Report - netcine.zip

Report Overview

Visited public
2025-03-24 03:31:57
Tags
URL
netcine.zip
Finishing URL
netcinehd.li/
IP / ASN
62.182.85.232
#30860 Virtual Systems LLC
Title
NetCine: Filmes e Séries Online Grátis

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
netcinehd.li	unknown	unknown	2025-03-22	2025-03-22	972 B	9.2 kB	62.182.85.232
txtxkufqlpewlbd.com	unknown	unknown	No data	No data	963 B	1.2 kB	139.45.197.111
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-03-19	471 B	835 B	172.64.146.234
netcine.zip	unknown	2024-06-02	2024-12-04	2025-03-22	876 B	8.8 kB	0.0.0.0
teepashaiwher.com	unknown	2025-03-21	2025-03-24	2025-03-24	2.2 kB	111 kB	139.45.197.244
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-19	433 B	365 kB	142.250.178.104
cdn.bcdn.zip	unknown	2024-08-02	2024-08-13	2025-03-22	4.3 kB	47 kB	185.59.220.199

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-24 03:31:35	low	Client IP	62.182.85.232	ET INFO HTTP Request to a *.zip Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-24	medium	teepashaiwher.com	Sinkholed
2025-03-24	medium	teepashaiwher.com	Sinkholed
2025-03-24	medium	teepashaiwher.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	wasm:teepashaiwher.com/5/8858321%20line%201%20%3E%20WebAssembly.instantiate	Wasm	0 B	0001-01-01	2025-06-09
Pretty URL wasm:teepashaiwher.com/5/8858321%20line%201%20%3E%20WebAssembly.instantiate IP 0.0.0.0 ASN #0 Introduced by wasm Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-09 02:44 Times Seen4893635 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.bcdn.zip/scripts/scriptmenu7.js	ScriptElement	974 B	2024-10-12	2025-05-29
Pretty URL cdn.bcdn.zip/scripts/scriptmenu7.js IP 185.59.220.199 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-12 22:58 Last Seen2025-05-29 15:52 Times Seen27 Hash e600be19ee46a37afe487f78801e17c0 57b64eddd07f22e6bc7e113e09002120efdde413 0fd6a39cb7d662168afd79264396616d58a80dd2e699a2944ee047b19ba74812 Loading...

	cdn.bcdn.zip/scripts/blankw.js	ScriptElement	1.1 kB	2025-03-13	2025-03-24
Pretty URL cdn.bcdn.zip/scripts/blankw.js IP 185.59.220.199 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-13 12:20 Last Seen2025-03-24 03:32 Times Seen3 Hash abfd70e5328f56464113e57f53859f13 33c37f3459c236107b3df72465106ebf82f95553 77284597174aaeb71f58f3f09b1a4e3ea7f4cc100520885d5284e9c68364cbd7 Loading...

	cdn.bcdn.zip/scripts/mmoneaa.min.js	ScriptElement	28 kB	2025-03-05	2025-05-12
Pretty URL cdn.bcdn.zip/scripts/mmoneaa.min.js IP 185.59.220.199 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-05 19:39 Last Seen2025-05-12 13:37 Times Seen18 Hash 289f3f8e3d39978bea10e110941b4680 0408cc3c49f37fad24a94b0dc91043f3e9e93682 bdefc40030caf62225eed7eebc7ecf2c793b2fe4b1c70939eefd68fda8a23432 Loading...

	teepashaiwher.com/5/8858321	ScriptElement	108 kB	2025-03-24	2025-03-24
Pretty URL teepashaiwher.com/5/8858321 IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-24 03:32 Last Seen2025-03-24 03:32 Times Seen1 Hash 968d462ab62a485c363bc8545bc45383 a7091534394666288a5e873699bb6958fafa7076 dc35ed4c865d573d30e6ac1658f9fcbe777cdd9a63e684187a09b9b29ac02289 Loading...

	netcinehd.li/	ScriptElement	172 B	2025-03-24	2025-03-24
Pretty URL netcinehd.li/ IP 62.182.85.232 ASN #30860 Virtual Systems LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-24 03:32 Last Seen2025-03-24 03:32 Times Seen1 Hash c865d533a172d091cdad01f47e0106b3 42888cc5d89e368bf5c37b8911e516d715e704bb 1b19f37237cd8eb628efc069bb2f3accdf67c01a688d498499cc2178a5cb4941 Loading...

	www.googletagmanager.com/gtag/js?id=G-NZDPYDPLE0	ScriptElement	364 kB	2025-03-24	2025-03-24
Pretty URL www.googletagmanager.com/gtag/js?id=G-NZDPYDPLE0 IP 142.250.178.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-24 03:32 Last Seen2025-03-24 03:32 Times Seen1 Hash 8a62104b3e81e17f61e2df82253c9a15 9f9dbb98ef61c0300a190c71887aa9592ee3c2ac 9dd606d896d55564181f129d96f2d679ba25069c41a94c6a1866a953811cfc7d Loading...

	netcinehd.li/	ScriptElement	180 B	2024-12-04	2025-05-29
Pretty URL netcinehd.li/ IP 62.182.85.232 ASN #30860 Virtual Systems LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-04 14:52 Last Seen2025-05-29 15:52 Times Seen23 Hash 5ecdf986f06e20b0df929d422bcc9475 b74b14fc6bb099328dce3ffb67ab5122da8b5f54 35389540780906440d2566317c3a753b114d3d60fbb2cd15311cf8eec574beeb Loading...

	cdn.bcdn.zip/scripts/rmobi2.js	ScriptElement	961 B	2024-09-27	2025-05-29
Pretty URL cdn.bcdn.zip/scripts/rmobi2.js IP 185.59.220.199 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-27 21:30 Last Seen2025-05-29 15:52 Times Seen36 Hash 33b92ab151fe1191a10a2928b889f1ee ee812568e0447f6cf6400af06787e752411237d5 b8ef43b047d9fb243995974715d2dcd916082ccee77804567d575b9c0ea97626 Loading...

HTTP Transactions (21)

URL IP Response Size

cdn.bcdn.zip/scripts/tttttttttttttttttttttttttttttt2.js

185.59.220.199

403 Forbidden

0 B

URL GET
cdn.bcdn.zip/scripts/tttttttttttttttttttttttttttttt2.js
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /scripts/tttttttttttttttttttttttttttttt2.js HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: text/html
vary: Accept-Encoding
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
cdn-requestid: b3de9f4d30cd200878456f6361557920
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.bcdn.zip/scripts/mmoneint3.js

185.59.220.199

200 OK

1.1 kB

URL GET
cdn.bcdn.zip/scripts/mmoneint3.js
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1153), with no line terminators
Size
1.1 kB (1119 bytes)
Hash
e038cf4b21c52b381d21b04a4fbd30dd
b009a328f5719d39eeeb9d8a5952bf86f6dc6155
94997cb5d6e0e7382119dca0dc008cdb138e7b5e67e4f870f73bf3995da0f6b9

HTTP Headers

GET /scripts/mmoneint3.js HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netcinehd.li/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: application/javascript
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=1200
content-encoding: br
etag: "67c8e39e-45f"
last-modified: Wed, 05 Mar 2025 23:51:58 GMT
cdn-storageserver: DE-599
cdn-requestpullsuccess: True
cdn-fileserver: 862
perma-cache: HIT
cdn-proxyver: 1.22
cdn-requestpullcode: 200
cdn-cachedat: 03/21/2025 23:45:29
cdn-edgestorageid: 1076
cdn-status: 200
cdn-requesttime: 1
cdn-requestid: 208f013b1c5a69424d7cd3c0935c05e9
cdn-cache: HIT
X-Firefox-Spdy: h2

netcinehd.li/

62.182.85.232

200 OK

0 B

URL HEAD
netcinehd.li/
IP
62.182.85.232:443
ASN
#30860 Virtual Systems LLC

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectnetcinehd.li
Fingerprint83:0E:D9:75:9D:AF:C3:3B:D8:3A:09:5F:47:C9:74:03:21:54:8A:A2
ValidityFri, 14 Mar 2025 13:34:13 GMT - Thu, 12 Jun 2025 13:34:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: netcinehd.li
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Cookie: _ga_NZDPYDPLE0=GS1.1.1742787096.1.0.1742787096.0.0.0; _ga=GA1.1.2047757525.1742787097
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 24 Mar 2025 03:29:46 GMT
content-type: text/html; charset=UTF-8
m-cache: HIT
content-security-policy: frame-ancestors 'self' *.netcinehd.li netcinehd.li
link: <https://netcinehd.li/>; rel="canonical"
content-encoding: gzip
X-Firefox-Spdy: h2

txtxkufqlpewlbd.com/

139.45.197.111

200 OK

0 B

URL OPTIONS
txtxkufqlpewlbd.com/
IP
139.45.197.111:443
ASN
#9002 RETN Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjecttxtxkufqlpewlbd.com
Fingerprint9C:E7:51:72:72:31:03:35:DA:A5:81:0D:4C:3A:53:78:FE:68:78:0C
ValiditySun, 23 Mar 2025 11:23:54 GMT - Sat, 21 Jun 2025 11:23:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: txtxkufqlpewlbd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: HEAD
Access-Control-Request-Headers: content-type
Referer: https://netcinehd.li/
Origin: https://netcinehd.li
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 24 Mar 2025 03:31:37 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://netcinehd.li
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

txtxkufqlpewlbd.com/

139.45.197.111

200 OK

0 B

URL HEAD
txtxkufqlpewlbd.com/
IP
139.45.197.111:443
ASN
#9002 RETN Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjecttxtxkufqlpewlbd.com
Fingerprint9C:E7:51:72:72:31:03:35:DA:A5:81:0D:4C:3A:53:78:FE:68:78:0C
ValiditySun, 23 Mar 2025 11:23:54 GMT - Sat, 21 Jun 2025 11:23:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: txtxkufqlpewlbd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: text/html
Origin: https://netcinehd.li
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 24 Mar 2025 03:31:37 GMT
content-type: text/html
x-t87r23a39c16e15-4i27d39: 00000000000000000000000000000000
vary: Accept-Encoding, Origin
access-control-allow-origin: https://netcinehd.li
access-control-expose-headers: Link, X-Application-Token, X-Application-Key, X-Tag, X-Auth-Token, X-DirectionPartner-Id, X-ZoneType-Id, X-Hostname
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
x-application-key: zznyajq014nz0Ti9vB5j65vl2iays
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

netcinehd.li/

62.182.85.232

200 OK

8.6 kB

URL User Request GET
netcinehd.li/
IP
62.182.85.232:443
ASN
#30860 Virtual Systems LLC

Certificate
IssuerLet's Encrypt
Subjectnetcinehd.li
Fingerprint83:0E:D9:75:9D:AF:C3:3B:D8:3A:09:5F:47:C9:74:03:21:54:8A:A2
ValidityFri, 14 Mar 2025 13:34:13 GMT - Thu, 12 Jun 2025 13:34:12 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (9147), with no line terminators
Size
8.6 kB (8647 bytes)
Hash
958ff378bcce2310f3b43c84713f6b8f
4053654fcad1e6711e4094c70bf16bf801d57200
d2bf7e8eecd54decdd4f1e564a146f8f06e01a17ac0e7123ed374f0b83a311ab

HTTP Headers

GET / HTTP/1.1
Host: netcinehd.li
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 24 Mar 2025 03:29:45 GMT
content-type: text/html; charset=UTF-8
m-cache: HIT
content-security-policy: frame-ancestors 'self' *.netcinehd.li netcinehd.li
link: <https://netcinehd.li/>; rel="canonical"
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.bcdn.zip/scripts/rmobi2.js

185.59.220.199

200 OK

961 B

URL GET
cdn.bcdn.zip/scripts/rmobi2.js
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type
ASCII text, with very long lines (983), with no line terminators
Size
961 B (961 bytes)
Hash
ee01203ba0b34358960f6b3504ed8308
1326b4ab86c0a480763e6c0cd620297c3222b0c6
145169029e641c0b38b10e37994ab0cb2db73d86d09d763e77dd9d065f171683

HTTP Headers

GET /scripts/rmobi2.js HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: application/javascript
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=1200
content-encoding: br
etag: "66a55384-3c1"
last-modified: Sat, 27 Jul 2024 20:07:32 GMT
cdn-storageserver: DE-677
cdn-requestpullsuccess: True
cdn-fileserver: 587
perma-cache: HIT
cdn-proxyver: 1.22
cdn-requestpullcode: 200
cdn-cachedat: 03/21/2025 23:45:28
cdn-edgestorageid: 1053
cdn-status: 200
cdn-requesttime: 2
cdn-requestid: 7c920e0c11d20e4fb1add104ebc5d45c
cdn-cache: HIT
X-Firefox-Spdy: h2

cdn.bcdn.zip/scripts/scriptmenu7.js

185.59.220.199

200 OK

974 B

URL GET
cdn.bcdn.zip/scripts/scriptmenu7.js
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1008), with no line terminators
Size
974 B (974 bytes)
Hash
629c70fa43fa4d36978a5d76c2466256
2e06f3f3d8f8bda540a29d14c17ac4095088ddd1
3c0ed0a47c8eaa83b7c198c3ea958ce5fcd41b3332d0dbd1916aecf3fd3b3f50

HTTP Headers

GET /scripts/scriptmenu7.js HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: application/javascript
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=1200
content-encoding: br
etag: "66c691cf-3ce"
last-modified: Thu, 22 Aug 2024 01:18:07 GMT
cdn-storageserver: DE-638
cdn-requestpullsuccess: True
cdn-fileserver: 728
perma-cache: HIT
cdn-proxyver: 1.22
cdn-requestpullcode: 200
cdn-cachedat: 03/21/2025 23:46:27
cdn-edgestorageid: 874
cdn-status: 200
cdn-requesttime: 4
cdn-requestid: 4a02f9621f6b09c0d3c706e08a27bda8
cdn-cache: HIT
X-Firefox-Spdy: h2

cdn.bcdn.zip/scripts/mmoneaa.min.js

185.59.220.199

200 OK

28 kB

URL GET
cdn.bcdn.zip/scripts/mmoneaa.min.js
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type
JavaScript source, ASCII text, with very long lines (27953), with no line terminators
Size
28 kB (27953 bytes)
Hash
289f3f8e3d39978bea10e110941b4680
0408cc3c49f37fad24a94b0dc91043f3e9e93682
bdefc40030caf62225eed7eebc7ecf2c793b2fe4b1c70939eefd68fda8a23432

HTTP Headers

GET /scripts/mmoneaa.min.js HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: application/javascript
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=1200
content-encoding: br
etag: "67bf740a-6d31"
last-modified: Wed, 26 Feb 2025 20:05:30 GMT
cdn-storageserver: DE-637
cdn-requestpullsuccess: True
cdn-fileserver: 750
perma-cache: HIT
cdn-proxyver: 1.22
cdn-requestpullcode: 200
cdn-cachedat: 03/21/2025 23:47:04
cdn-edgestorageid: 1075
cdn-requestid: 09cc9c6152cd770545961adcc2bac76f
cdn-cache: HIT
cdn-status: 200
cdn-requesttime: 3
X-Firefox-Spdy: h2

cdn.bcdn.zip/wp-content/uploads/2017/04/netcine-header-ALT-1.png

185.59.220.199

200 OK

5.0 kB

URL GET
cdn.bcdn.zip/wp-content/uploads/2017/04/netcine-header-ALT-1.png
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type
RIFF (little-endian) data, Web/P image
Size
5.0 kB (4974 bytes)
Hash
62dccf400e806f4bfd5d60ae8cecc5fd
b23c77b429479bd0856f37913d054e54c76214a0
12a74639eb0fa4c163d8c047fb267a2f552df7fd444e1c9998bcc9237667b7dd

HTTP Headers

GET /wp-content/uploads/2017/04/netcine-header-ALT-1.png HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: image/webp
content-length: 4974
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
access-control-allow-origin: *
cache-control: public, max-age=1200
etag: "65cf8307-136e"
last-modified: Fri, 16 Feb 2024 15:45:11 GMT
cdn-storageserver: DE-636
cdn-requestpullsuccess: True
cdn-fileserver: 728
perma-cache: HIT
cdn-proxyver: 1.22
cdn-requestpullcode: 200
cdn-cachedat: 03/21/2025 23:45:28
cdn-edgestorageid: 723
cdn-status: 200
cdn-requesttime: 1
cdn-requestid: 0660ce5c93bbd708cf00e5879b7f3c38
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.bcdn.zip/wp-content/uploads/2016/09/favicon-nc-1.png

185.59.220.199

200 OK

274 B

URL GET
cdn.bcdn.zip/wp-content/uploads/2016/09/favicon-nc-1.png
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type
RIFF (little-endian) data, Web/P image
Size
274 B (274 bytes)
Hash
499981dc9aa6ac6ae5ce8c5330e9cb52
501fca0bffb07f4cc4d07ffccd7c5f8e359b3b7b
d30ab4860c3fdf31e1891bf957fb4cf162d158cd3e5231b3168d2556175c0878

HTTP Headers

GET /wp-content/uploads/2016/09/favicon-nc-1.png HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: image/webp
content-length: 274
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
access-control-allow-origin: *
cache-control: public, max-age=1200
etag: "65cf830f-112"
last-modified: Fri, 16 Feb 2024 15:45:19 GMT
cdn-storageserver: DE-635
cdn-requestpullsuccess: True
cdn-fileserver: 383
perma-cache: HIT
cdn-proxyver: 1.22
cdn-requestpullcode: 200
cdn-cachedat: 03/21/2025 23:45:08
cdn-edgestorageid: 1075
cdn-requestid: 6477965b0fff7d1a7b2eae63408fb34f
cdn-cache: HIT
cdn-status: 200
cdn-requesttime: 1
accept-ranges: bytes
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=00819662940245f7ec3b802c1a77254b

172.64.146.234

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=00819662940245f7ec3b802c1a77254b
IP
172.64.146.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://netcinehd.li/
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
d4397e591bb354190a8366c90c03f8e5
a9d12fb67f2effdb55a51c54af6b7ce3d4ece3ec
4cb6db35a91184d20e972058cde9488649906d3ab09194091b26aea66632fda4

HTTP Headers

GET /gid.js?userId=00819662940245f7ec3b802c1a77254b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://netcinehd.li
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 24 Mar 2025 03:31:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://netcinehd.li
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00819662940245f7ec3b802c1a77254b; expires=Tue, 24 Mar 2026 03:31:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 925318c19ede712b-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

netcine.zip/

0.0.0.0

0 B

URL User Request GET
netcine.zip/
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: netcine.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

cdn.bcdn.zip/scripts/menuu2.css

185.59.220.199

200 OK

3.3 kB

URL GET
cdn.bcdn.zip/scripts/menuu2.css
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type
ASCII text, with very long lines (3321), with no line terminators
Size
3.3 kB (3321 bytes)
Hash
b39e4224722e258051ada136b0f816e7
c0f54e986e5b2963ac02b8612aade79229247e5f
0938d3c50285e35bf38c87cd923e5338ff295b801aa8879521c024b262e2b22b

HTTP Headers

GET /scripts/menuu2.css HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: text/css
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=1200
content-encoding: br
etag: "66a56e02-cf9"
last-modified: Sat, 27 Jul 2024 22:00:34 GMT
cdn-storageserver: DE-1017
cdn-requestpullsuccess: True
cdn-fileserver: 818
perma-cache: HIT
cdn-proxyver: 1.22
cdn-requestpullcode: 200
cdn-cachedat: 03/21/2025 23:46:27
cdn-edgestorageid: 1047
cdn-status: 200
cdn-requesttime: 2
cdn-requestid: 2abfa63ccc4c8aaac90987663c64b547
cdn-cache: HIT
X-Firefox-Spdy: h2

cdn.bcdn.zip/scripts/tttttttttttttttttttttttttttttt2.js

185.59.220.199

403 Forbidden

0 B

URL GET
cdn.bcdn.zip/scripts/tttttttttttttttttttttttttttttt2.js
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /scripts/tttttttttttttttttttttttttttttt2.js HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: text/html
vary: Accept-Encoding
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
cdn-requestid: d03751876ed99464a7aa2ea7ee9fc6e9
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.bcdn.zip/scripts/blankw.js

185.59.220.199

301 Moved Permanently

1.1 kB

URL GET
cdn.bcdn.zip/scripts/blankw.js
IP
185.59.220.199:443
ASN
#60068 Datacamp Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectcdn.bcdn.zip
Fingerprint56:AD:2B:63:B5:73:64:9B:80:B8:96:57:E2:8B:D2:BF:CB:30:24:87
ValidityTue, 11 Mar 2025 02:13:40 GMT - Mon, 09 Jun 2025 02:13:39 GMT

File type

Size
1.1 kB (1119 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /scripts/blankw.js HTTP/1.1
Host: cdn.bcdn.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 24 Mar 2025 03:31:18 GMT
content-type: text/html
content-length: 162
location: https://cdn.bcdn.zip/scripts/mmoneint3.js
server: BunnyCDN-DE1-722
cdn-pullzone: 1552782
cdn-uid: 5e612068-3bb9-4e40-a899-ea27c6001df7
cdn-requestcountrycode: NO
vary: Accept-Encoding
cache-control: no-cache
access-control-allow-origin: *
cdn-requesttime: 2
cdn-requestid: bee26114861400185727cb4d5284028d
X-Firefox-Spdy: h2

teepashaiwher.com/5/8858321

139.45.197.244

200 OK

108 kB

URL GET
teepashaiwher.com/5/8858321
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectteepashaiwher.com
Fingerprint47:07:2D:A5:A2:35:94:26:43:95:99:CC:16:1B:79:00:33:C2:51:79
ValidityFri, 21 Mar 2025 02:08:14 GMT - Thu, 19 Jun 2025 02:08:13 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107648 bytes)
Hash
968d462ab62a485c363bc8545bc45383
a7091534394666288a5e873699bb6958fafa7076
dc35ed4c865d573d30e6ac1658f9fcbe777cdd9a63e684187a09b9b29ac02289

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/8858321 HTTP/1.1
Host: teepashaiwher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 24 Mar 2025 03:31:37 GMT
content-type: application/javascript
x-trace-id: b0a456b77b85ff700df6f073e5c6eab4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00819662940245f7ec3b802c1a77254b; expires=Tue, 24 Mar 2026 03:31:37 GMT; path=/; secure; SameSite=None
oaidts=1742787097; expires=Tue, 24 Mar 2026 03:31:37 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

teepashaiwher.com/wrr?z=8858321&p_rid=b20a0d61-642a-4e07-bfff-504ec07eb917&rb=wIAXvh67OqRqM_MSGG94gBbU4eEPQcAUIqm1z1ObaCzIdKynyuHOv592sz3IfIwPVjUL65-EHfEk3rItp27VFPMEcrfRbfNcGgWUQNXGDHkVMIaK1gLEN7UxZU-ngJvmtQSKcfijZr_pvDz8wHHAiaf2X7ESW21W6VKKfTFSgVVeLeK6NjTDrpVWnw9PWN_lOSj0x1MaAPd5NZOouy3yMGEMXGU5rk5UgjBkep7ibNDwFjKf2azI48qTa9eesN77l23jKI3wEz0x0AsSqMMasF_B22npiGs7&dmn=teepashaiwher.com&userId=00819662940245f7ec3b802c1a77254b

139.45.197.244

204 No Content

0 B

URL OPTIONS
teepashaiwher.com/wrr?z=8858321&p_rid=b20a0d61-642a-4e07-bfff-504ec07eb917&rb=wIAXvh67OqRqM_MSGG94gBbU4eEPQcAUIqm1z1ObaCzIdKynyuHOv592sz3IfIwPVjUL65-EHfEk3rItp27VFPMEcrfRbfNcGgWUQNXGDHkVMIaK1gLEN7UxZU-ngJvmtQSKcfijZr_pvDz8wHHAiaf2X7ESW21W6VKKfTFSgVVeLeK6NjTDrpVWnw9PWN_lOSj0x1MaAPd5NZOouy3yMGEMXGU5rk5UgjBkep7ibNDwFjKf2azI48qTa9eesN77l23jKI3wEz0x0AsSqMMasF_B22npiGs7&dmn=teepashaiwher.com&userId=00819662940245f7ec3b802c1a77254b
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectteepashaiwher.com
Fingerprint47:07:2D:A5:A2:35:94:26:43:95:99:CC:16:1B:79:00:33:C2:51:79
ValidityFri, 21 Mar 2025 02:08:14 GMT - Thu, 19 Jun 2025 02:08:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /wrr?z=8858321&p_rid=b20a0d61-642a-4e07-bfff-504ec07eb917&rb=wIAXvh67OqRqM_MSGG94gBbU4eEPQcAUIqm1z1ObaCzIdKynyuHOv592sz3IfIwPVjUL65-EHfEk3rItp27VFPMEcrfRbfNcGgWUQNXGDHkVMIaK1gLEN7UxZU-ngJvmtQSKcfijZr_pvDz8wHHAiaf2X7ESW21W6VKKfTFSgVVeLeK6NjTDrpVWnw9PWN_lOSj0x1MaAPd5NZOouy3yMGEMXGU5rk5UgjBkep7ibNDwFjKf2azI48qTa9eesN77l23jKI3wEz0x0AsSqMMasF_B22npiGs7&dmn=teepashaiwher.com&userId=00819662940245f7ec3b802c1a77254b HTTP/1.1
Host: teepashaiwher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://netcinehd.li/
Origin: https://netcinehd.li
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Mon, 24 Mar 2025 03:31:38 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://netcinehd.li
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

139.45.197.244

200 OK

2 B

URL POST
teepashaiwher.com/wrr?z=8858321&p_rid=b20a0d61-642a-4e07-bfff-504ec07eb917&rb=wIAXvh67OqRqM_MSGG94gBbU4eEPQcAUIqm1z1ObaCzIdKynyuHOv592sz3IfIwPVjUL65-EHfEk3rItp27VFPMEcrfRbfNcGgWUQNXGDHkVMIaK1gLEN7UxZU-ngJvmtQSKcfijZr_pvDz8wHHAiaf2X7ESW21W6VKKfTFSgVVeLeK6NjTDrpVWnw9PWN_lOSj0x1MaAPd5NZOouy3yMGEMXGU5rk5UgjBkep7ibNDwFjKf2azI48qTa9eesN77l23jKI3wEz0x0AsSqMMasF_B22npiGs7&dmn=teepashaiwher.com&userId=00819662940245f7ec3b802c1a77254b
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://netcinehd.li/
Certificate
IssuerLet's Encrypt
Subjectteepashaiwher.com
Fingerprint47:07:2D:A5:A2:35:94:26:43:95:99:CC:16:1B:79:00:33:C2:51:79
ValidityFri, 21 Mar 2025 02:08:14 GMT - Thu, 19 Jun 2025 02:08:13 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wrr?z=8858321&p_rid=b20a0d61-642a-4e07-bfff-504ec07eb917&rb=wIAXvh67OqRqM_MSGG94gBbU4eEPQcAUIqm1z1ObaCzIdKynyuHOv592sz3IfIwPVjUL65-EHfEk3rItp27VFPMEcrfRbfNcGgWUQNXGDHkVMIaK1gLEN7UxZU-ngJvmtQSKcfijZr_pvDz8wHHAiaf2X7ESW21W6VKKfTFSgVVeLeK6NjTDrpVWnw9PWN_lOSj0x1MaAPd5NZOouy3yMGEMXGU5rk5UgjBkep7ibNDwFjKf2azI48qTa9eesN77l23jKI3wEz0x0AsSqMMasF_B22npiGs7&dmn=teepashaiwher.com&userId=00819662940245f7ec3b802c1a77254b HTTP/1.1
Host: teepashaiwher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netcinehd.li/
content-type: application/json
Content-Length: 2517
Origin: https://netcinehd.li
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 24 Mar 2025 03:31:38 GMT
content-type: text/plain
content-length: 2
x-trace-id: dee43b71ed4c1cb5f2267768ace4cbdb
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://netcinehd.li
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00819662940245f7ec3b802c1a77254b; expires=Tue, 24 Mar 2026 03:31:38 GMT; path=/; secure; SameSite=None
oaidts=1742787098; expires=Tue, 24 Mar 2026 03:31:38 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 31 Mar 2025 03:31:38 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

netcine.zip/

62.182.85.232

301 Moved Permanently

8.6 kB

URL User Request GET
netcine.zip/
IP
62.182.85.232:80
ASN
#30860 Virtual Systems LLC

File type

Size
8.6 kB (8647 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: netcine.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 24 Mar 2025 03:29:45 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://netcinehd.li/

www.googletagmanager.com/gtag/js?id=G-NZDPYDPLE0

142.250.178.104

200 OK

364 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-NZDPYDPLE0
IP
142.250.178.104:443
ASN
#15169 GOOGLE

Requested by
https://netcinehd.li/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

File type
JavaScript source, ASCII text, with very long lines (6055)
Size
364 kB (364310 bytes)
Hash
8a62104b3e81e17f61e2df82253c9a15
9f9dbb98ef61c0300a190c71887aa9592ee3c2ac
9dd606d896d55564181f129d96f2d679ba25069c41a94c6a1866a953811cfc7d

HTTP Headers

GET /gtag/js?id=G-NZDPYDPLE0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://netcinehd.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 24 Mar 2025 03:31:36 GMT
expires: Mon, 24 Mar 2025 03:31:36 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 121290
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL GET

IP

ASN

Requested by