Report - splitpubcrawl.net/

Report Overview

Submitted URL
splitpubcrawl.net/
IP
172.67.191.164
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 23:26:56
Access
public
Website Title
Den årlige brukerundersøkelsen 2024
Final URL
506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnstatic.check-tl-ver-94-1.com	unknown	2024-04-09	2024-04-19	2024-05-07	521 B	24 kB	172.67.147.142
lakesidefootball.com	unknown	2022-09-08	2019-03-11	2024-03-16	495 B	37 kB	188.114.97.1
splitpubcrawl.net	unknown	2016-05-08	2022-10-26	2024-04-14	1.3 kB	39 kB	172.67.191.164
506k7ep.ehhipwind.live	unknown	unknown	No data	No data	15 kB	338 kB	185.155.186.25
jsontdsexit2.com	unknown	2022-05-16	2022-05-16	2024-05-07	461 B	4.7 kB	136.243.216.235
mvgde.polluxcastor.top	unknown	2023-07-02	2023-07-13	2024-03-21	503 B	1.1 kB	104.21.55.18
mvgde.check-tl-ver-94-1.com	unknown	unknown	No data	No data	2.4 kB	35 kB	172.67.147.142
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-11	904 B	21 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 23:26:31	high	Client IP	185.155.186.25	ThreatFox Unknown malware payload delivery (ip:port - confidence level: 50%)
2024-05-10 23:26:31	high	Client IP	185.155.186.25	ThreatFox Unknown malware payload delivery (ip:port - confidence level: 50%)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed
2024-05-10	medium	ehhipwind.live	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	506k7ep.ehhipwind.live/media/mainstream/all/mb/2.js	15 kB	2024-02-24	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/2.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-05-23 03:50:01 Times Seen1192 Hash 0bddd3bcca2df107ca5b8187b8e2a3f8 8bb441d73dfd233f8db6bbaffc2b0227a329a0f7 03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b Loading...

	506k7ep.ehhipwind.live/media/mainstream/all/mb/3.js	15 kB	2024-02-24	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/3.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:22 Last Seen2024-05-23 03:50:01 Times Seen1195 Hash 55bab18cf6adc22fc3d91e30c20ce0e6 0f18ff18d3db09841c930241460d61bc136e5a34 b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed Loading...

	506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D	582 B	2024-05-11	2024-05-11
Pretty URL 506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-11 01:27:04 Last Seen2024-05-11 01:27:04 Times Seen1 Hash 23a171e52f7c147d2034e04ef163bcf2 d306ae8e2b39fc6d0815f4206ede03f5aca6f0c2 7f8823bfb57b13a839b7edb728566b1faf2f63369bdd14cc80b2b5c665c33fba Loading...

	506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D	27 B	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-23 03:50:01 Times Seen739 Hash 161f9a69d329eefbacd7189c6e7c4717 24471f3653e76a774ee0b0a26bc552d7d1010619 286b3e82413a678df1f76749c9fde680f2d4adc46f9e10a6e44d8982ab4b3e14 Loading...

	506k7ep.ehhipwind.live/media/mainstream/all/mb/1.js	12 kB	2024-02-24	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-05-23 03:50:01 Times Seen1190 Hash 4c0b32d32b0b7317afb94deba5cabeac ee478251de9e6c4046a72ae0dff93ba1ac06c85a b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46 Loading...

	506k7ep.ehhipwind.live/media/mainstream/u.js	24 kB	2024-02-25	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/u.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-25 16:07:16 Last Seen2024-05-23 03:50:01 Times Seen1308 Hash 89ed4b592ab506a6fca18e95657dfc4f 179998ad5741d669e75521fb943850a808917924 4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b Loading...

	506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D	51 B	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-23 03:50:01 Times Seen705 Hash 8da6025b0f37cfcb5159f14899f1259e f1dc2b85e181e418c319fabcafbc02cfe0e2677d 120a3671c235c1e3eea60a2bcf36fdf328913b6d75264414183501f28c7db244 Loading...

	506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D	20 B	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18:07 Last Seen2024-05-23 03:50:01 Times Seen812 Hash 4c981176ad777cd42704547a34e38fd7 b8b3405d5144df7ffa3df8da12003925a6bd5f10 f684cc3909c044c62a129eeaece559818947abfa00e7ff1c1344407699456c6c Loading...

	506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D	32 B	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-23 03:50:01 Times Seen705 Hash d1fc504dfb1bf43968d1d83b98732bd6 a2ee4d6e44f99e721894b5c70fbf471d2cd7d0f4 62144f95cb4d3d23136c15d183dfcbb051102f0f836d5bbe956be26f31945a89 Loading...

	506k7ep.ehhipwind.live/media/mainstream/all/mb/no/8.js	1.2 kB	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/no/8.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2024-05-23 03:50:01 Times Seen1480 Hash dbdb981f8658c845968ec8226f81d1d8 d679b7bf47f71cd55b6c307cf96146a95660d667 5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa Loading...

	506k7ep.ehhipwind.live/media/mainstream/all/mb/6.js	29 kB	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/6.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-05-23 04:15:39 Times Seen10718 Hash ba847811448ef90d98d272aeccef2a95 5814e91bb6276f4de8b7951c965f2f190a03978d 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1 Loading...

	506k7ep.ehhipwind.live/media/mainstream/all/mb/7.js	7.9 kB	2024-02-24	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/7.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-05-23 03:50:01 Times Seen1186 Hash 114f0be35fbff35e205c5f0bc146d864 dad256468614b8bb885233a71b31751edc222c5d 7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d Loading...

	506k7ep.ehhipwind.live/media/mainstream/all/mb/4.js	5.8 kB	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/4.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-23 03:50:01 Times Seen1406 Hash 8c7a2e36533feed8cd5fbca8b8f91114 854cdef22953f1eab3d94eb6b421c433ad34f4c7 f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6 Loading...

	506k7ep.ehhipwind.live/media/mainstream/all/mb/jquery.min.js	87 kB	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/jquery.min.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-23 04:47:40 Times Seen68551 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D	39 B	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-23 03:50:01 Times Seen700 Hash 2fbdfa4e04d76b87c23f87e832cd7b23 9d43f5beab48537f469fbf72c17930ad1586eeff 9a365e6129870f0efb051315111b44b71fa52c2951060dc6f38fe5365ba70363 Loading...

	506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D	34 B	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-05-23 03:50:01 Times Seen698 Hash 33752473f5296f7592bf34007363d9cd e6b81b1e154cf8883f18d90591015f186cdd69dd b412bac7f038e04833108c29e7ce496215edd1b51afaa8b6648275790c088dc6 Loading...

	506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D	23 B	2023-03-07	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:56 Last Seen2024-05-23 03:50:01 Times Seen690 Hash df1b896f4fac3bd9289cb281825ec760 f23884052caeb422d137868f7256a442b353e704 82b015da06c8025a4c31b869996f8281cc0cfd74a333728684762861200bac5a Loading...

	506k7ep.ehhipwind.live/media/mainstream/all/mb/5.js	12 kB	2024-02-24	2024-05-23
Pretty URL 506k7ep.ehhipwind.live/media/mainstream/all/mb/5.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:22 Last Seen2024-05-23 03:50:01 Times Seen1183 Hash de362f15f5232df7747f7e741f587fcd 6353ff9bb0db73da818f1bc7250866f3d56bc8f8 e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47 Loading...

		Size	First Seen	Last Seen
	#1 Write - 80d41f1e0b14eacb229eea9618632e88	6 B	2023-03-17	2024-05-18
Pretty Observations First Seen2023-03-17 12:38:39 Last Seen2024-05-18 00:19:05 Times Seen120 Hash 80d41f1e0b14eacb229eea9618632e88 49de2f04421f83c395c3ff00d1a5beb5a907804d 9b7ae5c44dab49762dcaed9c53245d2086e02794665e4659fa7fb52fca8c529c Loading...

	#2 Write - 763f7f1aec350cd1a46238d1d5c3c229	7 B	2023-03-07	2024-05-23
Pretty Observations First Seen2023-03-07 01:03:11 Last Seen2024-05-23 03:50:01 Times Seen1394 Hash 763f7f1aec350cd1a46238d1d5c3c229 b4ee6522335b033249255b4cc1d572993282aafb 2f26233595d165e6868c5bb9e5e835506039e72c61a36a1bafb0827abfe746a5 Loading...

	#3 Write - 18d6d42f7129d207cea6686420173be4	11 B	2024-05-10	2024-05-11
Pretty Observations First Seen2024-05-10 05:11:44 Last Seen2024-05-11 01:49:59 Times Seen48 Hash 18d6d42f7129d207cea6686420173be4 47e6ca1ef80c403d77ae83ae48067bedcaac6163 84949c4804cdbb27d087745276431fcedccde5ba101d7853c84e579211a8d65c Loading...

	#4 Write - 3247750a72fae4424557c14e24defeaf	6 B	2023-03-07	2024-05-23
Pretty Observations First Seen2023-03-07 01:18:07 Last Seen2024-05-23 03:50:01 Times Seen693 Hash 3247750a72fae4424557c14e24defeaf e47b0507109ad8e7fb4cc83ff559fbde701b2d7d 1f310aec0e2bccc7b983d1d8759f6eac77d1d6721f9ecf87526ab93472a767c3 Loading...

HTTP Transactions (40)

URL IP Response Size

mvgde.polluxcastor.top/?pl=wyqwIiui3U-oMKNOfTV6Dg

104.21.55.18

0 B

URL
mvgde.polluxcastor.top/?pl=wyqwIiui3U-oMKNOfTV6Dg
IP
104.21.55.18:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=wyqwIiui3U-oMKNOfTV6Dg HTTP/1.1
Host: mvgde.polluxcastor.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 23:26:29 GMT
content-length: 0
location: https://mvgde.check-tl-ver-94-1.com/space-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=space-robot&nrid=a1d373c95abc4288b3da83f0dd7567b6&hash=klzJuKKiBa3jPVw6hcXiQw&exp=1715383889
set-cookie: wyqwIiui3U-oMKNOfTV6Dg=1; max-age=345600; path=/; samesite=lax
__pl=ea412fa0-c142-4ab8-bb6e-0c5f37fef9c4; expires=Sun, 10 May 2026 23:26:29 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p2qBbmjFNqEPUJx0P7xOdgYvvJzTadG%2FpxoNqC8wxlCv8wpUB3dj7WsiKwmIYvMlIhGv7GF%2BvyQJYAvEN7PKEcKB8OoCwW3awGdV9fHiazMKi5pUZMfOFC47uQ%2BPEIOwj3kdn6wPLW0D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881db1caba0956c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mvgde.check-tl-ver-94-1.com/space-robot/assets/corner.png

172.67.147.142

300 B

URL
mvgde.check-tl-ver-94-1.com/space-robot/assets/corner.png
IP
172.67.147.142:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: mvgde.check-tl-ver-94-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mvgde.check-tl-ver-94-1.com/space-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=space-robot&nrid=a1d373c95abc4288b3da83f0dd7567b6&hash=klzJuKKiBa3jPVw6hcXiQw&exp=1715383889
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 23:26:29 GMT
content-type: image/png
content-length: 300
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-12c"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IGDIbTwsSfiFeRuV4u1R9jhTBdKwTTwGP3js0rVf%2FD3C2pXBr2ITeZ7L54y44NNGcjqaAbA98EbSSEDHRGXNgaRSZhjv2o70NXAKLKhHRahZuBh8pjkfIOup6%2BdUfAE5TzUYCLdyz6t9hQX%2BxyM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881db1cc98465690-OSL
alt-svc: h3=":443"; ma=86400

mvgde.check-tl-ver-94-1.com/space-robot/assets/style.css?v=4

172.67.147.142

17 kB

URL
mvgde.check-tl-ver-94-1.com/space-robot/assets/style.css?v=4
IP
172.67.147.142:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
17 kB (17430 bytes)
Hash
16c856ad31986a50e8240a622b120317
f07f12459f1d56b94e9b624998ea74a3a0911e9f
598cecef92717033d06accf44549a083ef5a881a5f1c7b3837331fd4f04da26f

HTTP Headers

GET /space-robot/assets/style.css?v=4 HTTP/1.1
Host: mvgde.check-tl-ver-94-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mvgde.check-tl-ver-94-1.com/space-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=space-robot&nrid=a1d373c95abc4288b3da83f0dd7567b6&hash=klzJuKKiBa3jPVw6hcXiQw&exp=1715383889
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 23:26:29 GMT
content-type: text/css
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-1986"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oMlTOnYEa%2Fxmk7vy9S%2BGgL57v5bbCOSV3%2FX396wsVCVxQi%2F1Fv54nkoo9nGJxc9tYZL5Y4%2BSg3nfJ6L1pnWk25PcmexiIMh90%2B8pS75j1jAjJ3ZKY4IroHHqIbQLEGv5dXaLNIBmqH8fES%2FFwpE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881db1cc983f5690-OSL
alt-svc: h3=":443"; ma=86400

mvgde.check-tl-ver-94-1.com/space-robot/assets/favicon-16x16.png

172.67.147.142

1.2 kB

URL
mvgde.check-tl-ver-94-1.com/space-robot/assets/favicon-16x16.png
IP
172.67.147.142:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: mvgde.check-tl-ver-94-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mvgde.check-tl-ver-94-1.com/space-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=space-robot&nrid=a1d373c95abc4288b3da83f0dd7567b6&hash=klzJuKKiBa3jPVw6hcXiQw&exp=1715383889
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 23:26:30 GMT
content-type: image/png
content-length: 1163
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: "6627c958-48b"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yAmgvSlRZR4UyYPjK3ChfqZTkPtLMuX4GFl%2BYH1vD8qEdze%2FDxXgadLN1CGDhQrNqsDjGfkRXTAIs9GWdQNt06jVZdSVk%2BQVpC7DsottrsEUhSO6svLmDlu%2F9zYcQjQn9531vqzPtrAgxpY%2F9YQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881db1ce6a285690-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mvgde.check-tl-ver-94-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 May 2024 06:28:12 GMT
expires: Sat, 10 May 2025 06:28:12 GMT
cache-control: public, max-age=31536000
age: 61098
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnstatic.check-tl-ver-94-1.com/ps/config.js?id=wyqwIiui3U-oMKNOfTV6Dg

172.67.147.142

23 kB

URL
cdnstatic.check-tl-ver-94-1.com/ps/config.js?id=wyqwIiui3U-oMKNOfTV6Dg
IP
172.67.147.142:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
23 kB (23429 bytes)
Hash
1e4e3f9badc2b9ba62108ca0f47716c8
c19f6ae9df9d2521174ebd719feb7e63e5252b73
bea2497587e48cba9a6bc2fb41e06f5a4c8d02ebe272afd61c4e0098e4500014

HTTP Headers

GET /ps/config.js?id=wyqwIiui3U-oMKNOfTV6Dg HTTP/1.1
Host: cdnstatic.check-tl-ver-94-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mvgde.check-tl-ver-94-1.com/
Cookie: __psu=73908f84-11f9-41a7-84aa-0737a56b6cba
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 23:26:30 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-encoding: gzip
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uTSpZoOjQ7qE22LKYT%2FnFSSLyqZc5VKt0NNSYUb0wTr1bgEdK0XDzkobm%2B4sK6zcnuGlTm5P00LQRJWY7gditvMp55jxUJgccwmqA%2Baj3dbKgNn%2F3VdbYuOOljQMIyhd1%2BRblIcGoCuE8GiltaGSGBru"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881db1cdd9585690-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mvgde.check-tl-ver-94-1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:47:38 GMT
expires: Fri, 09 May 2025 02:47:38 GMT
cache-control: public, max-age=31536000
age: 160732
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lakesidefootball.com/?u=pe7k605&o=3u0gcu2

188.114.97.1

36 kB

URL
lakesidefootball.com/?u=pe7k605&o=3u0gcu2
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (47858), with CRLF line terminators
Size
36 kB (36230 bytes)
Hash
f4cc0d45c1b32ca9b29c7d0344122b3b
706f182d60eddab3aea9dc9b85901ad171719f0a
77f58b98d7b508d18f68656faa5fb6b8c147e9fb8b39917c404d5001941466be

HTTP Headers

GET /?u=pe7k605&o=3u0gcu2 HTTP/1.1
Host: lakesidefootball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 23:26:30 GMT
content-type: text/html
cache-control: private
set-cookie: sid=t2~xxavun0ojqwhqm43x1cfoqqi; path=/
sid=t2~xxavun0ojqwhqm43x1cfoqqi; path=/
p1=https://ehhipwind.live/onehhugh/; path=/
s1=elm3tlapqoso720e; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66EOtBgDKOEdgbu34o4K9WGgP9rrK1m0njJXTizJMXkTutQ%2Fs9KiKDmTDMkmWuedvrrKKe%2BOb7y1lFTnX3INMHBKqAf9SRlfLkwDQtF53MQSunjwWkJqaFVOi7MEnq2AcdKcGKYFFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881db1d06f0c0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

splitpubcrawl.net/

172.67.191.164

30 kB

URL
splitpubcrawl.net/
IP
172.67.191.164:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
30 kB (30454 bytes)
Hash
26aa6e0db24ecbe213263e093b1f8664
1b2499ba5a63989fdf681ef8417c226fbd552f6f
bfd6b3a0f403769199cac13bea664da325ab9ba3c4f15c7ecbaa064d179ace6d

HTTP Headers

GET / HTTP/1.1
Host: splitpubcrawl.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: antibot_uid=1af7b4916f9d7d4a10dd64c5c9ab7e8e; antibot_country=NO; antibot_lang=en; antibot_ptr=91.90.42.154; antibot_3c2074068856ed67d671423be6b6dfc1=331366f177c2f6288efcf597174983d5; lastcid=1715383592.886
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 10 May 2024 23:26:29 GMT
content-type: text/html; charset=UTF-8
location: https://mvgde.polluxcastor.top/?pl=wyqwIiui3U-oMKNOfTV6Dg
set-cookie: antibot_referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
antibot_unique_20240511=1; expires=Sat, 11-May-2024 23:26:33 GMT; Max-Age=86400; path=/; domain=splitpubcrawl.net
lastcid=0; expires=Fri, 10-May-2024 23:24:53 GMT; Max-Age=0; path=/
expires: Mon, 20 May 2024 23:26:33 GMT
last-modified: Fri, 10 May 2024 23:26:33 GMT
cache-control: public, max-age=864000
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f2dV8nS9UAzwYykrEacWSA0fp3PAIZky4G65Ah%2BVyx3sdmMozoT29%2B1j70QZB8xNNEHmDT922rBWxZq0Ft6GolOBP1uqfDRI%2BcxeJEQx4m8WsMctRGA6Hhg5foT%2BC0fYPs24%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881db1c98db80b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D

185.155.186.25

17 kB

URL
506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (562)
Size
17 kB (16903 bytes)
Hash
1bece5bf1d8c3dad32e1b3616c401015
f7f50a626ff82316be74b14fe8c9fae8a06cf2c6
b1db454c8a9de696f3f5ddf0ad949bd31b2debadf77d764a28e4cf3bffd8a682

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lakesidefootball.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/html
Content-Length: 16903
Connection: keep-alive
cache-control: private

506k7ep.ehhipwind.live/media/mainstream/all/mb/bootstrap-mini.css

185.155.186.25

10 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/bootstrap-mini.css
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
ASCII text, with very long lines (571), with CRLF line terminators
Size
10 kB (10214 bytes)
Hash
f0a842b8b8a52bb05e6c729828fbb40e
f1fe8a76db92bc9bd3f9d70f3867f03d51ebbae5
eb9fe798331b592bd8fc54d5ede3ac19e961b5aa7c2dffb3dbb17ce5fcb88e01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/bootstrap-mini.css HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/css
Content-Length: 10214
Connection: keep-alive
ETag: "f0a842b8b8a52bb05e6c729828fbb40e"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449B61BDAD1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#292024605/gid:0/gname:root/mode:33279/mtime:1653412343#213095000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:23.213095Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/font-awesome-mini.css

185.155.186.25

1.9 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/font-awesome-mini.css
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
ASCII text, with very long lines (1857), with no line terminators
Size
1.9 kB (1857 bytes)
Hash
8b2fe9dcd9e31f21056ebc3d6667123c
49e6a844f0085d9f653faab8a451742be82ecdf7
e7eb3ba41e31f5d9710bb64a87a5e9e7664143a95f68d0f357fe0d4252bb58d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/font-awesome-mini.css HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/css
Content-Length: 1857
Connection: keep-alive
ETag: "8b2fe9dcd9e31f21056ebc3d6667123c"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449B861BE78
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223404#975749745/gid:0/gname:root/mode:33279/mtime:1653412350#393111000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:30.393111Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

mvgde.check-tl-ver-94-1.com/space-robot/assets/main.js?v=3

172.67.147.142

13 kB

URL
mvgde.check-tl-ver-94-1.com/space-robot/assets/main.js?v=3
IP
172.67.147.142:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (2745)
Size
13 kB (13207 bytes)
Hash
01c51ed0a287b5ddf6793778cfa3a72c
ebd2613cd806b8e080f556b0d254c0f7a6c738a9
4c0224d810d4f0ac617ddd4ab215e0084aeec230d8944780a129c0046de2dad5

HTTP Headers

GET /space-robot/assets/main.js?v=3 HTTP/1.1
Host: mvgde.check-tl-ver-94-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mvgde.check-tl-ver-94-1.com/space-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=space-robot&nrid=a1d373c95abc4288b3da83f0dd7567b6&hash=klzJuKKiBa3jPVw6hcXiQw&exp=1715383889
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 23:26:29 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 14:44:40 GMT
etag: W/"6627c958-1255"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=08ezHHaL9lwJ8vAQE5eAMD6IIwdnKscTqg79XdaseUUgnXIDZ1lAMp%2F2xxitrqnDMHY7oUPTTfVAry6mMdI2apj3pk1hOncH1MTGTwoZ6SVylyKQy5ugCXq3ymM6jIVsqQmiaWbR8gHTAIBlrSY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881db1cca8495690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

506k7ep.ehhipwind.live/media/mainstream/all/mb/2.js

185.155.186.25

15 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/2.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JavaScript source, ASCII text, with very long lines (15146), with no line terminators
Size
15 kB (15146 bytes)
Hash
0bddd3bcca2df107ca5b8187b8e2a3f8
8bb441d73dfd233f8db6bbaffc2b0227a329a0f7
03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/2.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/javascript
Content-Length: 15146
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0bddd3bcca2df107ca5b8187b8e2a3f8"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE4449BCF45680
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809290#963090484/gid:0/gname:root/mode:33188/mtime:1708809290#939090444/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.967Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/main-like.css

185.155.186.25

7.2 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/main-like.css
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
ASCII text, with very long lines (7181), with no line terminators
Size
7.2 kB (7181 bytes)
Hash
30d4bbfa0a8fa6727a9edb23be989598
39bc311daad791b9c7377e11fbb6f9b24c6b3d46
f2ead250f003ad44fad41af0a1554922e31ab930fa86d90a8f2df62c048c2843

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/main-like.css HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/css
Content-Length: 7181
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "30d4bbfa0a8fa6727a9edb23be989598"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE4449BF56B28A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412366#569146000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:46.569146Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/3.js

185.155.186.25

15 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/3.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JavaScript source, ASCII text, with very long lines (14971), with no line terminators
Size
15 kB (14971 bytes)
Hash
55bab18cf6adc22fc3d91e30c20ce0e6
0f18ff18d3db09841c930241460d61bc136e5a34
b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/3.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/javascript
Content-Length: 14971
Connection: keep-alive
ETag: "55bab18cf6adc22fc3d91e30c20ce0e6"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C105D076
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#30902711/gid:0/gname:root/mode:33188/mtime:1708809291#171090831/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.198Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/no/8.js

185.155.186.25

1.2 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/no/8.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
Unicode text, UTF-8 text
Size
1.2 kB (1242 bytes)
Hash
dbdb981f8658c845968ec8226f81d1d8
d679b7bf47f71cd55b6c307cf96146a95660d667
5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/no/8.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE4449C050E1F3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#895577398/gid:0/gname:root/mode:33279/mtime:1653412375#277166000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:55.277166Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/u.js

185.155.186.25

24 kB

URL
506k7ep.ehhipwind.live/media/mainstream/u.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JavaScript source, ASCII text, with very long lines (24389), with no line terminators
Size
24 kB (24389 bytes)
Hash
89ed4b592ab506a6fca18e95657dfc4f
179998ad5741d669e75521fb943850a808917924
4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/u.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/javascript
Content-Length: 24389
Connection: keep-alive
ETag: "89ed4b592ab506a6fca18e95657dfc4f"
Last-Modified: Sun, 25 Feb 2024 11:59:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4311A6C66C99
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809189#0/gid:0/gname:root/mode:33188/mtime:1708862369#235249424/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-25T11:59:29.279Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/4.js

185.155.186.25

5.8 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/4.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JavaScript source, ASCII text, with very long lines (5828), with no line terminators
Size
5.8 kB (5828 bytes)
Hash
8c7a2e36533feed8cd5fbca8b8f91114
854cdef22953f1eab3d94eb6b421c433ad34f4c7
f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/4.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: application/javascript
Content-Length: 5828
Connection: keep-alive
ETag: "8c7a2e36533feed8cd5fbca8b8f91114"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C2131958
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#292024605/gid:0/gname:root/mode:33279/mtime:1653412338#153083000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.153083Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/5.js

185.155.186.25

12 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/5.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JavaScript source, ASCII text, with very long lines (11920), with no line terminators
Size
12 kB (11920 bytes)
Hash
de362f15f5232df7747f7e741f587fcd
6353ff9bb0db73da818f1bc7250866f3d56bc8f8
e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/5.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/javascript
Content-Length: 11920
Connection: keep-alive
ETag: "de362f15f5232df7747f7e741f587fcd"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C282515A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#798904105/gid:0/gname:root/mode:33279/mtime:1708809291#359091145/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.387Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/jquery.min.js

185.155.186.25

87 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/jquery.min.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/jquery.min.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: application/javascript
Content-Length: 86659
Connection: keep-alive
ETag: "c9f5aeeca3ad37bf2aa006139b935f0a"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449BD5247A8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412360#809134000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.809134Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/7.js

185.155.186.25

7.9 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/7.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JavaScript source, ASCII text, with very long lines (7936), with no line terminators
Size
7.9 kB (7936 bytes)
Hash
114f0be35fbff35e205c5f0bc146d864
dad256468614b8bb885233a71b31751edc222c5d
7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/7.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: text/javascript
Content-Length: 7936
Connection: keep-alive
ETag: "114f0be35fbff35e205c5f0bc146d864"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C3EB94CD
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806894#614905586/gid:0/gname:root/mode:33279/mtime:1708809291#543091452/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.568Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img10.jpg

185.155.186.25

200 OK

1.5 kB

URL GET HTTP/1.1
506k7ep.ehhipwind.live/media/mainstream/all/mb/img10.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Certificate
IssuerLet's Encrypt
Subjectehhipwind.live
Fingerprint01:E5:4D:07:F5:2A:14:35:A8:4F:3D:6F:CB:9F:01:54:2C:0B:5D:D9
ValidityFri, 10 May 2024 08:35:36 GMT - Thu, 08 Aug 2024 08:35:35 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3
Size
1.5 kB (1506 bytes)
Hash
0d0f29abfcedc7dfffe3811a5100a6cd
19567e85aab4fd05d752cfa86f88087465042b0a
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img10.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C5B0119C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412354#925121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.925121Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img7.jpg

185.155.186.25

2.3 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img7.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.3 kB (2264 bytes)
Hash
7364bf39dcf0941d3a1760e46a562710
a358405162193128cceae8551e14648798bd4254
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img7.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C5B1E6DD
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#391750681/gid:0/gname:root/mode:33279/mtime:1653412355#349122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.349122Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img8.jpg

185.155.186.25

1.6 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img8.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.6 kB (1608 bytes)
Hash
5da3831556c780010e0e5c5b967e43ce
574623afde349258b91d44849ef16d483b61e223
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img8.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C5C02E01
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#395750690/gid:0/gname:root/mode:33279/mtime:1653412355#405122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.405122Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img11.jpg

185.155.186.25

1.6 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img11.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
Size
1.6 kB (1610 bytes)
Hash
14ca7a7e1bb1db7a31af7c44a0ae9062
7293947d75065f3def42439f32138127d605bc8f
d8d2b0e0baad97e943838712911352a8c9dd0d5bf2114e78c3d1649bcc0d634a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img11.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 1610
Connection: keep-alive
ETag: "14ca7a7e1bb1db7a31af7c44a0ae9062"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C62B9FE9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#351750591/gid:0/gname:root/mode:33279/mtime:1653412354#997121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.997121Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/6.js

185.155.186.25

29 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/6.js
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JavaScript source, ASCII text, with very long lines (28941)
Size
29 kB (29110 bytes)
Hash
ba847811448ef90d98d272aeccef2a95
5814e91bb6276f4de8b7951c965f2f190a03978d
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/6.js HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: application/javascript
Content-Length: 29110
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "ba847811448ef90d98d272aeccef2a95"
Last-Modified: Mon, 20 Feb 2023 09:33:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE4449C5A8FED1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#911577422/gid:0/gname:root/mode:33279/mtime:1653412338#597084000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.597084Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img2.jpg

185.155.186.25

1.3 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img2.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.3 kB (1297 bytes)
Hash
92b944714cea3e478a8e50dea1a80b26
f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img2.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C8616D25
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#359750609/gid:0/gname:root/mode:33279/mtime:1653412355#53121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.053121Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img9.jpg

185.155.186.25

1.4 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img9.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
Size
1.4 kB (1374 bytes)
Hash
a2dbd5c25807fbad37aceb676e90cd66
6972c6df94b50dd66111d5a555bdf2907b6f3e7e
6592c5497d79980109ee577663beac8d709726a63329f893775f89083cc8858e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img9.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a2dbd5c25807fbad37aceb676e90cd66"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE4449C8092F2E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#461122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.461122Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/iphone15pro.png

185.155.186.25

46 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/iphone15pro.png
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
PNG image data, 300 x 351, 8-bit colormap, non-interlaced
Size
46 kB (46124 bytes)
Hash
901fdfedb54cf1297edd1de54a893cf8
c9cd3908f28908392b45e1a54e7b350993eee53c
f30ac8920f3a3ab6621abad202e015353d46b61233549dfabe927234a9a5b3c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/iphone15pro.png HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/png
Content-Length: 46124
Connection: keep-alive
ETag: "901fdfedb54cf1297edd1de54a893cf8"
Last-Modified: Thu, 12 Oct 2023 21:10:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449C7E08B74
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1697145024#790103101/gid:0/gname:root/mode:33188/mtime:1697145024#886103343/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2023-10-12T21:10:24.913Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img3.jpg

185.155.186.25

2.3 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img3.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.3 kB (2336 bytes)
Hash
5edf4db493423ac10c72a27ad5c4a618
5c535d00eaeaa725b39e3e1167a12de5bd66a1f2
a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img3.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449CA8A0532
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#109121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.109121Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img6.jpg

185.155.186.25

2.1 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img6.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.1 kB (2143 bytes)
Hash
f48aa7778890400e3be6131e64cd4236
9341d039b9f7de4eac9070c36fecac2772cc1ba0
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img6.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449CB4F6CC3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#383750663/gid:0/gname:root/mode:33279/mtime:1653412355#293121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.293121Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

splitpubcrawl.net/antibot777/ab.php

104.21.60.48

6.8 kB

URL
splitpubcrawl.net/antibot777/ab.php
IP
104.21.60.48:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
6.8 kB (6828 bytes)
Hash
7010a301fd6135dac28c363a2f5570b6
c3ac783529fa9f35d924fb6cb26df5fb8dff2e1f
0340d4f6f0552091223fdfe591e8d0d96ec135f3de7c6a6aa8526fb2f3dcf1af

HTTP Headers

POST /antibot777/ab.php HTTP/1.1
Host: splitpubcrawl.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://splitpubcrawl.net/
Content-type: application/x-www-form-urlencoded;
Content-Length: 221
Origin: https://splitpubcrawl.net
DNT: 1
Connection: keep-alive
Cookie: antibot_uid=1af7b4916f9d7d4a10dd64c5c9ab7e8e; antibot_country=NO; antibot_lang=en; antibot_ptr=91.90.42.154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 23:26:29 GMT
content-type: text/html; charset=UTF-8
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-allow-headers: *
x-powered-cms: AntiBot.Cloud (See: https://antibot.cloud/)
x-robots-tag: noindex
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZug%2FoWQ0g1EIeV0Y1dl4cND2PdQj%2F5zGYO8YBanJ2IBYV3sw1wfBOTQfduzjdBAZhHE0ZDEphn2tAwfPtWtsdqQAvGWfdj%2FACilq2OeUYhLtTll%2FwhGHG6LlYptEOFB6wWkBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881db1c87b5a5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

506k7ep.ehhipwind.live/media/mainstream/all/mb/img1.jpg

185.155.186.25

1.3 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img1.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.3 kB (1315 bytes)
Hash
c3c59916d3b4977017c89125dc42b664
c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img1.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE4449CA33FA96
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412354#865120000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.86512Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img4.jpg

185.155.186.25

1.2 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img4.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.2 kB (1169 bytes)
Hash
a848711320a9df61e6457f65b0dfa9fb
68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img4.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE4449CC0E6641
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#181121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.181121Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/all/mb/img5.jpg

185.155.186.25

2.0 kB

URL
506k7ep.ehhipwind.live/media/mainstream/all/mb/img5.jpg
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.0 kB (2037 bytes)
Hash
6d02d5cf49120718501b9a6629290c48
a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1
84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img5.jpg HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:31 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17CE4449CE5F3BBF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#241121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.241121Z
Expires: Sat, 10 May 2025 23:26:31 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/media/mainstream/us/wap/mobsurvey/ff.png

185.155.186.25

11 kB

URL
506k7ep.ehhipwind.live/media/mainstream/us/wap/mobsurvey/ff.png
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
PNG image data, 245 x 253, 8-bit colormap, non-interlaced
Size
11 kB (10691 bytes)
Hash
2f5710ee40aba475e1d0cd9c9c953407
93ac36daaed5f1b86a2f301faddca673393996aa
38450abe3fe9fdc0c5c281fa3bc6532f9ffcd7632d6924f154444fba265a39f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/us/wap/mobsurvey/ff.png HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:32 GMT
Content-Type: image/png
Content-Length: 10691
Connection: keep-alive
ETag: "2f5710ee40aba475e1d0cd9c9c953407"
Last-Modified: Wed, 20 Sep 2023 15:25:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4449E2AB68DC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#568025469/gid:0/gname:root/mode:33279/mtime:1655387479#482644706/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:51:19.482644706Z
Expires: Sat, 10 May 2025 23:26:32 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

506k7ep.ehhipwind.live/favicon.ico

185.155.186.25

0 B

URL
506k7ep.ehhipwind.live/favicon.ico
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: openresty
Date: Fri, 10 May 2024 23:26:32 GMT
Connection: keep-alive

506k7ep.ehhipwind.live/media/mainstream/alert.mp3

185.155.186.25

8.8 kB

URL
506k7ep.ehhipwind.live/media/mainstream/alert.mp3
IP
185.155.186.25:0
ASN
#203639 Teknology SA

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural
Size
8.8 kB (8802 bytes)
Hash
6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/alert.mp3 HTTP/1.1
Host: 506k7ep.ehhipwind.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/onehhugh/?u=pe7k605&o=3u0gcu2&f=1&sid=t2~xxavun0ojqwhqm43x1cfoqqi&fp=NBfSVWjJY7W6EtgTXzht1w%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 23:26:32 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 20 Sep 2023 15:23:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17CE4311DE3C5546
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#348024780/gid:0/gname:root/mode:33279/mtime:1655387452#802583242/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.802583242Z
Expires: Sat, 10 May 2025 23:26:32 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

jsontdsexit2.com/ExtService.svc/getextparams

136.243.216.235

4.5 kB

URL
jsontdsexit2.com/ExtService.svc/getextparams
IP
136.243.216.235:0
ASN
#24940 Hetzner Online GmbH

File type
gzip compressed data, from Unix
Size
4.5 kB (4506 bytes)
Hash
a7799a765b34cc1833557f2dd133c353
64946ffb8852ccbaca77f2c4a94dd0b59f2e830a
74a09949dc630bc7086a90ef686d36a7bf78d9212a93641eaeaf0e0d5e533f77

HTTP Headers

GET /ExtService.svc/getextparams HTTP/1.1
Host: jsontdsexit2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://506k7ep.ehhipwind.live
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.ehhipwind.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 23:26:31 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML