| 506k7ep.hellsixfirm.live/wjrpnjwd/?f=1&fp=8MJWOEGG6p7Pkpp8wsroNA==&o=3u0gcu2&sid=t2~03s54nn0zjbp5fs42lcjfcw4&u=pe7k605 |  185.155.184.55 | | 3.4 kB |
URL 506k7ep.hellsixfirm.live/wjrpnjwd/?f=1&fp=8MJWOEGG6p7Pkpp8wsroNA==&o=3u0gcu2&sid=t2~03s54nn0zjbp5fs42lcjfcw4&u=pe7k605 IP185.155.184.55:0
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1709), with CRLF line terminators Hash593a34e6ab95c663c3e5a0d438853ba1 04081cf62f4ce49cd4394072578b39b1ede2a843 f394d209d600c816aa699a316e7614c9ba2f94991d3c6e59006557ae5fa31903
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wjrpnjwd/?f=1&fp=8MJWOEGG6p7Pkpp8wsroNA==&o=3u0gcu2&sid=t2~03s54nn0zjbp5fs42lcjfcw4&u=pe7k605 HTTP/1.1
Host: 506k7ep.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 19 Apr 2024 22:22:45 GMT
Content-Type: text/html
Content-Length: 3354
Connection: keep-alive
cache-control: private
set-cookie: IsNotUniqueMainNew=true; expires=Sat, 20-Apr-2024 22:22:44 GMT; path=/
|
|
| 506k7ep.hellsixfirm.live/web/?sid=t2~03s54nn0zjbp5fs42lcjfcw4 | 185.155.186.25 | 302 Found | 212 B |
URL User Request GET HTTP/1.1506k7ep.hellsixfirm.live/web/?sid=t2~03s54nn0zjbp5fs42lcjfcw4 IP185.155.186.25:443
CertificateIssuerLet's Encrypt Subjecthellsixfirm.live Fingerprint7F:BE:27:37:14:15:BA:BF:B8:B4:C2:24:2F:0D:E2:3F:8F:67:FB:F7 ValidityThu, 18 Apr 2024 09:00:27 GMT - Wed, 17 Jul 2024 09:00:26 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashf6a5163c90a0306ff8395e58aa0ef8b9 34c4aabbc3f65ea0954e89133e7aa53f71693c2b 3c4292eea9a9a65cec83dcef090afaffb650a4ecd414226ea7a47bec2dcf8571
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /web/?sid=t2~03s54nn0zjbp5fs42lcjfcw4 HTTP/1.1
Host: 506k7ep.hellsixfirm.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506k7ep.hellsixfirm.live/wjrpnjwd/?f=1&fp=8MJWOEGG6p7Pkpp8wsroNA==&o=3u0gcu2&sid=t2~03s54nn0zjbp5fs42lcjfcw4&u=pe7k605
Cookie: IsNotUniqueMainNew=true; cookie1=true
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: openresty
Date: Fri, 19 Apr 2024 22:22:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 212
Connection: keep-alive
cache-control: private
location: https://re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108
referrer-policy: no-referrer
set-cookie: IsNotUniqueMainNew=true; expires=Sat, 20-Apr-2024 22:22:44 GMT; path=/
|
|
| re-captha-version-3-213.buzz/favicon.ico |  104.21.9.90 | 204 No Content | 0 B |
URL GET HTTP/3re-captha-version-3-213.buzz/favicon.ico IP104.21.9.90:443
Requested byhttps://re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108 CertificateIssuerLet's Encrypt Subjectre-captha-version-3-213.buzz Fingerprint0E:03:A9:77:6D:8B:BB:1E:EE:5E:9B:4B:12:D6:AB:38:C4:2B:84:1F ValidityFri, 05 Apr 2024 16:38:53 GMT - Thu, 04 Jul 2024 16:38:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: re-captha-version-3-213.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 19 Apr 2024 22:22:45 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 7054
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8AVAmzKC%2Fis8jWImEEagkq1ZvqYuZZFcfajZqdNqOglI1KxlCknq2qXxsv5UccQNGVewhqTSbSNz0FFz2IQeUUM7dtEBkE%2Bd4rTq4ButUbJDKb1evU3Fg%2Fh%2B4GyLp4hJ24WfZd9kJ2q%2BbOd1oXL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87704b90caeb1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js |  142.250.74.131 | 200 OK | 9.3 kB |
URL GET HTTP/2www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js IP142.250.74.131:443
Requested byhttps://re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeJavaScript source, ASCII text, with very long lines (28368) Hash9900403b65514fad7df39a4e788a6e45 75f9ba061ef4e72bb23528c700f2a11c56d637e9 a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5
GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-captha-version-3-213.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 15 Apr 2024 23:13:21 GMT
expires: Tue, 15 Apr 2025 23:13:21 GMT
cache-control: public, max-age=31536000
age: 342565
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP216.58.207.227:443
Requested byhttps://re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0 Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://re-captha-version-3-213.buzz
DNT: 1
Connection: keep-alive
Referer: https://re-captha-version-3-213.buzz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:25:07 GMT
expires: Fri, 18 Apr 2025 17:25:07 GMT
cache-control: public, max-age=31536000
age: 104259
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js | 142.250.74.131 | 200 OK | 9.9 kB |
URL GET HTTP/2www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js IP142.250.74.131:443
Requested byhttps://re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeJavaScript source, ASCII text, with very long lines (38231) Hash0541b823dfaf39162ef84cf075c9951b e0934726455558cc1a59823efada9651e33aafaa 21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522
GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://re-captha-version-3-213.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:42:01 GMT
expires: Fri, 18 Apr 2025 02:42:01 GMT
cache-control: public, max-age=31536000
age: 157245
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pushbizapi.com/api/errors/install?message=TypeError:%20can%27t%20access%20property%20%22register%22,%20navigator.serviceWorker%20is%20undefined |  136.243.216.232 | 200 OK | 0 B |
URL GET HTTP/2pushbizapi.com/api/errors/install?message=TypeError:%20can%27t%20access%20property%20%22register%22,%20navigator.serviceWorker%20is%20undefined IP136.243.216.232:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108 CertificateIssuerLet's Encrypt Subjectpushbizapi.com Fingerprint28:BD:9F:68:03:AB:2B:0D:09:EA:3E:A9:8D:B1:CC:0A:0C:1B:BF:BF ValiditySat, 16 Mar 2024 05:48:13 GMT - Fri, 14 Jun 2024 05:48:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/errors/install?message=TypeError:%20can%27t%20access%20property%20%22register%22,%20navigator.serviceWorker%20is%20undefined HTTP/1.1
Host: pushbizapi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://re-captha-version-3-213.buzz/
Origin: https://re-captha-version-3-213.buzz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 22:22:46 GMT
content-length: 0
x-aspnetmvc-version: 5.2
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
|
|
| re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108 | 104.21.9.90 | 200 OK | 59 kB |
URL User Request GET HTTP/2re-captha-version-3-213.buzz/ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108 IP104.21.9.90:443
CertificateIssuerLet's Encrypt Subjectre-captha-version-3-213.buzz Fingerprint0E:03:A9:77:6D:8B:BB:1E:EE:5E:9B:4B:12:D6:AB:38:C4:2B:84:1F ValidityFri, 05 Apr 2024 16:38:53 GMT - Thu, 04 Jul 2024 16:38:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ms/dog/?c=ae6678e1-277d-428f-b735-9763965f88d0&a=l4108 HTTP/1.1
Host: re-captha-version-3-213.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 22:22:45 GMT
content-type: text/html
last-modified: Fri, 12 Apr 2024 20:46:23 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3UYlrk9aE%2BSzbAsZBIlHpEEFThzmLVUUmW4S3rCGeJ7q17HsupdRx4W7VMUlnpCebMX1S3zuzVKt6PybhvABZqwKXppzO78b9bPlzmQ0TmFdbcwPZB5syYHr9O5odbqSZ9LIb1%2FXEmDRNti0nGMR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87704b8eee495691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|