.eu
FingerprintDB:09:7E:0D:3F:7B:F3:C0:FB:5A:1C:48:7A:79:BA:45:05:76:37:9C
ValiditySun, 23 Mar 2025 17:45:58 GMT - Sat, 21 Jun 2025 17:45:57 GMT

File type
PNG image data, 88 x 15, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1433 bytes)
Hash
deb01823ffd4fad230b89bcf163bfe64
1edf587ba375bbd571a10f97c84fea1e29e01142
4ae231f3bf45935f639e5b1747a463bb0eacacf12eecf034f8ec549d0e6de12f

HTTP Headers

GET /c.php?u=78757 HTTP/1.1
Host: u-on.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Apr 2025 08:52:14 GMT
Server: Apache/2.4.55 (Ubuntu)
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 1433
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

mgyccfrshz.com/check.html

212.117.190.201

200 OK

926 B

URL GET
mgyccfrshz.com/check.html
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint7F:8C:94:8D:10:33:6A:BE:93:E2:C1:3F:21:57:40:ED:C4:D3:EB:5A
ValidityMon, 03 Mar 2025 23:41:19 GMT - Sat, 30 Aug 2025 21:59:00 GMT

File type
HTML document, ASCII text
Size
926 B (926 bytes)
Hash
088dba8e97eede53134c93219f7ebbae
adb707654d1fe0af7d0d7a9f55660d22bd3625e4
6da0120b4c7bc45b63fcbb87595c3c1ea2cdca482b0c48d4d2ab434f9e897aff

HTTP Headers

GET /check.html HTTP/1.1
Host: mgyccfrshz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trochoi3k.wap.sh/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 22 Apr 2025 08:52:14 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 16 Apr 2025 07:53:28 GMT
vary: Accept-Encoding
etag: W/"67ff61f8-39e"
x-js-ab: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

cif.images.xtstatic.com/tp.gif

141.94.172.213

200 OK

42 B

URL GET
cif.images.xtstatic.com/tp.gif
IP
141.94.172.213:443
ASN
#16276 OVH SAS

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerLet's Encrypt
Subjectxtstatic.com
Fingerprint78:2A:6E:F4:D7:AC:A4:F4:4D:3B:08:3F:5F:8D:0E:E4:9F:37:7F:40
ValidityFri, 18 Apr 2025 09:18:54 GMT - Thu, 17 Jul 2025 09:18:53 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /tp.gif HTTP/1.1
Host: cif.images.xtstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trochoi3k.wap.sh/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Apr 2025 08:52:14 GMT
Last-Modified: Sat, 16 Nov 2019 11:03:28 GMT
ETag: "2a-59774aa04e000"
Accept-Ranges: bytes
Content-Length: 42
Cache-Control: max-age=2592000
Expires: Thu, 22 May 2025 08:52:14 GMT
Content-Type: image/gif

taiapp.mobi/img/phongvantruyenky.png

0.0.0.0

0 B

URL GET
taiapp.mobi/img/phongvantruyenky.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://trochoi3k.wap.sh/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/phongvantruyenky.png HTTP/1.1
Host: taiapp.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

mgyccfrshz.com/get/2014799?p=2014799&jp=_clrglwickldunfvevabjqf&nojs=0&abvar=0&febuild=1.0.533&t=0&wcks=1&wgl=1&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=3&es=13&ge=2&th=sBfdcHx-hPEz&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&vcv=Mesa&vcn=llvmpipe&ix=0&x=1280&y=1024&md=0&psu=LtV5utfaHR0cHM6Ly90cm9jaG9pM2sud2FwLnNoLw&afid=5462405320473088&eclog=0&snc=0&ssc=0&vp=0&dto=2&im=1&noch=1&de=0&cs=5&uf=0&freq=0

212.117.190.201

200 OK

12 kB

URL GET
mgyccfrshz.com/get/2014799?p=2014799&jp=_clrglwickldunfvevabjqf&nojs=0&abvar=0&febuild=1.0.533&t=0&wcks=1&wgl=1&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=3&es=13&ge=2&th=sBfdcHx-hPEz&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&vcv=Mesa&vcn=llvmpipe&ix=0&x=1280&y=1024&md=0&psu=LtV5utfaHR0cHM6Ly90cm9jaG9pM2sud2FwLnNoLw&afid=5462405320473088&eclog=0&snc=0&ssc=0&vp=0&dto=2&im=1&noch=1&de=0&cs=5&uf=0&freq=0
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint7F:8C:94:8D:10:33:6A:BE:93:E2:C1:3F:21:57:40:ED:C4:D3:EB:5A
ValidityMon, 03 Mar 2025 23:41:19 GMT - Sat, 30 Aug 2025 21:59:00 GMT

File type
ASCII text, with very long lines (11900), with no line terminators
Size
12 kB (11900 bytes)
Hash
ecfe033e1e14f9cc4f5b22962ce67e9c
fe99e7a04013bce8f443744ed1cd7543c4699ebe
30ced7c8127fc9395f4d995cd00f95986a219c3635cbcc329e02b175b94ca59d

HTTP Headers

GET /get/2014799?p=2014799&jp=_clrglwickldunfvevabjqf&nojs=0&abvar=0&febuild=1.0.533&t=0&wcks=1&wgl=1&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=3&es=13&ge=2&th=sBfdcHx-hPEz&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&vcv=Mesa&vcn=llvmpipe&ix=0&x=1280&y=1024&md=0&psu=LtV5utfaHR0cHM6Ly90cm9jaG9pM2sud2FwLnNoLw&afid=5462405320473088&eclog=0&snc=0&ssc=0&vp=0&dto=2&im=1&noch=1&de=0&cs=5&uf=0&freq=0 HTTP/1.1
Host: mgyccfrshz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://trochoi3k.wap.sh/
Cookie: cart=1; cart_p=2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 22 Apr 2025 08:52:14 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Tue, 26 May 2026 08:52:14 GMT; Secure; SameSite=None
UID=25042203524d31edfe18b343cebf24b381ab; Path=/; Expires=Tue, 26 May 2026 08:52:14 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

mgyccfrshz.com/chicken.gif?z=2014799&pb=44fc10a50ee874f0d08582ea059415781745319134&pbc=F7S6V37hb7redAdo&pbu=SUToqZBsvInedAdo&psp=Gc41y8EOFcfJ4MqcYRHHGwAaUVxW5EB8ZUEJ6ZArjLR6SKHjXlPxNcJusfH-vbPgLZ3s_e4DIA0Gem0wOHUZowsND0rjnn4H58Whv0M-mjLYLk_mqcLXecuRolZJFUrG2SyYANWlYkRw2V6P6EkNw-fIxQviIjX3QAzOLRXBrPGan6Gk0XxOEmLKnQizYF9WweERAiWZt92M4QvxQ0Dskn39CDk8b_Yih9HTyg7mDJktDbQq-tVFDrjmEAsJk9dVNhdLxbzrZ1SRsGAkSD4Y8lr0tV1QGdqUk-9U8G6dlbrhAajDgtYri_guhQoz2T3xj_XQI35DHgLd8ivAXZYhRi03GbVbPh-iTDd0K89tzDf0ZLHN8rwKnVJSEk5i4LkDCUjXvpBK7kZCyPwTL2rp0Z7dsQA5rh0i6nJP_A2rZWpTi1MPUMkxvsDco6JN2YaZgTLnWQQ-OfN7D6o8MsgQTMEhZQdSZAHUNJHNIpBQwVBQ4Pusit99zP6Amu9PDmO2wbNLQyxk_nYZLQ1anDGd-NDAJzYXwGzaA-bo4CTV8dtZaaE4jV4DgFC_xE_cr3mDoG29nTp8R6CMepbf2LazcJ6-7u8eshfymumk0wPtJ3pHxfxjL2rwZ-lu4Ww3HuZDAnph9nzLe46cdN6l4R-gmf0s1FOl2q2ncPMzk-cMm1j4mdY-GlYvGxc99wK9asOZEnyg-dxK8pNLQjRxilDtL9LQs8V2JVIpilFeS0NTuhmIZYI=&freq=0&nojs=0&abvar=0&febuild=1.0.533&t=0&wcks=1&wgl=1&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=3&es=13&ge=2&th=sBfdcHx-hPEz&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&vcv=Mesa&vcn=llvmpipe&ix=0&x=1280&y=1024&md=0&psu=t54LcUOaHR0cHM6Ly90cm9jaG9pM2sud2FwLnNoLw&afid=4055030437237760&eclog=0&snc=0&ssc=6&tp=0&vp=0&dto=2&im=1&noch=1&de=0&cs=5&_=0.6516446669958634

212.117.190.201

200 OK

43 B

URL GET
mgyccfrshz.com/chicken.gif?z=2014799&pb=44fc10a50ee874f0d08582ea059415781745319134&pbc=F7S6V37hb7redAdo&pbu=SUToqZBsvInedAdo&psp=Gc41y8EOFcfJ4MqcYRHHGwAaUVxW5EB8ZUEJ6ZArjLR6SKHjXlPxNcJusfH-vbPgLZ3s_e4DIA0Gem0wOHUZowsND0rjnn4H58Whv0M-mjLYLk_mqcLXecuRolZJFUrG2SyYANWlYkRw2V6P6EkNw-fIxQviIjX3QAzOLRXBrPGan6Gk0XxOEmLKnQizYF9WweERAiWZt92M4QvxQ0Dskn39CDk8b_Yih9HTyg7mDJktDbQq-tVFDrjmEAsJk9dVNhdLxbzrZ1SRsGAkSD4Y8lr0tV1QGdqUk-9U8G6dlbrhAajDgtYri_guhQoz2T3xj_XQI35DHgLd8ivAXZYhRi03GbVbPh-iTDd0K89tzDf0ZLHN8rwKnVJSEk5i4LkDCUjXvpBK7kZCyPwTL2rp0Z7dsQA5rh0i6nJP_A2rZWpTi1MPUMkxvsDco6JN2YaZgTLnWQQ-OfN7D6o8MsgQTMEhZQdSZAHUNJHNIpBQwVBQ4Pusit99zP6Amu9PDmO2wbNLQyxk_nYZLQ1anDGd-NDAJzYXwGzaA-bo4CTV8dtZaaE4jV4DgFC_xE_cr3mDoG29nTp8R6CMepbf2LazcJ6-7u8eshfymumk0wPtJ3pHxfxjL2rwZ-lu4Ww3HuZDAnph9nzLe46cdN6l4R-gmf0s1FOl2q2ncPMzk-cMm1j4mdY-GlYvGxc99wK9asOZEnyg-dxK8pNLQjRxilDtL9LQs8V2JVIpilFeS0NTuhmIZYI=&freq=0&nojs=0&abvar=0&febuild=1.0.533&t=0&wcks=1&wgl=1&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=3&es=13&ge=2&th=sBfdcHx-hPEz&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&vcv=Mesa&vcn=llvmpipe&ix=0&x=1280&y=1024&md=0&psu=t54LcUOaHR0cHM6Ly90cm9jaG9pM2sud2FwLnNoLw&afid=4055030437237760&eclog=0&snc=0&ssc=6&tp=0&vp=0&dto=2&im=1&noch=1&de=0&cs=5&_=0.6516446669958634
IP
212.117.190.201:443
ASN
#7979 SERVERS-COM

Requested by
https://trochoi3k.wap.sh/
Certificate
IssuerBuypass AS-983163327
Subject
Fingerprint7F:8C:94:8D:10:33:6A:BE:93:E2:C1:3F:21:57:40:ED:C4:D3:EB:5A
ValidityMon, 03 Mar 2025 23:41:19 GMT - Sat, 30 Aug 2025 21:59:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=2014799&pb=44fc10a50ee874f0d08582ea059415781745319134&pbc=F7S6V37hb7redAdo&pbu=SUToqZBsvInedAdo&psp=Gc41y8EOFcfJ4MqcYRHHGwAaUVxW5EB8ZUEJ6ZArjLR6SKHjXlPxNcJusfH-vbPgLZ3s_e4DIA0Gem0wOHUZowsND0rjnn4H58Whv0M-mjLYLk_mqcLXecuRolZJFUrG2SyYANWlYkRw2V6P6EkNw-fIxQviIjX3QAzOLRXBrPGan6Gk0XxOEmLKnQizYF9WweERAiWZt92M4QvxQ0Dskn39CDk8b_Yih9HTyg7mDJktDbQq-tVFDrjmEAsJk9dVNhdLxbzrZ1SRsGAkSD4Y8lr0tV1QGdqUk-9U8G6dlbrhAajDgtYri_guhQoz2T3xj_XQI35DHgLd8ivAXZYhRi03GbVbPh-iTDd0K89tzDf0ZLHN8rwKnVJSEk5i4LkDCUjXvpBK7kZCyPwTL2rp0Z7dsQA5rh0i6nJP_A2rZWpTi1MPUMkxvsDco6JN2YaZgTLnWQQ-OfN7D6o8MsgQTMEhZQdSZAHUNJHNIpBQwVBQ4Pusit99zP6Amu9PDmO2wbNLQyxk_nYZLQ1anDGd-NDAJzYXwGzaA-bo4CTV8dtZaaE4jV4DgFC_xE_cr3mDoG29nTp8R6CMepbf2LazcJ6-7u8eshfymumk0wPtJ3pHxfxjL2rwZ-lu4Ww3HuZDAnph9nzLe46cdN6l4R-gmf0s1FOl2q2ncPMzk-cMm1j4mdY-GlYvGxc99wK9asOZEnyg-dxK8pNLQjRxilDtL9LQs8V2JVIpilFeS0NTuhmIZYI=&freq=0&nojs=0&abvar=0&febuild=1.0.533&t=0&wcks=1&wgl=1&cnvs=1&os=0&tz=UTC&ss=1&ls=1&bb=0&cti=0&fn=3&es=13&ge=2&th=sBfdcHx-hPEz&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&vcv=Mesa&vcn=llvmpipe&ix=0&x=1280&y=1024&md=0&psu=t54LcUOaHR0cHM6Ly90cm9jaG9pM2sud2FwLnNoLw&afid=4055030437237760&eclog=0&snc=0&ssc=6&tp=0&vp=0&dto=2&im=1&noch=1&de=0&cs=5&_=0.6516446669958634 HTTP/1.1
Host: mgyccfrshz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cart=1; cart_p=2; CHCK=1; UID=25042203524d31edfe18b343cebf24b381ab
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 22 Apr 2025 08:52:19 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: BCAI=ACsoqwAAAAAAAAAB; Path=/; Expires=Wed, 23 Apr 2025 08:52:20 GMT; Secure; SameSite=None
BMI=ADvlrwAAAAAAAAAB; Path=/; Expires=Wed, 23 Apr 2025 08:52:20 GMT; Secure; SameSite=None
BCRI=AAAAAAAAAAAAAAAB; Path=/; Expires=Wed, 23 Apr 2025 08:52:20 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (22)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size