Report - wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93__

Report Overview

Visited public
2023-09-24 02:57:23
Tags
URL
wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Finishing URL
wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
IP / ASN
139.45.197.158
#9002 RETN Limited
Title
Dating and Chat - SweetMeet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-09-23 20:47:37	878 B	1.5 kB	139.45.195.8
wewaixor.com	unknown	2023-07-12	2023-07-13 03:02:42	2023-09-23 22:16:50	7.1 kB	86 kB	139.45.197.158
littlecdn.com	11785	2019-06-04	2019-06-04 12:44:02	2023-09-23 23:39:07	478 B	267 kB	172.67.10.98
static.wewaixor.com	unknown	2023-07-12	2023-08-01 06:58:09	2023-09-22 06:56:46	542 B	7.4 kB	139.45.197.158

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-23	medium	wewaixor.com	Sinkholed
2023-09-23	medium	wewaixor.com	Sinkholed
2023-09-23	medium	wewaixor.com	Sinkholed
2023-09-23	medium	wewaixor.com	Sinkholed
2023-09-23	medium	wewaixor.com	Sinkholed
2023-09-23	medium	wewaixor.com	Sinkholed
2023-09-23	medium	wewaixor.com	Sinkholed
2023-09-23	medium	wewaixor.com	Sinkholed
2023-09-23	medium	wewaixor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	32 B	2023-03-13	2024-12-01
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 19:53 Last Seen2024-12-01 14:47 Times Seen738 Hash 4e5e8fb36d83dde24fb98e62a9779375 da75c65907e31036bfef95ac91601b3d748c1344 5c68e3331e69338f026762bb1b00dc710d7fe9c4eb0ae299d534010aa9ab33ab Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	606 B	2023-09-16	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-16 04:33 Last Seen2024-08-21 06:45 Times Seen59 Hash 56277eaea4d6c0afe97c87d52f597354 83ecf826beec7411e982b58a87721ea3e2b12058 e964e2ad73235ef72c70e96c6606e844bb93d3f8a423ad822d9d430de83af16c Loading...

	wewaixor.com/pfe/current/micro.tag.min.js?uhd=1&z=5256482&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=5628284&sw=/sw-check-permissions/5256482&var_3=16289356_429288&os_version=x86.64	ScriptElement	27 kB	2023-09-14	2023-09-28
Pretty URL wewaixor.com/pfe/current/micro.tag.min.js?uhd=1&z=5256482&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=5628284&sw=/sw-check-permissions/5256482&var_3=16289356_429288&os_version=x86.64 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-14 18:03 Last Seen2023-09-28 12:18 Times Seen811 Hash 143a8b6958448605454250bbd9f0dd8b a504d0d49380d494f262a7c3194700c303e3c26b 0902f69ebed38e29e2de16ad44c314d1510fc88b2187dee42c506aae7b67aec3 Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	1.0 kB	2023-09-15	2025-01-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-15 06:48 Last Seen2025-01-21 11:42 Times Seen6367 Hash 1e000d88343060c761e3d7ae644a8732 98f67005a3b038378596137e93681310c394d980 cea17ebf90b967d519365b4f2c3a89f73e6b70003e81841d6b8696df4304210e Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	2.1 kB	2023-09-10	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-10 02:55 Last Seen2024-08-21 07:10 Times Seen15 Hash 95179feb0fcb51248ad67c50c25d4f57 d409aad38cffef518482bc173f4401b3e855e3e8 060110d1d5fd5be6138670837bd10ca8560b0d0bde1d9535bbf3682c2ae20ddb Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	38 B	2023-03-13	2025-01-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 22:51 Last Seen2025-01-21 11:42 Times Seen5557 Hash 3ea1379d18e4ec6bccefeba76a1b33b4 90afb068cee6917494ddd820bcb2fe44de7e5e43 15c832dee58f1c08fb6bf51935a10f95cb0482d19441cefbb469a82278e54bae Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	11 kB	2024-08-21	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:54 Last Seen2024-08-21 05:54 Times Seen1 Hash a6cc58940372500258c5bf90dd5e89ac fa6b1a581f03a4429f8019d6e8f024811d8875d1 03ae64fdab63bb46525ce4472f75f09cb2fc28a787c117bfff7c083a50f7d0ea Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	432 B	2023-08-15	2025-01-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-15 17:07 Last Seen2025-01-21 11:42 Times Seen6382 Hash a68df917a9d58006028bbbc7b6f30aa0 8412b7650e9351c4826eee83dc944ab8e7a5a660 003c5bfe078f1901b11f14e32f824a1696e54b3a72cd7462395986063f0cd571 Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	4.2 kB	2024-08-21	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:54 Last Seen2024-08-21 05:54 Times Seen1 Hash 6c659977899edffbbf3514c6704333d5 8d78d9534ce73ebaf4e96f5d07661f3f544a6463 783325191d56ea27c770c26909feeb38226e1112fac014cae4e57ba06e0554fb Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	489 B	2023-03-07	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 09:42 Times Seen4398 Hash b59d52e5c8c1c905dd20084f27bc5261 492b79822be8f2f1d46714e43274e2500de5c0c5 4795baeddefb045a60541029990e6da282eb7d0cb2f9d20da866382567029649 Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	27 B	2023-03-07	2025-01-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2025-01-21 11:42 Times Seen2810 Hash dcdca1271ff14fa2a37aac2fdd562ad7 6f8d97801b33f24f2a736c00e1bc5805d9fd5eb7 66d82b0643143d1e9fa6ec2c7e07af701b2b274bc4db74b60ee4dcf5862d229c Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	6.9 kB	2024-08-21	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:54 Last Seen2024-08-21 05:54 Times Seen1 Hash 6fab438103398d1b94383915648359b1 8331d51144d2c78e236d6f602251290e594158ae 6bee5bfa85949c0f9684234f0ee00dbcdf6932b67c96be3cc1bba5c3aa9ef9a6 Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	4.0 kB	2024-08-21	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:54 Last Seen2024-08-21 05:54 Times Seen1 Hash 5024dfd116b583968183e7142e17be7f f4f838faba555830bc4073d7e82f9a18551e91fe bcdc37c2d1fc06d7d4dad942fa44fc02a676f7543bcfc2b6d3d92c059a621529 Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	2.9 kB	2023-09-10	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-10 02:55 Last Seen2024-08-21 07:10 Times Seen15 Hash 94ee4739e36ec6734edc66afb478eff7 572fffb34d1c7ba5bc2dd739ebb1f9bc59d99a4b b63608cc1ea4cb7641e86d43476286c9e6e8730bbe69e991062694cbad8c67f8 Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	2.8 kB	2024-08-21	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:54 Last Seen2024-08-21 05:54 Times Seen1 Hash 301d38f2833284ffb445f361f11577c7 fd6f2bbe0f53acfc2d3270ecc1f170c208876d49 320ba747e3261657720f2f2c10c7bff1896e928c4f3c847437e2a6ae8d2ee4ad Loading...

	wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9	ScriptElement	2.1 kB	2024-08-21	2024-08-21
Pretty URL wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 IP 139.45.197.158 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 05:54 Last Seen2024-08-21 05:54 Times Seen1 Hash a5c0d1055be48377e26a91ede481bf98 1ae5af9e1a493f27b0728f14b9e9bf400df90966 3bb3790b6b27ee42fe89f4c64b554fe3c2f7e3902918b72ff5f37ac3b981c606 Loading...

HTTP Transactions (12)

URL IP Response Size

littlecdn.com/apps/contents/s/a3/6a/ee/278a72b666fefbf9bb04b8cb2e/01078460071229.png

172.67.10.98

200 OK

266 kB

URL GET HTTP/2
littlecdn.com/apps/contents/s/a3/6a/ee/278a72b666fefbf9bb04b8cb2e/01078460071229.png
IP
172.67.10.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:14:9E:F3:4F:17:83:0E:22:54:EF:3E:FD:37:20:6C:1D:08:CE:1F
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT

File type
PNG image data, 360 x 360, 8-bit/color RGBA, non-interlaced\012- data
Size
266 kB (266197 bytes)
Hash
a36aee278a72b666fefbf9bb04b8cb2e
b583da3a7f19f1416fae9acc012973c4ed809a5c
c2d44d2df843c6b59d9f661f0f4636d59dcce7fb8cbc234daa93c491e7f1125e

HTTP Headers

GET /apps/contents/s/a3/6a/ee/278a72b666fefbf9bb04b8cb2e/01078460071229.png HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wewaixor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 24 Sep 2023 02:57:05 GMT
content-type: image/png
content-length: 266197
last-modified: Wed, 16 Feb 2022 10:30:33 GMT
vary: Accept-Encoding
etag: "620cd249-40fd5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 17
accept-ranges: bytes
server: cloudflare
cf-ray: 80b7c20b4c630b49-OSL
X-Firefox-Spdy: h2

static.wewaixor.com/templates/_assets/sounds/blip1/default.mp3

139.45.197.158

206 Partial Content

6.7 kB

URL GET HTTP/2
static.wewaixor.com/templates/_assets/sounds/blip1/default.mp3
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
6.7 kB (6712 bytes)
Hash
6422f23e1751d74410347e02c0210a60
0e3e65be6b5fbb76f6a52191e973bd37368be204
4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /templates/_assets/sounds/blip1/default.mp3 HTTP/1.1
Host: static.wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://wewaixor.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 206 Partial Content
server: nginx
date: Sun, 24 Sep 2023 02:57:05 GMT
content-type: audio/mpeg
content-length: 6712
last-modified: Fri, 22 Sep 2023 11:52:21 GMT
vary: Accept-Encoding
etag: "650d7ff5-1a38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-range: bytes 0-6711/6712
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=f764b1578f1789552d02827eafc5cc3a

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=f764b1578f1789552d02827eafc5cc3a
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintB4:02:64:AF:5C:AB:27:5B:1B:80:CF:C8:FF:EB:BF:43:29:C3:C5:C1
ValidityTue, 25 Jul 2023 06:29:27 GMT - Mon, 23 Oct 2023 06:29:26 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
f4d848bd5f57812b868f9e3bcec306b1
240d361b5ea882f8b99e3ae29cf74a2fac0f6e7b
ee7708602305a8a3f421a0cc3559b27cbc5cc1489f13246f130c6d35de8d0d47

HTTP Headers

GET /gid.js?userId=f764b1578f1789552d02827eafc5cc3a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wewaixor.com/
Origin: https://wewaixor.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:05 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wewaixor.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f764b1578f1789552d02827eafc5cc3a; expires=Mon, 23 Sep 2024 02:57:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

wewaixor.com/zone?&pub=0&zone_id=5256482&is_mobile=false&domain=wewaixor.com&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=16289356_429288&var_4=&dsig=&tg=1&action=prerequest

139.45.197.158

200 OK

0 B

URL POST HTTP/2
wewaixor.com/zone?&pub=0&zone_id=5256482&is_mobile=false&domain=wewaixor.com&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=16289356_429288&var_4=&dsig=&tg=1&action=prerequest
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=5256482&is_mobile=false&domain=wewaixor.com&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=16289356_429288&var_4=&dsig=&tg=1&action=prerequest HTTP/1.1
Host: wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wewaixor.com
DNT: 1
Connection: keep-alive
Referer: https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Cookie: reverse=DTj5-VsZU41Wpe0KZlNjkUwjpusuudjkO24FAyPpzEQ; OAID=f764b1578f1789552d02827eafc5cc3a; oaidts=1695524225
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:05 GMT
content-length: 0
x-trace-id: 18828259b81dd38dd50af17788354e4d
access-control-allow-origin: https://wewaixor.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintB4:02:64:AF:5C:AB:27:5B:1B:80:CF:C8:FF:EB:BF:43:29:C3:C5:C1
ValidityTue, 25 Jul 2023 06:29:27 GMT - Mon, 23 Oct 2023 06:29:26 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
e4214fb2de6eebe02fcd6f56d03664b8
8774920f88da50fb8471f5c6f4ae3eb5a3280262
2ea4208bebee7015169cc5884531cc2e914be8638a338d21c5f5b7c0ee4cc5f9

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wewaixor.com/
Origin: https://wewaixor.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:05 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://wewaixor.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0a26d19a7b174055bc6bfd1c0eb59ad8; expires=Mon, 23 Sep 2024 02:57:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

wewaixor.com/favicon.ico

139.45.197.158

204 No Content

0 B

URL GET HTTP/2
wewaixor.com/favicon.ico
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Cookie: reverse=DTj5-VsZU41Wpe0KZlNjkUwjpusuudjkO24FAyPpzEQ; OAID=0a26d19a7b174055bc6bfd1c0eb59ad8; oaidts=1695524225; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sun, 24 Sep 2023 02:57:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

wewaixor.com/track-impression-applab?z=5628284&b=16289356&ymid=650fa568df3fd80001d6f3c9&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=16289356_429288&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A5628284%253A474_89a3984a-749c-48ba-be56-29d12d6d1b93___%253A1%253A%7Bbrowser%7D%26mt_sub2%3D5628284%26mt_creative%3D16289356%26land_state%3Dbefore_render%26land_id%3DbFOmaFrQTwZpWpj%26land_generation_time%3D2023-09-23_21%3A57%3A05%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Df764b1578f1789552d02827eafc5cc3a%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64

139.45.197.158

200 OK

912 B

URL GET HTTP/2
wewaixor.com/track-impression-applab?z=5628284&b=16289356&ymid=650fa568df3fd80001d6f3c9&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=16289356_429288&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A5628284%253A474_89a3984a-749c-48ba-be56-29d12d6d1b93___%253A1%253A%7Bbrowser%7D%26mt_sub2%3D5628284%26mt_creative%3D16289356%26land_state%3Dbefore_render%26land_id%3DbFOmaFrQTwZpWpj%26land_generation_time%3D2023-09-23_21%3A57%3A05%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Df764b1578f1789552d02827eafc5cc3a%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (972), with no line terminators
Size
912 B (912 bytes)
Hash
76782ef3dbcb1fd66d8e941feb210d14
728a1b29144e7cebaccc2ab56ded6a9b1896f44e
6e58e99b3c711127d6d9f1095b4a33b53c905f92dd8635fae0ae7caab4c9c1c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track-impression-applab?z=5628284&b=16289356&ymid=650fa568df3fd80001d6f3c9&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var_3=16289356_429288&redirect=false&redirectUrl=https%3A%2F%2Ftrk.mail.ru%2Fc%2Fb1gnt7%3Fmt_gaid%3D%7Bmt_gaid%7D%26did%3D%24%7BSUBID%7D%26mt_sub1%3Dzeydoo_2%253A5628284%253A474_89a3984a-749c-48ba-be56-29d12d6d1b93___%253A1%253A%7Bbrowser%7D%26mt_sub2%3D5628284%26mt_creative%3D16289356%26land_state%3Dbefore_render%26land_id%3DbFOmaFrQTwZpWpj%26land_generation_time%3D2023-09-23_21%3A57%3A05%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Df764b1578f1789552d02827eafc5cc3a%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 HTTP/1.1
Host: wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
DNT: 1
Connection: keep-alive
Cookie: reverse=DTj5-VsZU41Wpe0KZlNjkUwjpusuudjkO24FAyPpzEQ; OAID=f764b1578f1789552d02827eafc5cc3a; oaidts=1695524225; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:06 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: c85e5f6def9d72fc6493299b383bf905
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9

139.45.197.158

200 OK

52 kB

URL User Request GET HTTP/2
wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1956), with CRLF, LF line terminators
Size
52 kB (52334 bytes)
Hash
c8c70d46a0b09801790e62f6717f8a1f
5f654fa0fc862ea97eac53296b00aa1690f5ec73
15e9fa7610bb90fc4b4b7c3b8ed75215f877e741cbd67039fbdedb5ac83f9c4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9 HTTP/1.1
Host: wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=DTj5-VsZU41Wpe0KZlNjkUwjpusuudjkO24FAyPpzEQ; expires=Sun, 24-Sep-2023 03:57:05 GMT; Max-Age=3600; path=/
OAID=f764b1578f1789552d02827eafc5cc3a; expires=Fri, 17-Jun-2078 05:54:10 GMT; Max-Age=1727146625; path=/
oaidts=1695524225; expires=Fri, 17-Jun-2078 05:54:10 GMT; Max-Age=1727146625; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

wewaixor.com/pfe/current/micro.tag.min.js?uhd=1&z=5256482&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=5628284&sw=/sw-check-permissions/5256482&var_3=16289356_429288&os_version=x86.64

139.45.197.158

200 OK

27 kB

URL GET HTTP/2
wewaixor.com/pfe/current/micro.tag.min.js?uhd=1&z=5256482&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=5628284&sw=/sw-check-permissions/5256482&var_3=16289356_429288&os_version=x86.64
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type
ASCII text, with very long lines (26784), with no line terminators
Size
27 kB (26784 bytes)
Hash
143a8b6958448605454250bbd9f0dd8b
a504d0d49380d494f262a7c3194700c303e3c26b
0902f69ebed38e29e2de16ad44c314d1510fc88b2187dee42c506aae7b67aec3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?uhd=1&z=5256482&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&var=5628284&sw=/sw-check-permissions/5256482&var_3=16289356_429288&os_version=x86.64 HTTP/1.1
Host: wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Cookie: reverse=DTj5-VsZU41Wpe0KZlNjkUwjpusuudjkO24FAyPpzEQ; OAID=f764b1578f1789552d02827eafc5cc3a; oaidts=1695524225
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:05 GMT
content-type: application/javascript
last-modified: Mon, 18 Sep 2023 12:11:40 GMT
vary: Accept-Encoding
etag: W/"65083e7c-68a0"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br
X-Firefox-Spdy: h2

wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9&mprtr=1&os_version=x86.64

139.45.197.158

200 OK

2 B

URL POST HTTP/2
wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9&mprtr=1&os_version=x86.64
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9&mprtr=1&os_version=x86.64 HTTP/1.1
Host: wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wewaixor.com
DNT: 1
Connection: keep-alive
Referer: https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Cookie: reverse=DTj5-VsZU41Wpe0KZlNjkUwjpusuudjkO24FAyPpzEQ; OAID=f764b1578f1789552d02827eafc5cc3a; oaidts=1695524225
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:05 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br
X-Firefox-Spdy: h2

wewaixor.com/sw-check-permissions/5256482?var=5628284&var_3=16289356_429288&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uhd=1

139.45.197.158

200 OK

930 B

URL GET HTTP/2
wewaixor.com/sw-check-permissions/5256482?var=5628284&var_3=16289356_429288&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uhd=1
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type
ASCII text, with very long lines (991), with no line terminators
Size
930 B (930 bytes)
Hash
8e17b3bc505a880b889de8e6f199908a
c4f8b0dabb4b2eb4353b9748e2c3cf11a3293da2
c97ac457c9a34ba0b29ee4b85889e8a663bf5bb144239fbd7798cb32be4a9f0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-check-permissions/5256482?var=5628284&var_3=16289356_429288&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uhd=1 HTTP/1.1
Host: wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Cookie: reverse=DTj5-VsZU41Wpe0KZlNjkUwjpusuudjkO24FAyPpzEQ; OAID=f764b1578f1789552d02827eafc5cc3a; oaidts=1695524225; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:06 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

wewaixor.com/rotate?zz=5822560&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uid=0a26d19a7b174055bc6bfd1c0eb59ad8&var_4=650fa568df3fd80001d6f3c9&os_version=x86.64

139.45.197.158

200 OK

762 B

URL GET HTTP/2
wewaixor.com/rotate?zz=5822560&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uid=0a26d19a7b174055bc6bfd1c0eb59ad8&var_4=650fa568df3fd80001d6f3c9&os_version=x86.64
IP
139.45.197.158:443
ASN
#9002 RETN Limited

Requested by
https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
Certificate
IssuerLet's Encrypt
Subjectwewaixor.com
FingerprintF3:CF:6A:45:0B:F6:56:C6:FF:EF:B7:B8:B5:BD:30:69:45:EA:ED:D0
ValidityWed, 12 Jul 2023 09:17:26 GMT - Tue, 10 Oct 2023 09:17:25 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (772), with no line terminators
Size
762 B (762 bytes)
Hash
5c60ffcd1361fe4a7e059bc8c3c70842
c59c1b0ea3a0b09eb133121a77962c8b6c806ce5
a7fc0cc911c9491ab55a601e69db742f1195a8452650c05f905cb39ba2c7b5c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotate?zz=5822560&var=5628284&ymid=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&uid=0a26d19a7b174055bc6bfd1c0eb59ad8&var_4=650fa568df3fd80001d6f3c9&os_version=x86.64 HTTP/1.1
Host: wewaixor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wewaixor.com/?l=bFOmaFrQTwZpWpj&b=16289356&z=5628284&s=650fa568df3fd80001d6f3c9&campid=429288&var=474_89a3984a-749c-48ba-be56-29d12d6d1b93___&ymid=650fa568df3fd80001d6f3c9
DNT: 1
Connection: keep-alive
Cookie: reverse=DTj5-VsZU41Wpe0KZlNjkUwjpusuudjkO24FAyPpzEQ; OAID=f764b1578f1789552d02827eafc5cc3a; oaidts=1695524225; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 24 Sep 2023 02:57:06 GMT
content-type: application/javascript
x-trace-id: a13f6b7a272d9393a0a28af990ede56f
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Accept-Encoding, Origin
access-control-allow-origin: https://wewaixor.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=0a26d19a7b174055bc6bfd1c0eb59ad8; expires=Mon, 23 Sep 2024 02:57:06 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by