| wmutqnzfeddd.pages.dev/smart89/images/mnc.png | 172.66.46.246 | | 187 B |
URL wmutqnzfeddd.pages.dev/smart89/images/mnc.png IP172.66.46.246:0
File typePNG image data, 140 x 30, 1-bit colormap, non-interlaced Hash271021cfa45940978184be0489841fd3 201030af9b1bc5d3c8d453efbfdf89b68d6c1be5 c5a324f181af16879b6c4c52b731b23392f2816def159b157c4de620cff1cd41
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/mnc.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 187
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "653967a2ac91034b61d1ad76540b8eb4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHDnSRmhn2JhQXtovXiokPpRSKgj%2FGU7q2YzhvOMFhZvbniAwfc6JM8csxO8t01%2B44%2FrD7o%2B4GlNSwuWzU%2B4asEuBNVbpyAqSPS8GeZKo%2BJ5jh2kiR6z4rQQZAF6UKlYHJ%2BYkRNFVHco"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff5d8f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/msmm.png | 172.66.46.246 | | 168 B |
URL wmutqnzfeddd.pages.dev/smart89/images/msmm.png IP172.66.46.246:0
File typePNG image data, 31 x 30, 4-bit colormap, non-interlaced Hashacb05ebcd5f488fc99169cff02b6dd04 dca893a7b514503e947a57aa072482a0e0cba912 1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/msmm.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 168
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "8ca71578100459238fb030f8dd97e8bb"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dc9NAS4wsRJ%2F3S%2Fw%2FnT9mfxYr0Rsl8tbQFlUnDqvQfW%2FKqsg%2BhTZrb9u7RmDPm5bVoH3ezbOps3gQ3tMjzsa%2FZoeCNqcADtYDfY4s0Y%2FhsKom95mlGy8ZxjFLf1w%2F1Yjy9p7%2B1OgKpOW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff618f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/set.png | 172.66.46.246 | | 364 B |
URL wmutqnzfeddd.pages.dev/smart89/images/set.png IP172.66.46.246:0
File typePNG image data, 12 x 12, 8-bit/color RGB, non-interlaced Hashe144c3378090087c8ce129a30cb6cb4e 59da5466551de941d0215e45c54aa2ceaf436be1 b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/set.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 364
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ee63d8b934f54cf7e606ebae2b4bfcf6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DDiL5qHGWs%2BmbO8xqleEUt0fM8Zc%2B2aWXOtB8K8HlndICIPPDjDXo8OAP83jx8IqfwtdcwIqQDGj98%2F2SA2zVP9Tku8vRfrKgLcoBVsWhxJqaMYD8mpJhrobcwaKS1Rs%2F2CRAqqRsmOc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff658f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/vsc.png | 172.66.46.246 | | 722 B |
URL wmutqnzfeddd.pages.dev/smart89/images/vsc.png IP172.66.46.246:0
File typePNG image data, 128 x 128, 1-bit colormap, non-interlaced Hash42d8f2cc1ae5759c2369f255f36ebc03 8e592162eec14e72d0a751d714a641dbece91f6b 31c6dbe9d867436244f38566adad57e3870f4c8489c6804280eb564bfac5c1bd
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/vsc.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 722
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "da27b6888c7cff8c20811d9d856d5f9d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQQx1v5IoiYPo5nZ3Qo50GmqIziZqTokJATNHriS%2B80nY0FvUKSQVQ9fSDV0hL%2FThiQD3hUeleVFNEMQOMgWw8GOyH8PjuHjX0qYA9n8Vl5AV3yi5UcOpaKRlZF7AsT1XX0XcqwfgBpH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd230f6b8f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/f24.png | 172.66.46.246 | | 483 kB |
URL wmutqnzfeddd.pages.dev/smart89/images/f24.png IP172.66.46.246:0
File typePNG image data, 1920 x 4236, 8-bit colormap, non-interlaced Size483 kB (483167 bytes) Hashc3aa26411736b8f01982741dbd37b043 bad171a74fb4b5d1f433197b66bcd24db953fd90 11d4d0aa8bf0ab597bee785cd9d03301787faee4aae43d66ab53b15f0fe7d849
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/f24.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 483167
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "43870a7a4f9f16f9812e7ea40932c185"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CETHuPtqvHlBcpUpyayjVVHk54TjL%2B%2FbnGY79G6ENIkAGCGdWOe8BnjBzTBThKvGqEk0eXl3EQiq2sPR7%2FIK32cU5ufoHA5aYcwLHbkYAn47ESWo43vI4H%2BcQMjRnORyKeh94AvwKDjz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff5b8f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/bel.png | 172.66.46.246 | | 276 B |
URL wmutqnzfeddd.pages.dev/smart89/images/bel.png IP172.66.46.246:0
File typePNG image data, 13 x 13, 8-bit colormap, non-interlaced Hash7616d96c388301e391653647e1f5f057 b1868c8f0f46309a8e26f584ac82000d54c06ecd 4c1606563842cce5f1788329d4417ae3618b33c6365c56a7122439b6ab45c977
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/bel.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 276
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "f4e0dc23fa0c9a87dc8527d52bd80a1e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=areUIRBkOzSwcGBCVa7dvw2DxbDQPzursbpCipSdQyw4eZMzAFnZCwTuKTvX3hjldKDtHgOv8AbnBmZMthSN%2FNaDVzM7i83FGXiJrovQHGbsR4W6JwQm0SGmBV3XErLVW9vq%2BgtqlQ%2F4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd230f768f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/pcm.png | 172.66.46.246 | | 1.3 kB |
URL wmutqnzfeddd.pages.dev/smart89/images/pcm.png IP172.66.46.246:0
File typePNG image data, 166 x 92, 4-bit colormap, non-interlaced Hash05cdf1a2c2fc8f07bea0a8f4f9356637 b7bbd626d1d6c832509e820cae1d971b34f625e6 afe332157f4efe355f3181284e99f4331c4d19703ed1678b5316d2933f95e98e
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/pcm.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 1270
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "f526107ac63134fd87055a8d49a6e1d6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4WJ5Cu7pb1z4sHlS9BVXSpWOjjVeRZqvbCvfp96Mfa39fgHisimMntKgYipEXcqEqn4LqyolT9nTR6Rt2fbEwkKThlR5uMV2zSpArYMTnDWqHxp4IDONGZLWS8GGxj3UOnJLmES40M5I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd231f7b8f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/dm.png | 172.66.46.246 | | 332 B |
URL wmutqnzfeddd.pages.dev/smart89/images/dm.png IP172.66.46.246:0
File typePNG image data, 100 x 100, 1-bit colormap, non-interlaced Hash9d8a90a63d20f05d27e5d6abb35e0cd0 5873b4007e9d55b4d891a4c427b3735ed23dbfe8 7df9f467d23ee1887edb2123cca10a1a9c4624cdcf7199c64e78a8430031f9f5
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/dm.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 332
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b5c69f4e5e8f959bb3eb0ad49250137b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqLzoz954alCQFCgW66T5gxBNULrn9LP9VKW5tE06AJiaSHmP4upivi%2BRJfVg%2F7%2B%2FX2d7TGvD54s0UAwOrmvc5sfo5FpbKQdGPDO2lV1NwloHDVN9Em%2FTs9jPZBCmvyu5MND1OTUq0nt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd231f7f8f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/cs.png | 172.66.46.246 | | 2.7 kB |
URL wmutqnzfeddd.pages.dev/smart89/images/cs.png IP172.66.46.246:0
File typePNG image data, 520 x 520, 8-bit colormap, non-interlaced Hashb01a30d354bfcf51edf33e0b0ea07402 c421359518d1ae258237bf501c563b7f059f8b9b b67a7c07a045d7cb0f2e216a557aec0d99405e17c36d1a6b1ff3e2733aa35348
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/cs.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 2681
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b1ddc8bc7bef23126af012bc26318301"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8B4PTp4y0kCtnFAaSjAVRkVet%2FKhH0uZlOXRFDwhPegSQJAzfw6AYiDfA0Dxr822Y7xhEE1nwbpPircqcxkM2lakkb6iV%2B5KDnDqr4wH1izA%2FzO1ihz77Qcj0Me8QXRjnXflAZX%2FvRn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd231f858f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/re.gif | 172.66.46.246 | | 15 kB |
URL wmutqnzfeddd.pages.dev/smart89/images/re.gif IP172.66.46.246:0
File typeGIF image data, version 89a, 193 x 71 Hash6fcb78e0cd7933a70eea2cf071f82118 70364bffd62fe33360abe70ecc7f7c0541b3b54c 4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/re.gif HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/gif
content-length: 14751
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "100a9924b8b50ce024e2fa5b31934d7f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrhacdDFaFmrdbPWUIYljddG3E%2FU4Gtle9J3kslMo10bRIb0f%2Bc4NOr%2FBDnhapC3jdqKcr6878uWZRm7S09KlVlPOaOtHchcAdBUrPFM75PIPXhmU%2Bum8LSMNrfHY4zflOfV2cuk32L1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd231f878f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| ocsp.usertrust.com/ | 104.18.38.233 | | 280 B |
IP104.18.38.233:0
Hash0a44d009deb77cca857669263b1e24a4 e5227d202e05255965300e2754fd0efe32893763 53a4a2edf235fecf081713f3f02fe9323a1b28a6a253dbe8ce7ad0def391a780
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 04:40:46 GMT
Content-Type: application/ocsp-response
Content-Length: 280
Connection: keep-alive
Last-Modified: Sun, 14 Apr 2024 03:41:37 GMT
Expires: Sun, 21 Apr 2024 03:41:36 GMT
Etag: "e5227d202e05255965300e2754fd0efe32893763"
Cache-Control: max-age=596722,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8759bd27589aabcc-CPH
|
|
| wmutqnzfeddd.pages.dev/smart89/media/kkeie3.mp3 | 172.66.46.246 | | 194 kB |
URL wmutqnzfeddd.pages.dev/smart89/media/kkeie3.mp3 IP172.66.46.246:0
File typeAudio file with ID3 version 2.4.0, contains:
- MPEG ADTS, layer III, v2, 48 kbps, 22.05 kHz, Monaural Size194 kB (193612 bytes) Hash40ce7ccb1aa8b0da1f51995ebb59f4e8 ed8a51e3bae2d58202c02471e6a798bbff84dee9 8f24cf514509b9830bcb4a7204463b87fa3e6d9ce47187192130f8230b1990e3
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/media/kkeie3.mp3 HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://wmutqnzfeddd.pages.dev/smart89/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:46 GMT
content-type: audio/mpeg
content-length: 193612
access-control-allow-origin: *
etag: "e50621b174fd568a8eb61c2382666a7a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hWe43oAfB8yQswNgQlrksZ3MWElj8SuJY06XH4tpbQToRUB4cgg1g6baQ8Vo%2FnW6JKNBqlzDczYb0DpKfdtIxCOGh5AzJwAGGQf%2FDYNde1jgUvReBWqfkPuZErqP30F%2BH0XLd%2BX2O%2F0d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd272ac48f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/media/yaketsuku.mp3 | 172.66.46.246 | | 8.4 kB |
URL wmutqnzfeddd.pages.dev/smart89/media/yaketsuku.mp3 IP172.66.46.246:0
File typeAudio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural Hash8618fbb0911e3b8fc96725dee8bfd81f 1bbcb78922946d0cf18fbf3a9e092e36453eb767 0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/media/yaketsuku.mp3 HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://wmutqnzfeddd.pages.dev/smart89/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:46 GMT
content-type: audio/mpeg
content-length: 8405
access-control-allow-origin: *
etag: "0825ebad9a641a19e1944426ffe4916e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nehHbqzpq0B%2BJ4%2Bbg3MPLZvf4GNmAzlgyoPRJksRjcPgZMNQUYxUCAt%2FK6c2%2F3jdl4DdXOk%2BvhFNUyiFT66H7Hh%2FNCwTPvLzH1S6ZPIqB37AHzVHH8%2FriuUfzD3c2h%2FqVxf%2FvM%2Bg9UOb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd273ac58f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/ai2.mp3 | 172.66.46.246 | | 688 B |
URL wmutqnzfeddd.pages.dev/smart89/ai2.mp3 IP172.66.46.246:0
File typeHTML document, ASCII text, with CRLF line terminators Hash29cc843758125eb38c1988def6787ac2 46488fbb6de9406bff41785cc6ab8449b58137f9 298f028ea90f7af0e76c0aa267420be9bfd762cbf07c3d01988131a43447f079
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/ai2.mp3 HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://wmutqnzfeddd.pages.dev/smart89/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:46 GMT
content-type: text/html; charset=utf-8
content-length: 688
access-control-allow-origin: *
etag: "1b76ebcfeea5e66f12607deac4bd6052"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ghBTzEFhak7DDfceAFbdaqw67W22XblxJzkcfqJo5AZFM8TJfV4kQMVWQnvXavb21%2FtGAVsBaQ5DLcy8h1gJqYSWPRU9awqD4St5ZI9d9aPnT9w9eaxDDiGmLE6wVp2q8n21jHXYDCKU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd275ad88f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| ipwho.is/?lang=en | 195.201.57.90 | | 669 B |
IP195.201.57.90:0 ASN#24940 Hetzner Online GmbH
Hash37549cb6120ef62c73ae9d768b3fc6e7 16ed72a70be9adb43e012ff3379e8b064474c2e0 c730af7813fcf06b950d22e1b5647bdf518f8206d702c145af853eb65f45846e
GET /?lang=en HTTP/1.1
Host: ipwho.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/
Origin: https://wmutqnzfeddd.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 04:40:46 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: ipwhois
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
X-Robots-Tag: noindex
|
|
| wmutqnzfeddd.pages.dev/smart89/images/msmm.png | 172.66.46.246 | | 168 B |
URL wmutqnzfeddd.pages.dev/smart89/images/msmm.png IP172.66.46.246:0
File typePNG image data, 31 x 30, 4-bit colormap, non-interlaced Hashacb05ebcd5f488fc99169cff02b6dd04 dca893a7b514503e947a57aa072482a0e0cba912 1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/msmm.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:46 GMT
content-type: image/png
content-length: 168
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "8ca71578100459238fb030f8dd97e8bb"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULz8qXq7lZt30nGfUUOlNw%2BAlAHh4iBghLXdiksHCAhlU4uLziFnAPw5Rz%2FRe5YfMNZDaw%2F2QF8JKrHG6Lib25BKn7EbZq%2BEuYF1PcHBuQWjaVEIjVa75bQEZMn7D0DHfWpxRTrgvyO%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd289bda8f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/js/progress.js | 172.66.46.246 | | 869 B |
URL wmutqnzfeddd.pages.dev/smart89/js/progress.js IP172.66.46.246:0
File typeJavaScript source, Unicode text, UTF-8 text, with CRLF line terminators Hashc169d3a792ac5e863d595454ced3d9e9 82a940a1f99100d746617354d628b75cf3617438 ec26e7b3ffc4e5ac78cb13db7c37f7a799f05a58aebf82454a261ee40298b20c
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/js/progress.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2940b823dee8ccc2f31d8ba73c1e08ac"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xgK4hZJXyqdZKSSB7iBlr97i2u4V4fKFkFLMr%2BX5gbPPyGS9e8Il2hTGB6zNoZv5X77GYUGHzf89%2BO3HT%2F3JuWlJEk7y5AC5K%2BmaIDOPJt2%2FmelK76xLsSmAcziDtuHBslif0P7PiJor"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f8f8f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/js/btn.js | 172.66.46.246 | | 658 B |
URL wmutqnzfeddd.pages.dev/smart89/js/btn.js IP172.66.46.246:0
File typeASCII text, with CRLF line terminators Hash7d3a1275f2e32ba593f7b3fd8632d97c 330a7a455635e494be7111f1ef0836ab7274bdc0 53bf10ee7f7e2fbc50a92980a64c87c95107e4192c719b63b561a641b6209fcf
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/js/btn.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7fe5dacbe160ece33e52c27802b25b6a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KW%2BtyDzHbu3TWVwqjsZNwYxLtCSNuAzDh9a%2BF3sgHMQ6fzjyLUlgh2DEIWfKxum%2Bq8NY13f3d81MHhkcNbvD%2FnwiYaJs8NZcM6XnY%2FisySm228Tyyx1ds5Seau7nBJJxDYNKoj5xYLNb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f928f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae | 185.155.184.32 | 200 OK | 63 kB |
URL User Request GET HTTP/1.1mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae IP185.155.184.32:443
CertificateIssuerLet's Encrypt Subjectmygiftaward.life FingerprintC3:1E:96:B3:A8:E0:B6:EA:49:13:37:8D:F6:68:4D:9D:BD:8E:B7:0C ValiditySun, 24 Mar 2024 23:31:16 GMT - Sat, 22 Jun 2024 23:31:15 GMT
File typeHTML document, ASCII text, with very long lines (47858), with CRLF line terminators Hash1ec05550e0d654ec1e2f91404cc8fe89 fea405f99706354c3cdfe16687e523e76a276f26 5b4b0bbff650a29a669383c65d252067d645cb427aa193143fd47ea2908efbe2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae HTTP/1.1
Host: mygiftaward.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://checking-browser.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 04:40:48 GMT
Content-Type: text/html
Content-Length: 62695
Connection: keep-alive
set-cookie: sid=t2~3q5xlkhas3hui2ae4cc24cvd; path=/
sid=t2~3q5xlkhas3hui2ae4cc24cvd; path=/
p1=https://lessemujust.live/avlitlec/; path=/
s1=u1n5x5lopva1udzy; path=/
cache-control: private, no-transform
|
|
| mygiftaward.life/favicon.ico | 185.155.184.32 | | 0 B |
URL mygiftaward.life/favicon.ico IP185.155.184.32:0
CertificateIssuerLet's Encrypt Subjectmygiftaward.life FingerprintC3:1E:96:B3:A8:E0:B6:EA:49:13:37:8D:F6:68:4D:9D:BD:8E:B7:0C ValiditySun, 24 Mar 2024 23:31:16 GMT - Sat, 22 Jun 2024 23:31:15 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: mygiftaward.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae
Cookie: sid=t2~3q5xlkhas3hui2ae4cc24cvd; p1=https://lessemujust.live/avlitlec/; s1=u1n5x5lopva1udzy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 17 Apr 2024 04:40:48 GMT
Connection: keep-alive
Cache-Control: no-transform
|
|
| wmutqnzfeddd.pages.dev/smart89/js/jquery-1.4.4.min.js | 172.66.46.246 | | 29 kB |
URL wmutqnzfeddd.pages.dev/smart89/js/jquery-1.4.4.min.js IP172.66.46.246:0
File typeJavaScript source, ASCII text, with very long lines (820) Hash2130b7ed48a1006f774734218d916dee 86d0aaf4ecb3ead31c3c2739853c089d8d1dc619 d8af41d20b1af69b8c2a8e0776d181a8224f17d314fc2479c8a389a9e79d0542
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/js/jquery-1.4.4.min.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"0e620b1668791704ec2fed2350e0857f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4gzFatADknulyxPNfgKNIz8I09aluExsOlG8qkz47CrHp9Bz6yMeqVALDuau3UMXjuKIz%2FH%2FhLQNqJe%2B1aK8nuBt4dZ8ZjVJ37wWsLHPB6q0IXuSE6nKWSk4FpOA8BEncIAfUy5EYlY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ef498f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D | 185.155.186.25 | 200 OK | 17 kB |
URL User Request GET HTTP/1.1weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP185.155.186.25:443
CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeHTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (562) Hash2ba1dc20ea836e3b651748ce3bc19fc3 5a230bc59f1507fa66548fc4dded85537697c3c2 6533061b92934f0ff94b3d8073eef77f5ffd6ff98b45a7d7bc0de9124bbdc130
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mygiftaward.life/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:48 GMT
Content-Type: text/html
Content-Length: 16903
Connection: keep-alive
cache-control: private
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/bootstrap-mini.css | 185.155.186.25 | 200 OK | 10 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/bootstrap-mini.css IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeASCII text, with very long lines (571), with CRLF line terminators Hashf0a842b8b8a52bb05e6c729828fbb40e f1fe8a76db92bc9bd3f9d70f3867f03d51ebbae5 eb9fe798331b592bd8fc54d5ede3ac19e961b5aa7c2dffb3dbb17ce5fcb88e01
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/bootstrap-mini.css HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/css
Content-Length: 10214
Connection: keep-alive
ETag: "f0a842b8b8a52bb05e6c729828fbb40e"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F702546C4ECB
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#292024605/gid:0/gname:root/mode:33279/mtime:1653412343#213095000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:23.213095Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/font-awesome-mini.css | 185.155.186.25 | 200 OK | 1.9 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/font-awesome-mini.css IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeASCII text, with very long lines (1857), with no line terminators Hash8b2fe9dcd9e31f21056ebc3d6667123c 49e6a844f0085d9f653faab8a451742be82ecdf7 e7eb3ba41e31f5d9710bb64a87a5e9e7664143a95f68d0f357fe0d4252bb58d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/font-awesome-mini.css HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/css
Content-Length: 1857
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8b2fe9dcd9e31f21056ebc3d6667123c"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F70257D4190E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#911577422/gid:0/gname:root/mode:33279/mtime:1653412350#393111000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:30.393111Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| wmutqnzfeddd.pages.dev/smart89/js/main.js | 172.66.46.246 | | 7.8 kB |
URL wmutqnzfeddd.pages.dev/smart89/js/main.js IP172.66.46.246:0
File typeJavaScript source, ASCII text, with CRLF line terminators Hasha8083679971ecd63a124db5693b9209c 968b872b5ec517f01fde36917e9a1e571d5c68d9 16f624b7ce0ec6c382437722455158ffe67735c0afd8a2326ce4a1415cb1327a
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/js/main.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"72906a057a813f68182faf14937568f0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5J0dELGXES9CLIFhUrgbxOSk%2B7XysdOcPLpGxbvNADeig9CPTkmRbItM3Qrx5vScsdXsUu81EcWcmE2Aq4AxdHwV6E6haDnb2t2ls%2FdbBxYtC12geUWjpoadzFGaLlxks7tWO1Zsa4Z%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f908f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/jquery.min.js | 185.155.186.25 | 200 OK | 87 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/jquery.min.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (32058) Hashc9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jquery.min.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 86659
Connection: keep-alive
ETag: "c9f5aeeca3ad37bf2aa006139b935f0a"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F702630FCCC7
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#691751355/gid:0/gname:root/mode:33279/mtime:1653412360#809134000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.809134Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/4.js | 185.155.186.25 | 200 OK | 5.8 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/4.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (5828), with no line terminators Hash8c7a2e36533feed8cd5fbca8b8f91114 854cdef22953f1eab3d94eb6b421c433ad34f4c7 f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/4.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 5828
Connection: keep-alive
ETag: "8c7a2e36533feed8cd5fbca8b8f91114"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F77B45B7E816
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223404#199748000/gid:0/gname:root/mode:33279/mtime:1653412338#153083000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.153083Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| wmutqnzfeddd.pages.dev/smart89/js/noir.js | 172.66.46.246 | | 43 kB |
URL wmutqnzfeddd.pages.dev/smart89/js/noir.js IP172.66.46.246:0
File typeJavaScript source, ASCII text, with very long lines (32478) Hash433b079c773ae63f4e1af2f9b92d09f1 54f6987c955ace72deb8864572be36e526029614 e6aa5558980389b32f515fbccd1c46dd127ceb9705908f2df2405c96713a5e7c
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/js/noir.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"0194b4a6ea0f5c52fb89ceca7a265a8b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2FKobL50ZU%2BT0DqqdEMpNBlxX3RiGrJm41cpRPdcySf0v2NZNflSnxHhnqa0JqwtceBeEReRdx6MMjqxJwdjcW%2F%2FYWSe37kMMCb6zgDBu3N4jgaEeNxYb44YiXJuYlK2vbS4rtYeuOu3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff508f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| wmutqnzfeddd.pages.dev/smart89/images/bx1.png | 172.66.46.246 | | 1.2 kB |
URL wmutqnzfeddd.pages.dev/smart89/images/bx1.png IP172.66.46.246:0
Hashdbdb981f8658c845968ec8226f81d1d8 d679b7bf47f71cd55b6c307cf96146a95660d667 5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/images/bx1.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 119006
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b439c2f816d481fcd7e2eb2937f1fdbf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDvqwuHacvUJjMLrBeyw%2BKa6SMPlrO13KMJUd3ueNUtTWkH4mO%2Br%2FIyAtQhCVhuGQa2krnXessTQ8Dd223tk5RAdWty2k4r02HyXzPSY0%2FrGADElvBWg%2FwzjEK3t%2Fm62TMwUBzgd5U%2Bs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd230f6f8f5b-CPH
alt-svc: h3=":443"; ma=86400
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/5.js | 185.155.186.25 | 200 OK | 12 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/5.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (11920), with no line terminators Hashde362f15f5232df7747f7e741f587fcd 6353ff9bb0db73da818f1bc7250866f3d56bc8f8 e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/5.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 11920
Connection: keep-alive
ETag: "de362f15f5232df7747f7e741f587fcd"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F77B990134A3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#798904105/gid:0/gname:root/mode:33279/mtime:1708809291#359091145/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.387Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/7.js | 185.155.186.25 | 200 OK | 7.9 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/7.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (7936), with no line terminators Hash114f0be35fbff35e205c5f0bc146d864 dad256468614b8bb885233a71b31751edc222c5d 7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/7.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 7936
Connection: keep-alive
ETag: "114f0be35fbff35e205c5f0bc146d864"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C312EF8C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809291#567091493/gid:0/gname:root/mode:33279/mtime:1708809291#543091452/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.569Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/u.js | 185.155.186.25 | 200 OK | 24 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/u.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (24389), with no line terminators Hash89ed4b592ab506a6fca18e95657dfc4f 179998ad5741d669e75521fb943850a808917924 4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/u.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 24389
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "89ed4b592ab506a6fca18e95657dfc4f"
Last-Modified: Sun, 25 Feb 2024 11:59:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F6915129A9E3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809189#0/gid:0/gname:root/mode:33188/mtime:1708862369#235249424/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-25T11:59:29.279Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/2.js | 185.155.186.25 | 200 OK | 15 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/2.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (15146), with no line terminators Hash0bddd3bcca2df107ca5b8187b8e2a3f8 8bb441d73dfd233f8db6bbaffc2b0227a329a0f7 03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/2.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 15146
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0bddd3bcca2df107ca5b8187b8e2a3f8"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F7027339CC29
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809290#963090484/gid:0/gname:root/mode:33188/mtime:1708809290#939090444/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.967Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/3.js | 185.155.186.25 | 200 OK | 15 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/3.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (14971), with no line terminators Hash55bab18cf6adc22fc3d91e30c20ce0e6 0f18ff18d3db09841c930241460d61bc136e5a34 b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/3.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 14971
Connection: keep-alive
ETag: "55bab18cf6adc22fc3d91e30c20ce0e6"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F6F2A9C569C2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#30902711/gid:0/gname:root/mode:33188/mtime:1708809291#171090831/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.198Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/6.js | 185.155.186.25 | 200 OK | 29 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/6.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (28941) Hashba847811448ef90d98d272aeccef2a95 5814e91bb6276f4de8b7951c965f2f190a03978d 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/6.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: application/javascript
Content-Length: 29110
Connection: keep-alive
ETag: "ba847811448ef90d98d272aeccef2a95"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C2A2AD29
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#292024605/gid:0/gname:root/mode:33279/mtime:1653412338#597084000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.597084Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img1.jpg | 185.155.186.25 | 200 OK | 1.3 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img1.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3 Hashc3c59916d3b4977017c89125dc42b664 c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img1.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C5927886
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412354#865120000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.86512Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img3.jpg | 185.155.186.25 | 200 OK | 2.3 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img3.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, baseline, precision 8, 50x50, components 3 Hash5edf4db493423ac10c72a27ad5c4a618 5c535d00eaeaa725b39e3e1167a12de5bd66a1f2 a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img3.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F6698C8E2228
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#109121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.109121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img5.jpg | 185.155.186.25 | 200 OK | 2.0 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img5.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, baseline, precision 8, 50x50, components 3 Hash6d02d5cf49120718501b9a6629290c48 a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1 84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img5.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F77BA9014B4C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#379750654/gid:0/gname:root/mode:33279/mtime:1653412355#241121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.241121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img4.jpg | 185.155.186.25 | 200 OK | 1.2 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img4.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3 Hasha848711320a9df61e6457f65b0dfa9fb 68a62a84d89f4f9e1e831a6cef920797c7f2e7d5 aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img4.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C5F0DCEB
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#375750645/gid:0/gname:root/mode:33279/mtime:1653412355#181121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.181121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img6.jpg | 185.155.186.25 | 200 OK | 2.1 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img6.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, baseline, precision 8, 50x50, components 3 Hashf48aa7778890400e3be6131e64cd4236 9341d039b9f7de4eac9070c36fecac2772cc1ba0 388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img6.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C73AA067
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#383750663/gid:0/gname:root/mode:33279/mtime:1653412355#293121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.293121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| wmutqnzfeddd.pages.dev/smart89/js/nvidia.js | 172.66.46.246 | | 2.0 kB |
URL wmutqnzfeddd.pages.dev/smart89/js/nvidia.js IP172.66.46.246:0
File typeJavaScript source, ASCII text, with very long lines (2051), with no line terminators Hash2dcb8bbd4be0845b6eba41578137ef61 5c71a26c9c3cc73b15a888dbddbbe6ceb2189984 f84bea5397057e0ab07efc0dd7f7b674783df7234276dc010bb88fb84ddfd4a1
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/js/nvidia.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"f423f9c7d2b9809bb9730e80eb5dcd74"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouMT3TMUMA2pjKOtsmqF7qPlIN8ypYwxgDIc3fjQC1Z5hVsKRUfRl3utMtlzbdik%2BmkokTGHRzGMo%2FtettOYwniGO3AxHyBSgped12jTD8p9Ngaf7wvzLAPNJpv%2FMGr0c8EjCbkbZOQs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f8d8f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img10.jpg | 185.155.186.25 | 200 OK | 1.5 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img10.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3 Hash0d0f29abfcedc7dfffe3811a5100a6cd 19567e85aab4fd05d752cfa86f88087465042b0a e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img10.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F669C3B62C83
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412354#925121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.925121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img2.jpg | 185.155.186.25 | 200 OK | 1.3 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img2.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3 Hash92b944714cea3e478a8e50dea1a80b26 f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5 fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img2.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F782C7FD8BE9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#53121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.053121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img11.jpg | 185.155.186.25 | 200 OK | 1.6 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img11.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hash14ca7a7e1bb1db7a31af7c44a0ae9062 7293947d75065f3def42439f32138127d605bc8f d8d2b0e0baad97e943838712911352a8c9dd0d5bf2114e78c3d1649bcc0d634a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img11.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1610
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "14ca7a7e1bb1db7a31af7c44a0ae9062"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F669CF241B93
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412354#997121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.997121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/logo_f01.png | 185.155.186.25 | 200 OK | 6.8 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/logo_f01.png IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typePNG image data, 130 x 126, 8-bit colormap, non-interlaced Hash192b810ba6ed4b80611aef274d85948d 2835cc503efcd77d03613293dbc33c4cc7b6b5b9 91e5c1968eee9298437a097fd47978a077d667e086593ab0fd7988ef60d2ddf4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/logo_f01.png HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/png
Content-Length: 6763
Connection: keep-alive
ETag: "192b810ba6ed4b80611aef274d85948d"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F6F2BDF7FAF4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223406#15752084/gid:0/gname:root/mode:33279/mtime:1653412365#157143000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:45.157143Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img7.jpg | 185.155.186.25 | 200 OK | 2.3 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img7.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, baseline, precision 8, 50x50, components 3 Hash7364bf39dcf0941d3a1760e46a562710 a358405162193128cceae8551e14648798bd4254 ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img7.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F782CA3018AD
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#349122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.349122Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img8.jpg | 185.155.186.25 | 200 OK | 1.6 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img8.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3 Hash5da3831556c780010e0e5c5b967e43ce 574623afde349258b91d44849ef16d483b61e223 45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img8.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F782CB4A750D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#405122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.405122Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/iphone15pro.png | 185.155.186.25 | 200 OK | 46 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/iphone15pro.png IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typePNG image data, 300 x 351, 8-bit colormap, non-interlaced Hash901fdfedb54cf1297edd1de54a893cf8 c9cd3908f28908392b45e1a54e7b350993eee53c f30ac8920f3a3ab6621abad202e015353d46b61233549dfabe927234a9a5b3c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/iphone15pro.png HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/png
Content-Length: 46124
Connection: keep-alive
ETag: "901fdfedb54cf1297edd1de54a893cf8"
Last-Modified: Thu, 12 Oct 2023 21:10:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782CA1811EF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1697145024#790103101/gid:0/gname:root/mode:33188/mtime:1697145024#886103343/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2023-10-12T21:10:24.913Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| wmutqnzfeddd.pages.dev/smart89/js/jupiter.js | 172.66.46.246 | | 731 B |
URL wmutqnzfeddd.pages.dev/smart89/js/jupiter.js IP172.66.46.246:0
File typeJavaScript source, ASCII text, with CRLF line terminators Hashcd6c33fbc221d0271c910af910e6ebed 9b52f24d6f10b885bb19db1c4b531469f96d2914 318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479
Analyzer | Verdict | Alert | OpenPhish | phishing | Office365 |
GET /smart89/js/jupiter.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"57ba525bb338c70835d5893885a8a80a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TYixAvKpqas5wdB1whC57ARQrGCQrzuaulw4jA0KhTP00nqzks0LcRZA6Am0Y%2FZWx58vYfg3SqsYxTTiYp2fQKPfghKz0gofFEE2Kq6NoZC%2FJy%2FHrVTYqePEN9N88%2B3z5My6%2B6%2BFOJDJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f8e8f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| weak3w6.lessemujust.live/media/mainstream/us/wap/mobsurvey/ff.png | 185.155.186.25 | 200 OK | 11 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/us/wap/mobsurvey/ff.png IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typePNG image data, 245 x 253, 8-bit colormap, non-interlaced Hash2f5710ee40aba475e1d0cd9c9c953407 93ac36daaed5f1b86a2f301faddca673393996aa 38450abe3fe9fdc0c5c281fa3bc6532f9ffcd7632d6924f154444fba265a39f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/us/wap/mobsurvey/ff.png HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/png
Content-Length: 10691
Connection: keep-alive
ETag: "2f5710ee40aba475e1d0cd9c9c953407"
Last-Modified: Tue, 21 Nov 2023 12:30:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782E1D2B245
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695324012#424606891/gid:0/gname:root/mode:33279/mtime:1655387479#482644706/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:51:19.482644706Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/favicon.ico | 185.155.186.25 | 204 No Content | 0 B |
URL GET HTTP/1.1weak3w6.lessemujust.live/favicon.ico IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Connection: keep-alive
|
|
| weak3w6.lessemujust.live/media/mainstream/alert.mp3 | 185.155.186.25 | 200 OK | 8.8 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/alert.mp3 IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural Hash6d2d3da2ea28ace816fa4a138829dc18 606e0ec3d7fb05c69f16233cfe1ff0a0ee760505 d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/alert.mp3 HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:50 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 20 Sep 2023 15:23:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F691F46DF6D0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#348024780/gid:0/gname:root/mode:33279/mtime:1655387452#802583242/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.802583242Z
Expires: Thu, 17 Apr 2025 04:40:50 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/img9.jpg | 185.155.186.25 | 200 OK | 1.4 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/img9.jpg IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hasha2dbd5c25807fbad37aceb676e90cd66 6972c6df94b50dd66111d5a555bdf2907b6f3e7e 6592c5497d79980109ee577663beac8d709726a63329f893775f89083cc8858e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/img9.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
ETag: "a2dbd5c25807fbad37aceb676e90cd66"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F669B4297B60
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#461122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.461122Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| jsontdsexit2.com/ExtService.svc/getextparams | 136.243.216.235 | 200 OK | 537 B |
URL GET HTTP/2jsontdsexit2.com/ExtService.svc/getextparams IP136.243.216.235:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectjsontdsexit2.com Fingerprint48:31:DD:61:15:18:42:C5:25:8C:3D:8D:29:32:35:54:12:C1:59:1C ValidityTue, 19 Mar 2024 13:03:39 GMT - Mon, 17 Jun 2024 13:03:38 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (628), with no line terminators Hashf0ff9519ad22b8b518b843ffb173ccc7 2a756d59ca73ebca175cfe427486b7c2b7c18b2f bfc8dedb9d5109a40b1efa76f59438c1e54993399d2a8a01aff0c1a46d7574a5
GET /ExtService.svc/getextparams HTTP/1.1
Host: jsontdsexit2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://weak3w6.lessemujust.live
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 04:40:49 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/1.js | 185.155.186.25 | 200 OK | 12 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/1.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeJavaScript source, ASCII text, with very long lines (12181), with no line terminators Hash4c0b32d32b0b7317afb94deba5cabeac ee478251de9e6c4046a72ae0dff93ba1ac06c85a b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/1.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 12181
Connection: keep-alive
ETag: "4c0b32d32b0b7317afb94deba5cabeac"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F702672A5B37
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806892#370901510/gid:0/gname:root/mode:33279/mtime:1708809290#731090096/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.756Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/main-like.css | 185.155.186.25 | 200 OK | 7.2 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/main-like.css IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeASCII text, with very long lines (7181), with no line terminators Hash30d4bbfa0a8fa6727a9edb23be989598 39bc311daad791b9c7377e11fbb6f9b24c6b3d46 f2ead250f003ad44fad41af0a1554922e31ab930fa86d90a8f2df62c048c2843
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/main-like.css HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/css
Content-Length: 7181
Connection: keep-alive
ETag: "30d4bbfa0a8fa6727a9edb23be989598"
Last-Modified: Wed, 20 Sep 2023 15:23:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F7025D963DE2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412366#569146000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:46.569146Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| weak3w6.lessemujust.live/media/mainstream/all/mb/no/8.js | 185.155.186.25 | 200 OK | 1.2 kB |
URL GET HTTP/1.1weak3w6.lessemujust.live/media/mainstream/all/mb/no/8.js IP185.155.186.25:443
Requested byhttps://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D CertificateIssuerLet's Encrypt Subjectlessemujust.live Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8 ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT
File typeUnicode text, UTF-8 text, with very long lines (1314), with no line terminators Hash4f9eb4da2af764ef9ea7ec219fbe645f 2798051626be61b360b6697c43ffc6833f825ccf d72e99a243d5ca936c19aa6501e9065447fe329aa2ecc99b970f60f10d68542a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/no/8.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 20 Sep 2023 15:23:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C0D8363E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#312024668/gid:0/gname:root/mode:33279/mtime:1653412375#277166000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:55.277166Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|