Report - gamingcommand.xyz/single/1212/fnf-tails.exe

Report Overview

Visited public
2024-08-10 08:45:32
Tags
Submit Tags
URL
gamingcommand.xyz/single/1212/fnf-tails.exe
Finishing URL
gamingcommand.xyz/single/1212/fnf-tails.exe
IP / ASN
84.32.84.77
#47583 Hostinger International Limited
Title
Checking your browser before accessing. Just a moment...

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gamingcommand.xyz	unknown				14 kB	59 kB	84.32.84.77
r10.o.lencr.org	unknown				2.3 kB	6.2 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-08-10 08:45:07	high	Client IP	84.32.84.77	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	gamingcommand.xyz/single/1212/fnf-tails.exe	ScriptElement	3.8 kB	2023-11-12	2025-03-02
Pretty URL gamingcommand.xyz/single/1212/fnf-tails.exe IP 84.32.84.77 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-12 02:47 Last Seen2025-03-02 02:15 Times Seen841 Hash 51e189f3bed2b8fd301208bf717f8c64 79f795884dbd9d843435bd03fc6ef3b8cfd581cd fa2fabde1d6234d341a131ca74541c707cca4eea376ddcba3f8d34de934d18a4 Loading...

	gamingcommand.xyz/hcdn-cgi/jschallenge	ScriptElement	163 B	2024-08-19	2024-08-19
Pretty URL gamingcommand.xyz/hcdn-cgi/jschallenge IP 84.32.84.77 ASN #47583 Hostinger International Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 13:58 Last Seen2024-08-19 13:58 Times Seen1 Hash b1fa046ec17dbabf61f5219f9ed4b913 30229cf25118c161d8e66ca0f93650dbcf47de52 512b672111faccc36b13abf186e58db28294da131cb6d6e78135740111ea4acb Loading...

	unknown	Function	79 B	2023-04-11	2025-06-27
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-06-27 05:41 Times Seen116247 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unknown	Function	37 B	2023-04-11	2025-06-27
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-06-27 05:51 Times Seen281834 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

HTTP Transactions (34)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
19cd88f88651f2e9f42740350df4b4d1
c6c7026e15281db4f24b3bc4ee2cfc2ecc26362c
b41a248824843236c8691934a5dfd24daa01f05cdc8cff81afdb9588dee24946

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B41A248824843236C8691934A5DFD24DAA01F05CDC8CFF81AFDB9588DEE24946"
Last-Modified: Thu, 08 Aug 2024 18:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2810
Expires: Sat, 10 Aug 2024 09:31:56 GMT
Date: Sat, 10 Aug 2024 08:45:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a7b6b62c40d039614a8e497e28dfcb92
e5883c177b8d622fd5fc7a925e437df4c3fdb984
496d0482a522c54fcea43174ca83c7a72bcb5cfd6c15c02ecd955557ee00eb03

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "496D0482A522C54FCEA43174CA83C7A72BCB5CFD6C15C02ECD955557EE00EB03"
Last-Modified: Thu, 08 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8351
Expires: Sat, 10 Aug 2024 11:04:17 GMT
Date: Sat, 10 Aug 2024 08:45:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5f8acb1f8a25eb19fc33302dc7bf3c26
93ad5ef9e7119c1064e966ea3ab2cade2438d5aa
277c320d7ff9556a6375e996308ba8d893601e14430af41b82904952d477f836

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "277C320D7FF9556A6375E996308BA8D893601E14430AF41B82904952D477F836"
Last-Modified: Thu, 08 Aug 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10093
Expires: Sat, 10 Aug 2024 11:33:19 GMT
Date: Sat, 10 Aug 2024 08:45:06 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
41f3021c1502428798a392f3c2ef0fc8
c7a61247c753e72345e5c4504056a09889a3916e
cb2873c69274d15b03f8aaa26260d7a2341f2e276f876f444f1fee5679266653

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CB2873C69274D15B03F8AAA26260D7A2341F2E276F876F444F1FEE5679266653"
Last-Modified: Thu, 08 Aug 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2709
Expires: Sat, 10 Aug 2024 09:30:15 GMT
Date: Sat, 10 Aug 2024 08:45:06 GMT
Connection: keep-alive

GET gamingcommand.xyz/single/1212/fnf-tails.exe

84.32.84.77

2.4 kB

URL User Request GET
gamingcommand.xyz/single/1212/fnf-tails.exe
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /single/1212/fnf-tails.exe HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:07 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 7bff173c4fc41951df818a8af7e3cf7f-fast-edge2

GET gamingcommand.xyz/hcdn-cgi/jschallenge

84.32.84.77

200 OK

157 B

URL GET HTTP/1.1
gamingcommand.xyz/hcdn-cgi/jschallenge
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
ASCII text
Size
157 B (157 bytes)
Hash
b1fa046ec17dbabf61f5219f9ed4b913
30229cf25118c161d8e66ca0f93650dbcf47de52
512b672111faccc36b13abf186e58db28294da131cb6d6e78135740111ea4acb

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: fc1a4bed09146f9a199b38f4f2bea781-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

GET gamingcommand.xyz/favicon.ico

84.32.84.77

403 Forbidden

2.4 kB

URL GET HTTP/1.1
gamingcommand.xyz/favicon.ico
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:07 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 20ed29503361d854b7831b12179e7f8c-fast-edge2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cb72b4c8c0043447fb191d29a2987907
b21349d4cefa64181af49f91f868ffffb136a54a
eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9995
Expires: Sat, 10 Aug 2024 11:31:43 GMT
Date: Sat, 10 Aug 2024 08:45:08 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cb72b4c8c0043447fb191d29a2987907
b21349d4cefa64181af49f91f868ffffb136a54a
eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9995
Expires: Sat, 10 Aug 2024 11:31:43 GMT
Date: Sat, 10 Aug 2024 08:45:08 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cb72b4c8c0043447fb191d29a2987907
b21349d4cefa64181af49f91f868ffffb136a54a
eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9995
Expires: Sat, 10 Aug 2024 11:31:43 GMT
Date: Sat, 10 Aug 2024 08:45:08 GMT
Connection: keep-alive

gamingcommand.xyz/hcdn-cgi/jschallenge-validate

84.32.84.77

0 B

URL
gamingcommand.xyz/hcdn-cgi/jschallenge-validate
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://gamingcommand.xyz
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:10 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEApw2ZwAatZTyU7OYcjogMAmpePsFcr9yWGmqj40GACvSWKLdmAAAAAADOAAByEOo4NuxvAYzbe1wcGKFVAAAAq0RMkaACRrELaCmsF0Bstw; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: faedf55821a39e4e6be32599f95fb4d3-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET gamingcommand.xyz/single/1212/fnf-tails.exe

84.32.84.77

2.4 kB

URL User Request GET
gamingcommand.xyz/single/1212/fnf-tails.exe
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /single/1212/fnf-tails.exe HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEApw2ZwAatZTyU7OYcjogMAmpePsFcr9yWGmqj40GACvSWKLdmAAAAAADOAAByEOo4NuxvAYzbe1wcGKFVAAAAq0RMkaACRrELaCmsF0Bstw
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:10 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 623026c9be0346664eb1f1f6e33756a6-fast-edge2

GET gamingcommand.xyz/hcdn-cgi/jschallenge

84.32.84.77

200 OK

157 B

URL GET HTTP/1.1
gamingcommand.xyz/hcdn-cgi/jschallenge
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
ASCII text
Size
157 B (157 bytes)
Hash
b1fa046ec17dbabf61f5219f9ed4b913
30229cf25118c161d8e66ca0f93650dbcf47de52
512b672111faccc36b13abf186e58db28294da131cb6d6e78135740111ea4acb

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEApw2ZwAatZTyU7OYcjogMAmpePsFcr9yWGmqj40GACvSWKLdmAAAAAADOAAByEOo4NuxvAYzbe1wcGKFVAAAAq0RMkaACRrELaCmsF0Bstw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: d74752f1f0c58d8baca089676f7515b0-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

GET gamingcommand.xyz/favicon.ico

84.32.84.77

403 Forbidden

2.4 kB

URL GET HTTP/1.1
gamingcommand.xyz/favicon.ico
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEApw2ZwAatZTyU7OYcjogMAmpePsFcr9yWGmqj40GACvSWKLdmAAAAAADOAAByEOo4NuxvAYzbe1wcGKFVAAAAq0RMkaACRrELaCmsF0Bstw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:10 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 008d5ff4bc5675100a125e7e71cb2edc-fast-edge2

gamingcommand.xyz/hcdn-cgi/jschallenge-validate

84.32.84.77

0 B

URL
gamingcommand.xyz/hcdn-cgi/jschallenge-validate
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://gamingcommand.xyz
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEApw2ZwAatZTyU7OYcjogMAmpePsFcr9yWGmqj40GACvSWKLdmAAAAAADOAAByEOo4NuxvAYzbe1wcGKFVAAAAq0RMkaACRrELaCmsF0Bstw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:13 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEARr8yHOmm2W-HkJ_1h3Q0BfCXtZd0IKcVvCYw4H-bAJOWKLdmAAMAAADnAAD4DN6dBmvpuIX2dm-HW6lKAAAAsYcY9NJfcAGTom6f7qfnfg; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 141545b8a6208e52ff99c22b28e9b482-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET gamingcommand.xyz/single/1212/fnf-tails.exe

84.32.84.77

2.4 kB

URL User Request GET
gamingcommand.xyz/single/1212/fnf-tails.exe
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /single/1212/fnf-tails.exe HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEARr8yHOmm2W-HkJ_1h3Q0BfCXtZd0IKcVvCYw4H-bAJOWKLdmAAMAAADnAAD4DN6dBmvpuIX2dm-HW6lKAAAAsYcY9NJfcAGTom6f7qfnfg
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:13 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 6fa1f73fb628e554ae456fa62405a41f-fast-edge2

GET gamingcommand.xyz/hcdn-cgi/jschallenge

84.32.84.77

200 OK

157 B

URL GET HTTP/1.1
gamingcommand.xyz/hcdn-cgi/jschallenge
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
ASCII text
Size
157 B (157 bytes)
Hash
b1fa046ec17dbabf61f5219f9ed4b913
30229cf25118c161d8e66ca0f93650dbcf47de52
512b672111faccc36b13abf186e58db28294da131cb6d6e78135740111ea4acb

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEARr8yHOmm2W-HkJ_1h3Q0BfCXtZd0IKcVvCYw4H-bAJOWKLdmAAMAAADnAAD4DN6dBmvpuIX2dm-HW6lKAAAAsYcY9NJfcAGTom6f7qfnfg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: cebddd4fdfb087ca9b070397e72caf65-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

GET gamingcommand.xyz/favicon.ico

84.32.84.77

403 Forbidden

2.4 kB

URL GET HTTP/1.1
gamingcommand.xyz/favicon.ico
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEARr8yHOmm2W-HkJ_1h3Q0BfCXtZd0IKcVvCYw4H-bAJOWKLdmAAMAAADnAAD4DN6dBmvpuIX2dm-HW6lKAAAAsYcY9NJfcAGTom6f7qfnfg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:13 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: c3c5a7545c12a2905a8e847980b6e2f9-fast-edge2

gamingcommand.xyz/hcdn-cgi/jschallenge-validate

84.32.84.77

0 B

URL
gamingcommand.xyz/hcdn-cgi/jschallenge-validate
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://gamingcommand.xyz
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEARr8yHOmm2W-HkJ_1h3Q0BfCXtZd0IKcVvCYw4H-bAJOWKLdmAAMAAADnAAD4DN6dBmvpuIX2dm-HW6lKAAAAsYcY9NJfcAGTom6f7qfnfg
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:16 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAXzvGnonVfxVuABTxXAWztr-arV04r6t4k4-TvVfGa8WWKLdmAAYAAADnAACXA7bSoW7sA1mpx-QMeDUnAAAANYBKa73V1PYz5Sy3a12ZEQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1cd43201692bbba6978774144485f54e-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET gamingcommand.xyz/single/1212/fnf-tails.exe

84.32.84.77

2.4 kB

URL User Request GET
gamingcommand.xyz/single/1212/fnf-tails.exe
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /single/1212/fnf-tails.exe HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAXzvGnonVfxVuABTxXAWztr-arV04r6t4k4-TvVfGa8WWKLdmAAYAAADnAACXA7bSoW7sA1mpx-QMeDUnAAAANYBKa73V1PYz5Sy3a12ZEQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:17 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1e430d8a04ee66ef6fce2d5ac8cc7a10-fast-edge2

GET gamingcommand.xyz/hcdn-cgi/jschallenge

84.32.84.77

200 OK

157 B

URL GET HTTP/1.1
gamingcommand.xyz/hcdn-cgi/jschallenge
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
ASCII text
Size
157 B (157 bytes)
Hash
b1fa046ec17dbabf61f5219f9ed4b913
30229cf25118c161d8e66ca0f93650dbcf47de52
512b672111faccc36b13abf186e58db28294da131cb6d6e78135740111ea4acb

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAXzvGnonVfxVuABTxXAWztr-arV04r6t4k4-TvVfGa8WWKLdmAAYAAADnAACXA7bSoW7sA1mpx-QMeDUnAAAANYBKa73V1PYz5Sy3a12ZEQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: b6bda751c83970520cb7b8bebee2c305-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

GET gamingcommand.xyz/favicon.ico

84.32.84.77

403 Forbidden

2.4 kB

URL GET HTTP/1.1
gamingcommand.xyz/favicon.ico
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAXzvGnonVfxVuABTxXAWztr-arV04r6t4k4-TvVfGa8WWKLdmAAYAAADnAACXA7bSoW7sA1mpx-QMeDUnAAAANYBKa73V1PYz5Sy3a12ZEQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:17 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: b8832806f7115a4aeed9a050083262c7-fast-edge2

gamingcommand.xyz/hcdn-cgi/jschallenge-validate

84.32.84.77

0 B

URL
gamingcommand.xyz/hcdn-cgi/jschallenge-validate
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://gamingcommand.xyz
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAXzvGnonVfxVuABTxXAWztr-arV04r6t4k4-TvVfGa8WWKLdmAAYAAADnAACXA7bSoW7sA1mpx-QMeDUnAAAANYBKa73V1PYz5Sy3a12ZEQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:20 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEArEveLEmFmw0MPn42zdaPmhHYn4NV3cBtkFxXu8y-TLaWKLdmAAoAAADnAACYbc89iOBI9z_atIHXBHzlAAAA4iTJFZ1Blspk9MwffLNBWQ; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 0870c919ae13cac5b39f0a9203465568-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET gamingcommand.xyz/single/1212/fnf-tails.exe

84.32.84.77

2.4 kB

URL User Request GET
gamingcommand.xyz/single/1212/fnf-tails.exe
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /single/1212/fnf-tails.exe HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEArEveLEmFmw0MPn42zdaPmhHYn4NV3cBtkFxXu8y-TLaWKLdmAAoAAADnAACYbc89iOBI9z_atIHXBHzlAAAA4iTJFZ1Blspk9MwffLNBWQ
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:20 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 8b47fd4d84f737fbb493017aef076d82-fast-edge2

GET gamingcommand.xyz/hcdn-cgi/jschallenge

84.32.84.77

200 OK

157 B

URL GET HTTP/1.1
gamingcommand.xyz/hcdn-cgi/jschallenge
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
ASCII text
Size
157 B (157 bytes)
Hash
b1fa046ec17dbabf61f5219f9ed4b913
30229cf25118c161d8e66ca0f93650dbcf47de52
512b672111faccc36b13abf186e58db28294da131cb6d6e78135740111ea4acb

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEArEveLEmFmw0MPn42zdaPmhHYn4NV3cBtkFxXu8y-TLaWKLdmAAoAAADnAACYbc89iOBI9z_atIHXBHzlAAAA4iTJFZ1Blspk9MwffLNBWQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 6a9ee66f089c9e62236e4ace74daa9f9-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

GET gamingcommand.xyz/favicon.ico

84.32.84.77

403 Forbidden

2.4 kB

URL GET HTTP/1.1
gamingcommand.xyz/favicon.ico
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEArEveLEmFmw0MPn42zdaPmhHYn4NV3cBtkFxXu8y-TLaWKLdmAAoAAADnAACYbc89iOBI9z_atIHXBHzlAAAA4iTJFZ1Blspk9MwffLNBWQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:20 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: c5e0229e1bf9bf8c945370aa0f2fbc57-fast-edge2

gamingcommand.xyz/hcdn-cgi/jschallenge-validate

84.32.84.77

0 B

URL
gamingcommand.xyz/hcdn-cgi/jschallenge-validate
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://gamingcommand.xyz
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEArEveLEmFmw0MPn42zdaPmhHYn4NV3cBtkFxXu8y-TLaWKLdmAAoAAADnAACYbc89iOBI9z_atIHXBHzlAAAA4iTJFZ1Blspk9MwffLNBWQ
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:23 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAf6s9TUKpy0-11CyNL88PabIseRnpHJFLzR-in1ZO3MyWKLdmAA0AAADnAABNE0tDSosafIR8dukjTD8rAAAAA588SfGep48PPO4lg9hNVA; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 69ee386268de543a5641c31ff4a4b23d-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET gamingcommand.xyz/single/1212/fnf-tails.exe

84.32.84.77

2.4 kB

URL User Request GET
gamingcommand.xyz/single/1212/fnf-tails.exe
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /single/1212/fnf-tails.exe HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAf6s9TUKpy0-11CyNL88PabIseRnpHJFLzR-in1ZO3MyWKLdmAA0AAADnAABNE0tDSosafIR8dukjTD8rAAAAA588SfGep48PPO4lg9hNVA
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:23 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 76bc9fe53308a7c4b21f6d541a924dc7-fast-edge2

GET gamingcommand.xyz/hcdn-cgi/jschallenge

84.32.84.77

200 OK

157 B

URL GET HTTP/1.1
gamingcommand.xyz/hcdn-cgi/jschallenge
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
ASCII text
Size
157 B (157 bytes)
Hash
b1fa046ec17dbabf61f5219f9ed4b913
30229cf25118c161d8e66ca0f93650dbcf47de52
512b672111faccc36b13abf186e58db28294da131cb6d6e78135740111ea4acb

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAf6s9TUKpy0-11CyNL88PabIseRnpHJFLzR-in1ZO3MyWKLdmAA0AAADnAABNE0tDSosafIR8dukjTD8rAAAAA588SfGep48PPO4lg9hNVA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1e5f884363428fc7f0add6120f2899f0-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

GET gamingcommand.xyz/favicon.ico

84.32.84.77

403 Forbidden

2.4 kB

URL GET HTTP/1.1
gamingcommand.xyz/favicon.ico
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAf6s9TUKpy0-11CyNL88PabIseRnpHJFLzR-in1ZO3MyWKLdmAA0AAADnAABNE0tDSosafIR8dukjTD8rAAAAA588SfGep48PPO4lg9hNVA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:23 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f6ccab4a8cd232b5b8e1951a76d402a8-fast-edge2

gamingcommand.xyz/hcdn-cgi/jschallenge-validate

84.32.84.77

0 B

URL
gamingcommand.xyz/hcdn-cgi/jschallenge-validate
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /hcdn-cgi/jschallenge-validate HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
Content-Type: application/x-www-form-urlencoded
Content-Length: 74
Origin: http://gamingcommand.xyz
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAf6s9TUKpy0-11CyNL88PabIseRnpHJFLzR-in1ZO3MyWKLdmAA0AAADnAABNE0tDSosafIR8dukjTD8rAAAAA588SfGep48PPO4lg9hNVA
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:26 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: hcdn=AQEAqzZCNxM6wDBA7ASyzeQvpEu5VfF4utcQKKa6tRScbzeWKLdmABAAAADnAACJbnU-WVMHtmEukHxmHpSxAAAAc5ivLiTKbG77gzXMPJBVgw; Path=/; SameSite=Lax; HttpOnly
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1b540b44a6351c54455fb5d4d8d12209-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET gamingcommand.xyz/single/1212/fnf-tails.exe

84.32.84.77

2.4 kB

URL User Request GET
gamingcommand.xyz/single/1212/fnf-tails.exe
IP
84.32.84.77:0
ASN
#47583 Hostinger International Limited

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /single/1212/fnf-tails.exe HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAqzZCNxM6wDBA7ASyzeQvpEu5VfF4utcQKKa6tRScbzeWKLdmABAAAADnAACJbnU-WVMHtmEukHxmHpSxAAAAc5ivLiTKbG77gzXMPJBVgw
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:26 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 2d5e0209cc977d95d4534030934ed6c8-fast-edge2

GET gamingcommand.xyz/hcdn-cgi/jschallenge

84.32.84.77

200 OK

157 B

URL GET HTTP/1.1
gamingcommand.xyz/hcdn-cgi/jschallenge
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
ASCII text
Size
157 B (157 bytes)
Hash
b1fa046ec17dbabf61f5219f9ed4b913
30229cf25118c161d8e66ca0f93650dbcf47de52
512b672111faccc36b13abf186e58db28294da131cb6d6e78135740111ea4acb

HTTP Headers

GET /hcdn-cgi/jschallenge HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAqzZCNxM6wDBA7ASyzeQvpEu5VfF4utcQKKa6tRScbzeWKLdmABAAAADnAACJbnU-WVMHtmEukHxmHpSxAAAAc5ivLiTKbG77gzXMPJBVgw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: e255cf5d2ec78620b4b4a95ee89aa651-fast-edge2
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Content-Encoding: gzip

GET gamingcommand.xyz/favicon.ico

84.32.84.77

403 Forbidden

2.4 kB

URL GET HTTP/1.1
gamingcommand.xyz/favicon.ico
IP
84.32.84.77:80
ASN
#47583 Hostinger International Limited

Requested by
http://gamingcommand.xyz/single/1212/fnf-tails.exe

File type
HTML document, ASCII text, with very long lines (4792), with no line terminators
Size
2.4 kB (2393 bytes)
Hash
b649bb4bbcec6444434d2df7501effb6
f8a04ac654e2234fa2644abf8e293d02bc01c8fd
c2779250c7e25bb12281a890f3ec61c3585c5bbad82fbbb55a3068191004fc4a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gamingcommand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gamingcommand.xyz/single/1212/fnf-tails.exe
DNT: 1
Connection: keep-alive
Cookie: hcdn=AQEAqzZCNxM6wDBA7ASyzeQvpEu5VfF4utcQKKa6tRScbzeWKLdmABAAAADnAACJbnU-WVMHtmEukHxmHpSxAAAAc5ivLiTKbG77gzXMPJBVgw
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: hcdn
Date: Sat, 10 Aug 2024 08:45:27 GMT
Content-Type: text/html
Content-Length: 2393
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 3849aa5fa768414bfbf14b377f0c7b2d-fast-edge2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (34)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers