Report - xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php

Report Overview

Visited public
2023-08-29 08:31:41
Tags
URL
xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php
Finishing URL
xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php
IP / ASN
185.73.220.216
#32338 HOSTISERVER
Title
ExoClick Banner 4

Detections

urlquery

0

Network Intrusion Detection

2

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
a.magsrv.com	unknown	2023-08-01	2023-08-04 18:18:00	2023-08-29 02:07:15	406 B	34 kB	205.185.216.10
xxx-porn-videos.su	unknown	2020-09-07	2020-09-07 14:09:34	2023-08-23 23:19:06	1.0 kB	37 kB	185.73.220.216
s.magsrv.com	unknown	2023-08-01	2023-08-04 14:48:00	2023-08-29 03:33:18	1.3 kB	2.4 kB	95.211.229.247
s3t3d2y8.afcdn.net	unknown	2022-06-27	2022-08-09 00:22:56	2023-08-28 13:24:23	479 B	14 kB	185.76.9.19

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-08-29 08:31:13	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-08-29 08:31:13	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php	ScriptElement	61 B	2023-04-08	2025-02-28
Pretty URL xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php IP 185.73.220.216 ASN #32338 HOSTISERVER Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-08 12:42 Last Seen2025-02-28 19:14 Times Seen854 Hash 78f0505a6e013dee9bb64d728fe06d02 57b882aaced69afd0f0fb5d7cd154951144b9644 b59dc6ac0b62a8a2420a339d485f31d86ea991eb9a38d1b9e17bdcc6291d8718 Loading...

	a.magsrv.com/ad-provider.js	ScriptElement	107 kB	2023-08-29	2023-08-30
Pretty URL a.magsrv.com/ad-provider.js IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-29 10:31 Last Seen2023-08-30 09:04 Times Seen12 Hash 7d3adc61a48c5bcfb137b8b6dc0dd4a8 8f943a800eaace0c47430e9b7d82b5b8445aa976 88abd1d0b54e770f3465eab8663995c5761e4808bb044f4d8e84e024bf31e4e0 Loading...

HTTP Transactions (6)

	URL	IP	Response	Size
	a.magsrv.com/ad-provider.js	205.185.216.10	200 OK	34 kB
URL GET HTTP/2 a.magsrv.com/ad-provider.js IP 205.185.216.10:443 ASN #20446 STACKPATH-CDN Requested by https://xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php Certificate IssuerLet's Encrypt Subjectmagsrv.com Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT File type ASCII text, with very long lines (32443) Size 34 kB (33737 bytes) Hash 7d3adc61a48c5bcfb137b8b6dc0dd4a8 8f943a800eaace0c47430e9b7d82b5b8445aa976 88abd1d0b54e770f3465eab8663995c5761e4808bb044f4d8e84e024bf31e4e0 HTTP Headers `GET /ad-provider.js HTTP/1.1 Host: a.magsrv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://xxx-porn-videos.su/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK date: Tue, 29 Aug 2023 08:31:24 GMT content-encoding: gzip content-length: 33737 content-type: application/javascript accept-ranges: bytes server: nginx etag: W/"8f943a800eaace0c47430e9b7d8" accept-ch: cache-control: max-age=10800 x-robots-tag: noindex, follow access-control-allow-origin: * x-hw: 1693297884.dop017.sk1.t,1693297884.cds242.sk1.hn,1693297884.cds257.sk1.c X-Firefox-Spdy: h2`

	xxx-porn-videos.su/favicon.ico	185.73.220.216	200 OK	34 kB
URL GET HTTP/2 xxx-porn-videos.su/favicon.ico IP 185.73.220.216:443 ASN #32338 HOSTISERVER Requested by https://xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php Certificate IssuerLet's Encrypt Subjectxxx-porn-videos.su FingerprintA3:F8:DA:38:18:19:DD:84:96:35:DB:74:58:89:F1:97:5A:15:44:8A ValidityWed, 23 Aug 2023 20:16:49 GMT - Tue, 21 Nov 2023 20:16:48 GMT File type MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel\012- data Size 34 kB (34494 bytes) Hash ac3a53f537a268b468ca945e604b2689 d13ccc21e6f403dcea1790b387838a970dfd5a0c d924784f14a4bf0edf7520de15940b255614072f128039d39df8a6fdd137ee24 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: xxx-porn-videos.su User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx date: Tue, 29 Aug 2023 08:31:24 GMT content-type: image/x-icon content-length: 34494 last-modified: Wed, 09 Sep 2020 14:20:34 GMT etag: "5f58e4b2-86be" expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000 strict-transport-security: max-age=63072000; accept-ranges: bytes X-Firefox-Spdy: h2`

	s.magsrv.com/v1/api.php	95.211.229.247	200 OK	1.2 kB
URL POST HTTP/1.1 s.magsrv.com/v1/api.php IP 95.211.229.247:443 ASN #60781 LeaseWeb Netherlands B.V. Requested by https://xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php Certificate IssuerLet's Encrypt Subjectmagsrv.com Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT File type JSON data\012- , ASCII text, with very long lines (1694), with no line terminators Size 1.2 kB (1232 bytes) Hash a3d4438246949d91ee00d12ebff53f43 a8de39cc8828656c07dda6bc6aafc9d64c1bcd28 a8d49082d374d65d67ed8f16265ea04ad511f9b0da7bce3bc5fd580492e5d046 HTTP Headers `POST /v1/api.php HTTP/1.1 Host: s.magsrv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain Content-Length: 312 Origin: https://xxx-porn-videos.su DNT: 1 Connection: keep-alive Referer: https://xxx-porn-videos.su/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Server: nginx Date: Tue, 29 Aug 2023 08:31:24 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: https://xxx-porn-videos.su Access-Control-Allow-Headers: Authorization, Content-Type Access-Control-Request-Method: POST Access-Control-Allow-Credentials: true Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264edacdc867a16.169417082587412498%22%3B%7D; expires=Thu, 28-Aug-2025 08:31:24 GMT; Max-Age=63072000; path=/; domain=magsrv.com; secure; SameSite=None Accept-CH: X-Robots-Tag: noindex, follow Content-Encoding: gzip

	s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA21PQUoEQQz8ih+YppJO0um9e1VY8AE9My142RWXlRHyeHt2FTyYIiQUlaLC4DzBJ64PkEOmA0tUShVJOJFKPD0fQyi2bZvezx+n6fNt7edLulxD2KA1RFhAQQCrSCjEcrYxPaR40WLhwtnMOUgjBwZY89COLQFkpkXcq1txiYJ4fDneergmeLVhHhnYWDG4PVEIQsaO7e62LEt7dV2KaJ1X7XOvaFkx5wa/Cf/7AHckEO8a/iUGpv0kk2QeOUchbnS7fJ2WiD/CHfpzyjUsxPeQ4Q3UqBm3zmWE6ctsva8yeylYyb8B3Dn1OXkBAAA=	95.211.229.247	200 OK	20 B
URL GET HTTP/1.1 s.magsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA21PQUoEQQz8ih+YppJO0um9e1VY8AE9My142RWXlRHyeHt2FTyYIiQUlaLC4DzBJ64PkEOmA0tUShVJOJFKPD0fQyi2bZvezx+n6fNt7edLulxD2KA1RFhAQQCrSCjEcrYxPaR40WLhwtnMOUgjBwZY89COLQFkpkXcq1txiYJ4fDneergmeLVhHhnYWDG4PVEIQsaO7e62LEt7dV2KaJ1X7XOvaFkx5wa/Cf/7AHckEO8a/iUGpv0kk2QeOUchbnS7fJ2WiD/CHfpzyjUsxPeQ4Q3UqBm3zmWE6ctsva8yeylYyb8B3Dn1OXkBAAA= IP 95.211.229.247:443 ASN #60781 LeaseWeb Netherlands B.V. Requested by https://xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php Certificate IssuerLet's Encrypt Subjectmagsrv.com Fingerprint9C:9C:8C:15:3B:65:AB:34:94:B5:CD:26:D6:67:61:2A:99:F9:0A:7B ValidityTue, 01 Aug 2023 11:24:30 GMT - Mon, 30 Oct 2023 11:24:29 GMT File type gzip compressed data, max speed, from Unix\012- data Size 20 B (20 bytes) Hash a4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf HTTP Headers GET /cimp.php?t=api&data=H4sIAAAAAAAAA21PQUoEQQz8ih+YppJO0um9e1VY8AE9My142RWXlRHyeHt2FTyYIiQUlaLC4DzBJ64PkEOmA0tUShVJOJFKPD0fQyi2bZvezx+n6fNt7edLulxD2KA1RFhAQQCrSCjEcrYxPaR40WLhwtnMOUgjBwZY89COLQFkpkXcq1txiYJ4fDneergmeLVhHhnYWDG4PVEIQsaO7e62LEt7dV2KaJ1X7XOvaFkx5wa/Cf/7AHckEO8a/iUGpv0kk2QeOUchbnS7fJ2WiD/CHfpzyjUsxPeQ4Q3UqBm3zmWE6ctsva8yeylYyb8B3Dn1OXkBAAA= HTTP/1.1 Host: s.magsrv.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://xxx-porn-videos.su DNT: 1 Connection: keep-alive Referer: https://xxx-porn-videos.su/ Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2264edacdc867a16.169417082587412498%22%3B%7D Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Server: nginx Date: Tue, 29 Aug 2023 08:31:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: https://xxx-porn-videos.su Access-Control-Allow-Credentials: true Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Thu, 28 Aug 2025 08:31:24 GMT; path=/; domain=.magsrv.com; Secure; SameSite=none Accept-CH: X-Robots-Tag: noindex, follow Content-Encoding: gzip

	s3t3d2y8.afcdn.net/library/426059/cf160b8ebaa2d961f1e404d01b4d6a146e14db0b.webp	185.76.9.19	200 OK	14 kB
URL GET HTTP/2 s3t3d2y8.afcdn.net/library/426059/cf160b8ebaa2d961f1e404d01b4d6a146e14db0b.webp IP 185.76.9.19:443 ASN #60068 Datacamp Limited Requested by https://xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php Certificate IssuerLet's Encrypt Subjectafcdn.net FingerprintCA:9B:AA:FE:AE:52:F5:06:6F:3C:E5:8C:B7:0F:9A:60:0B:A7:00:C2 ValiditySun, 23 Jul 2023 14:03:50 GMT - Sat, 21 Oct 2023 14:03:49 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 14 kB (13894 bytes) Hash 33695de0abfc78d9ad0bf2b67dcb42a2 cf160b8ebaa2d961f1e404d01b4d6a146e14db0b 49593d2ae923b495ec5567ef55d1b6d8468351654746bbe0a356376d3057d9b8 HTTP Headers `GET /library/426059/cf160b8ebaa2d961f1e404d01b4d6a146e14db0b.webp HTTP/1.1 Host: s3t3d2y8.afcdn.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://xxx-porn-videos.su/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Tue, 29 Aug 2023 08:31:24 GMT content-type: image/webp content-length: 13894 last-modified: Tue, 04 Jul 2023 16:47:29 GMT etag: "64a44d21-3646" accept-ch: expires: Wed, 03 Jul 2024 18:05:15 GMT cache-control: max-age=31536000 access-control-allow-origin: * x-robots-tag: noindex, follow x-cache-op: HIT server: CDN77-Turbo x-77-nzt: AblMCQ2mUfD/gE1JAA x-77-nzt-ray: c0a4cc28738fa5d4dcaced6479dcc72d x-accel-expires: @1720029916 x-accel-date: 1688493916 x-cache: HIT x-age: 4803968 x-77-pop: stockholmSE x-77-cache: HIT accept-ranges: bytes X-Firefox-Spdy: h2

	xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php	185.73.220.216	200 OK	1.5 kB
URL User Request GET HTTP/2 xxx-porn-videos.su/myvids/mltbn/xxx-porn-videossu-multi-exo4.php IP 185.73.220.216:443 ASN #32338 HOSTISERVER Certificate IssuerLet's Encrypt Subjectxxx-porn-videos.su FingerprintA3:F8:DA:38:18:19:DD:84:96:35:DB:74:58:89:F1:97:5A:15:44:8A ValidityWed, 23 Aug 2023 20:16:49 GMT - Tue, 21 Nov 2023 20:16:48 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1596), with no line terminators Size 1.5 kB (1510 bytes) Hash 64d6f6f995c83d039a1bcb89b129fcd3 807b18143f76ea936920c0ebc80ad10e14c55351 7c932e691d799357dfb68f034fb66c5b0a65bda53db486ffe87f2fc4c3bf41eb HTTP Headers GET /myvids/mltbn/xxx-porn-videossu-multi-exo4.php HTTP/1.1 Host: xxx-porn-videos.su User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Tue, 29 Aug 2023 08:31:23 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding strict-transport-security: max-age=63072000; content-encoding: gzip X-Firefox-Spdy: h2`