Report - wmutqnzfeddd.pages.dev/smart89/

Report Overview

Submitted URL
wmutqnzfeddd.pages.dev/smart89/
IP
172.66.45.10
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 04:41:16
Access
public
Website Title
Den årlige brukerundersøkelsen 2024
Final URL
weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
108

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.usertrust.com	899	1997-12-05	2012-05-21	2024-04-16	330 B	821 B	104.18.38.233
ipwho.is	unknown	2022-01-29	2020-06-08	2024-04-14	434 B	927 B	195.201.57.90
mygiftaward.life	unknown	2023-11-25	2023-11-26	2024-03-14	1.1 kB	63 kB	185.155.184.32
weak3w6.lessemujust.live	unknown	unknown	No data	No data	17 kB	359 kB	185.155.186.25
jsontdsexit2.com	unknown	2022-05-16	2022-05-16	2024-04-14	467 B	752 B	136.243.216.235
wmutqnzfeddd.pages.dev	unknown	2020-09-02	2024-02-24	2024-03-09	10 kB	809 kB	172.66.46.246

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365
2024-03-09	medium	wmutqnzfeddd.pages.dev/	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	mygiftaward.life	Sinkholed
2024-04-17	medium	mygiftaward.life	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed
2024-04-17	medium	lessemujust.live	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D	582 B	2024-04-17	2024-04-17
Pretty URL weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 06:41:23 Last Seen2024-04-17 06:41:23 Times Seen1 Hash cc0e8feaedf0ffde815d0657eb5fc569 44c1f1d917ce0a4566c9023f62b47cb252d07dec 5f4c72b870757753700bc0ea6af580933dd0abd72b11e7da51ed34069d118506 Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/7.js	7.9 kB	2024-02-24	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/7.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-04-30 02:02:14 Times Seen501 Hash 114f0be35fbff35e205c5f0bc146d864 dad256468614b8bb885233a71b31751edc222c5d 7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d Loading...

	weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D	27 B	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-04-30 02:02:14 Times Seen394 Hash 161f9a69d329eefbacd7189c6e7c4717 24471f3653e76a774ee0b0a26bc552d7d1010619 286b3e82413a678df1f76749c9fde680f2d4adc46f9e10a6e44d8982ab4b3e14 Loading...

	weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D	51 B	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-04-30 02:02:14 Times Seen361 Hash 8da6025b0f37cfcb5159f14899f1259e f1dc2b85e181e418c319fabcafbc02cfe0e2677d 120a3671c235c1e3eea60a2bcf36fdf328913b6d75264414183501f28c7db244 Loading...

	weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D	20 B	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-30 02:02:14 Times Seen468 Hash 4c981176ad777cd42704547a34e38fd7 b8b3405d5144df7ffa3df8da12003925a6bd5f10 f684cc3909c044c62a129eeaece559818947abfa00e7ff1c1344407699456c6c Loading...

	weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D	32 B	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-04-30 02:02:14 Times Seen361 Hash d1fc504dfb1bf43968d1d83b98732bd6 a2ee4d6e44f99e721894b5c70fbf471d2cd7d0f4 62144f95cb4d3d23136c15d183dfcbb051102f0f836d5bbe956be26f31945a89 Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/no/8.js	1.2 kB	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/no/8.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2024-04-30 02:02:14 Times Seen801 Hash dbdb981f8658c845968ec8226f81d1d8 d679b7bf47f71cd55b6c307cf96146a95660d667 5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/3.js	15 kB	2024-02-24	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/3.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:22 Last Seen2024-04-30 02:02:14 Times Seen508 Hash 55bab18cf6adc22fc3d91e30c20ce0e6 0f18ff18d3db09841c930241460d61bc136e5a34 b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed Loading...

	weak3w6.lessemujust.live/media/mainstream/u.js	24 kB	2024-02-25	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/u.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-25 16:07:16 Last Seen2024-04-30 02:02:14 Times Seen598 Hash 89ed4b592ab506a6fca18e95657dfc4f 179998ad5741d669e75521fb943850a808917924 4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/6.js	29 kB	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/6.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-30 02:02:14 Times Seen9814 Hash ba847811448ef90d98d272aeccef2a95 5814e91bb6276f4de8b7951c965f2f190a03978d 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1 Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/2.js	15 kB	2024-02-24	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/2.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-04-30 02:02:14 Times Seen506 Hash 0bddd3bcca2df107ca5b8187b8e2a3f8 8bb441d73dfd233f8db6bbaffc2b0227a329a0f7 03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b Loading...

	weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D	39 B	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-04-30 02:02:14 Times Seen360 Hash 2fbdfa4e04d76b87c23f87e832cd7b23 9d43f5beab48537f469fbf72c17930ad1586eeff 9a365e6129870f0efb051315111b44b71fa52c2951060dc6f38fe5365ba70363 Loading...

	weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D	34 B	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:32:27 Last Seen2024-04-30 02:02:14 Times Seen360 Hash 33752473f5296f7592bf34007363d9cd e6b81b1e154cf8883f18d90591015f186cdd69dd b412bac7f038e04833108c29e7ce496215edd1b51afaa8b6648275790c088dc6 Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/5.js	12 kB	2024-02-24	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/5.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:22 Last Seen2024-04-30 02:02:14 Times Seen498 Hash de362f15f5232df7747f7e741f587fcd 6353ff9bb0db73da818f1bc7250866f3d56bc8f8 e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47 Loading...

	weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D	23 B	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:56 Last Seen2024-04-30 02:02:14 Times Seen363 Hash df1b896f4fac3bd9289cb281825ec760 f23884052caeb422d137868f7256a442b353e704 82b015da06c8025a4c31b869996f8281cc0cfd74a333728684762861200bac5a Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/jquery.min.js	87 kB	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/jquery.min.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-30 02:02:14 Times Seen63489 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/1.js	12 kB	2024-02-24	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/1.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:42:21 Last Seen2024-04-30 02:02:14 Times Seen503 Hash 4c0b32d32b0b7317afb94deba5cabeac ee478251de9e6c4046a72ae0dff93ba1ac06c85a b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46 Loading...

	weak3w6.lessemujust.live/media/mainstream/all/mb/4.js	5.8 kB	2023-03-07	2024-04-30
Pretty URL weak3w6.lessemujust.live/media/mainstream/all/mb/4.js IP 185.155.186.25 ASN #203639 Teknology SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:32:27 Last Seen2024-04-30 02:02:14 Times Seen718 Hash 8c7a2e36533feed8cd5fbca8b8f91114 854cdef22953f1eab3d94eb6b421c433ad34f4c7 f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6 Loading...

		Size	First Seen	Last Seen
	#1 Write - 37a6259cc0c1dae299a7866489dff0bd	4 B	2023-03-07	2024-04-30
Pretty Observations First Seen2023-03-07 01:02:14 Last Seen2024-04-30 02:11:50 Times Seen50436 Hash 37a6259cc0c1dae299a7866489dff0bd 2be88ca4242c76e8253ac62474851065032d6833 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b Loading...

	#2 Write - 763f7f1aec350cd1a46238d1d5c3c229	7 B	2023-03-07	2024-04-30
Pretty Observations First Seen2023-03-07 01:03:11 Last Seen2024-04-30 02:02:14 Times Seen1046 Hash 763f7f1aec350cd1a46238d1d5c3c229 b4ee6522335b033249255b4cc1d572993282aafb 2f26233595d165e6868c5bb9e5e835506039e72c61a36a1bafb0827abfe746a5 Loading...

	#3 Write - 8b48470dbc08be5228fc4ebe23cffdf5	13 B	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 03:06:13 Last Seen2024-04-17 06:41:23 Times Seen2 Hash 8b48470dbc08be5228fc4ebe23cffdf5 61ed587b4bba61bb7005586217b80a3852554ed2 49c361b6eaa77d0c840d77a09f130bc0b83850d13494ff1dedb96c6c67125f39 Loading...

	#4 Write - 3247750a72fae4424557c14e24defeaf	6 B	2023-03-07	2024-04-30
Pretty Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-30 02:02:14 Times Seen422 Hash 3247750a72fae4424557c14e24defeaf e47b0507109ad8e7fb4cc83ff559fbde701b2d7d 1f310aec0e2bccc7b983d1d8759f6eac77d1d6721f9ecf87526ab93472a767c3 Loading...

	#5 Write - 7c5c8bad63ebb03416f8b6e9ccc4f0f6	6 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 16:32:27 Last Seen2024-04-24 18:20:56 Times Seen56 Hash 7c5c8bad63ebb03416f8b6e9ccc4f0f6 2f5df88415e00f90d71a038c27fed9a9e7f09414 c9587c9362a3501292f5102f2ba0b2b09b38b91ab5cbe96b55f8e3604d160723 Loading...

	#6 Write - 809893e835ad4619125397974051c8b1	163 B	2024-02-25	2024-04-29
Pretty Observations First Seen2024-02-25 10:56:34 Last Seen2024-04-29 22:09:50 Times Seen235 Hash 809893e835ad4619125397974051c8b1 c55cdff52db41500149ae4bf0690172cba963783 27535e6be439328a61a837e73991b19f997e18f5134b47cdcd556abedb6e072d Loading...

HTTP Transactions (57)

URL IP Response Size

wmutqnzfeddd.pages.dev/smart89/images/mnc.png

172.66.46.246

187 B

URL
wmutqnzfeddd.pages.dev/smart89/images/mnc.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 140 x 30, 1-bit colormap, non-interlaced
Size
187 B (187 bytes)
Hash
271021cfa45940978184be0489841fd3
201030af9b1bc5d3c8d453efbfdf89b68d6c1be5
c5a324f181af16879b6c4c52b731b23392f2816def159b157c4de620cff1cd41

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/mnc.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 187
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "653967a2ac91034b61d1ad76540b8eb4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHDnSRmhn2JhQXtovXiokPpRSKgj%2FGU7q2YzhvOMFhZvbniAwfc6JM8csxO8t01%2B44%2FrD7o%2B4GlNSwuWzU%2B4asEuBNVbpyAqSPS8GeZKo%2BJ5jh2kiR6z4rQQZAF6UKlYHJ%2BYkRNFVHco"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff5d8f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/msmm.png

172.66.46.246

168 B

URL
wmutqnzfeddd.pages.dev/smart89/images/msmm.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Size
168 B (168 bytes)
Hash
acb05ebcd5f488fc99169cff02b6dd04
dca893a7b514503e947a57aa072482a0e0cba912
1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/msmm.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 168
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "8ca71578100459238fb030f8dd97e8bb"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dc9NAS4wsRJ%2F3S%2Fw%2FnT9mfxYr0Rsl8tbQFlUnDqvQfW%2FKqsg%2BhTZrb9u7RmDPm5bVoH3ezbOps3gQ3tMjzsa%2FZoeCNqcADtYDfY4s0Y%2FhsKom95mlGy8ZxjFLf1w%2F1Yjy9p7%2B1OgKpOW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff618f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/set.png

172.66.46.246

364 B

URL
wmutqnzfeddd.pages.dev/smart89/images/set.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced
Size
364 B (364 bytes)
Hash
e144c3378090087c8ce129a30cb6cb4e
59da5466551de941d0215e45c54aa2ceaf436be1
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/set.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 364
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ee63d8b934f54cf7e606ebae2b4bfcf6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DDiL5qHGWs%2BmbO8xqleEUt0fM8Zc%2B2aWXOtB8K8HlndICIPPDjDXo8OAP83jx8IqfwtdcwIqQDGj98%2F2SA2zVP9Tku8vRfrKgLcoBVsWhxJqaMYD8mpJhrobcwaKS1Rs%2F2CRAqqRsmOc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff658f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/vsc.png

172.66.46.246

722 B

URL
wmutqnzfeddd.pages.dev/smart89/images/vsc.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 128 x 128, 1-bit colormap, non-interlaced
Size
722 B (722 bytes)
Hash
42d8f2cc1ae5759c2369f255f36ebc03
8e592162eec14e72d0a751d714a641dbece91f6b
31c6dbe9d867436244f38566adad57e3870f4c8489c6804280eb564bfac5c1bd

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/vsc.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 722
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "da27b6888c7cff8c20811d9d856d5f9d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQQx1v5IoiYPo5nZ3Qo50GmqIziZqTokJATNHriS%2B80nY0FvUKSQVQ9fSDV0hL%2FThiQD3hUeleVFNEMQOMgWw8GOyH8PjuHjX0qYA9n8Vl5AV3yi5UcOpaKRlZF7AsT1XX0XcqwfgBpH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd230f6b8f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/f24.png

172.66.46.246

483 kB

URL
wmutqnzfeddd.pages.dev/smart89/images/f24.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1920 x 4236, 8-bit colormap, non-interlaced
Size
483 kB (483167 bytes)
Hash
c3aa26411736b8f01982741dbd37b043
bad171a74fb4b5d1f433197b66bcd24db953fd90
11d4d0aa8bf0ab597bee785cd9d03301787faee4aae43d66ab53b15f0fe7d849

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/f24.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 483167
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "43870a7a4f9f16f9812e7ea40932c185"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CETHuPtqvHlBcpUpyayjVVHk54TjL%2B%2FbnGY79G6ENIkAGCGdWOe8BnjBzTBThKvGqEk0eXl3EQiq2sPR7%2FIK32cU5ufoHA5aYcwLHbkYAn47ESWo43vI4H%2BcQMjRnORyKeh94AvwKDjz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff5b8f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/bel.png

172.66.46.246

276 B

URL
wmutqnzfeddd.pages.dev/smart89/images/bel.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 13 x 13, 8-bit colormap, non-interlaced
Size
276 B (276 bytes)
Hash
7616d96c388301e391653647e1f5f057
b1868c8f0f46309a8e26f584ac82000d54c06ecd
4c1606563842cce5f1788329d4417ae3618b33c6365c56a7122439b6ab45c977

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/bel.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 276
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "f4e0dc23fa0c9a87dc8527d52bd80a1e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=areUIRBkOzSwcGBCVa7dvw2DxbDQPzursbpCipSdQyw4eZMzAFnZCwTuKTvX3hjldKDtHgOv8AbnBmZMthSN%2FNaDVzM7i83FGXiJrovQHGbsR4W6JwQm0SGmBV3XErLVW9vq%2BgtqlQ%2F4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd230f768f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/pcm.png

172.66.46.246

1.3 kB

URL
wmutqnzfeddd.pages.dev/smart89/images/pcm.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 166 x 92, 4-bit colormap, non-interlaced
Size
1.3 kB (1270 bytes)
Hash
05cdf1a2c2fc8f07bea0a8f4f9356637
b7bbd626d1d6c832509e820cae1d971b34f625e6
afe332157f4efe355f3181284e99f4331c4d19703ed1678b5316d2933f95e98e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/pcm.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 1270
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "f526107ac63134fd87055a8d49a6e1d6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4WJ5Cu7pb1z4sHlS9BVXSpWOjjVeRZqvbCvfp96Mfa39fgHisimMntKgYipEXcqEqn4LqyolT9nTR6Rt2fbEwkKThlR5uMV2zSpArYMTnDWqHxp4IDONGZLWS8GGxj3UOnJLmES40M5I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd231f7b8f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/dm.png

172.66.46.246

332 B

URL
wmutqnzfeddd.pages.dev/smart89/images/dm.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 100 x 100, 1-bit colormap, non-interlaced
Size
332 B (332 bytes)
Hash
9d8a90a63d20f05d27e5d6abb35e0cd0
5873b4007e9d55b4d891a4c427b3735ed23dbfe8
7df9f467d23ee1887edb2123cca10a1a9c4624cdcf7199c64e78a8430031f9f5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/dm.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 332
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b5c69f4e5e8f959bb3eb0ad49250137b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqLzoz954alCQFCgW66T5gxBNULrn9LP9VKW5tE06AJiaSHmP4upivi%2BRJfVg%2F7%2B%2FX2d7TGvD54s0UAwOrmvc5sfo5FpbKQdGPDO2lV1NwloHDVN9Em%2FTs9jPZBCmvyu5MND1OTUq0nt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd231f7f8f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/cs.png

172.66.46.246

2.7 kB

URL
wmutqnzfeddd.pages.dev/smart89/images/cs.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 520 x 520, 8-bit colormap, non-interlaced
Size
2.7 kB (2681 bytes)
Hash
b01a30d354bfcf51edf33e0b0ea07402
c421359518d1ae258237bf501c563b7f059f8b9b
b67a7c07a045d7cb0f2e216a557aec0d99405e17c36d1a6b1ff3e2733aa35348

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/cs.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 2681
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b1ddc8bc7bef23126af012bc26318301"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8B4PTp4y0kCtnFAaSjAVRkVet%2FKhH0uZlOXRFDwhPegSQJAzfw6AYiDfA0Dxr822Y7xhEE1nwbpPircqcxkM2lakkb6iV%2B5KDnDqr4wH1izA%2FzO1ihz77Qcj0Me8QXRjnXflAZX%2FvRn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd231f858f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/re.gif

172.66.46.246

15 kB

URL
wmutqnzfeddd.pages.dev/smart89/images/re.gif
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 193 x 71
Size
15 kB (14751 bytes)
Hash
6fcb78e0cd7933a70eea2cf071f82118
70364bffd62fe33360abe70ecc7f7c0541b3b54c
4b436b0b6a47db85c88f83dc3fe3fd9a96c0a4018b28832165df929dffe0bc86

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/re.gif HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/gif
content-length: 14751
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "100a9924b8b50ce024e2fa5b31934d7f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrhacdDFaFmrdbPWUIYljddG3E%2FU4Gtle9J3kslMo10bRIb0f%2Bc4NOr%2FBDnhapC3jdqKcr6878uWZRm7S09KlVlPOaOtHchcAdBUrPFM75PIPXhmU%2Bum8LSMNrfHY4zflOfV2cuk32L1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd231f878f5b-CPH
alt-svc: h3=":443"; ma=86400

ocsp.usertrust.com/

104.18.38.233

280 B

URL
ocsp.usertrust.com/
IP
104.18.38.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
280 B (280 bytes)
Hash
0a44d009deb77cca857669263b1e24a4
e5227d202e05255965300e2754fd0efe32893763
53a4a2edf235fecf081713f3f02fe9323a1b28a6a253dbe8ce7ad0def391a780

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 04:40:46 GMT
Content-Type: application/ocsp-response
Content-Length: 280
Connection: keep-alive
Last-Modified: Sun, 14 Apr 2024 03:41:37 GMT
Expires: Sun, 21 Apr 2024 03:41:36 GMT
Etag: "e5227d202e05255965300e2754fd0efe32893763"
Cache-Control: max-age=596722,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8759bd27589aabcc-CPH

wmutqnzfeddd.pages.dev/smart89/media/kkeie3.mp3

172.66.46.246

194 kB

URL
wmutqnzfeddd.pages.dev/smart89/media/kkeie3.mp3
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
Audio file with ID3 version 2.4.0, contains: - MPEG ADTS, layer III, v2, 48 kbps, 22.05 kHz, Monaural
Size
194 kB (193612 bytes)
Hash
40ce7ccb1aa8b0da1f51995ebb59f4e8
ed8a51e3bae2d58202c02471e6a798bbff84dee9
8f24cf514509b9830bcb4a7204463b87fa3e6d9ce47187192130f8230b1990e3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/media/kkeie3.mp3 HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://wmutqnzfeddd.pages.dev/smart89/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:46 GMT
content-type: audio/mpeg
content-length: 193612
access-control-allow-origin: *
etag: "e50621b174fd568a8eb61c2382666a7a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hWe43oAfB8yQswNgQlrksZ3MWElj8SuJY06XH4tpbQToRUB4cgg1g6baQ8Vo%2FnW6JKNBqlzDczYb0DpKfdtIxCOGh5AzJwAGGQf%2FDYNde1jgUvReBWqfkPuZErqP30F%2BH0XLd%2BX2O%2F0d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd272ac48f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/media/yaketsuku.mp3

172.66.46.246

8.4 kB

URL
wmutqnzfeddd.pages.dev/smart89/media/yaketsuku.mp3
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural
Size
8.4 kB (8405 bytes)
Hash
8618fbb0911e3b8fc96725dee8bfd81f
1bbcb78922946d0cf18fbf3a9e092e36453eb767
0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/media/yaketsuku.mp3 HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://wmutqnzfeddd.pages.dev/smart89/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:46 GMT
content-type: audio/mpeg
content-length: 8405
access-control-allow-origin: *
etag: "0825ebad9a641a19e1944426ffe4916e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nehHbqzpq0B%2BJ4%2Bbg3MPLZvf4GNmAzlgyoPRJksRjcPgZMNQUYxUCAt%2FK6c2%2F3jdl4DdXOk%2BvhFNUyiFT66H7Hh%2FNCwTPvLzH1S6ZPIqB37AHzVHH8%2FriuUfzD3c2h%2FqVxf%2FvM%2Bg9UOb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd273ac58f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/ai2.mp3

172.66.46.246

688 B

URL
wmutqnzfeddd.pages.dev/smart89/ai2.mp3
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
688 B (688 bytes)
Hash
29cc843758125eb38c1988def6787ac2
46488fbb6de9406bff41785cc6ab8449b58137f9
298f028ea90f7af0e76c0aa267420be9bfd762cbf07c3d01988131a43447f079

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/ai2.mp3 HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://wmutqnzfeddd.pages.dev/smart89/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:46 GMT
content-type: text/html; charset=utf-8
content-length: 688
access-control-allow-origin: *
etag: "1b76ebcfeea5e66f12607deac4bd6052"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ghBTzEFhak7DDfceAFbdaqw67W22XblxJzkcfqJo5AZFM8TJfV4kQMVWQnvXavb21%2FtGAVsBaQ5DLcy8h1gJqYSWPRU9awqD4St5ZI9d9aPnT9w9eaxDDiGmLE6wVp2q8n21jHXYDCKU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd275ad88f5b-CPH
alt-svc: h3=":443"; ma=86400

ipwho.is/?lang=en

195.201.57.90

669 B

URL
ipwho.is/?lang=en
IP
195.201.57.90:0
ASN
#24940 Hetzner Online GmbH

File type
JSON text data
Size
669 B (669 bytes)
Hash
37549cb6120ef62c73ae9d768b3fc6e7
16ed72a70be9adb43e012ff3379e8b064474c2e0
c730af7813fcf06b950d22e1b5647bdf518f8206d702c145af853eb65f45846e

HTTP Headers

GET /?lang=en HTTP/1.1
Host: ipwho.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/
Origin: https://wmutqnzfeddd.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 04:40:46 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: ipwhois
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
X-Robots-Tag: noindex

wmutqnzfeddd.pages.dev/smart89/images/msmm.png

172.66.46.246

168 B

URL
wmutqnzfeddd.pages.dev/smart89/images/msmm.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 31 x 30, 4-bit colormap, non-interlaced
Size
168 B (168 bytes)
Hash
acb05ebcd5f488fc99169cff02b6dd04
dca893a7b514503e947a57aa072482a0e0cba912
1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/msmm.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Cookie: PHPREFS=full
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:46 GMT
content-type: image/png
content-length: 168
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "8ca71578100459238fb030f8dd97e8bb"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULz8qXq7lZt30nGfUUOlNw%2BAlAHh4iBghLXdiksHCAhlU4uLziFnAPw5Rz%2FRe5YfMNZDaw%2F2QF8JKrHG6Lib25BKn7EbZq%2BEuYF1PcHBuQWjaVEIjVa75bQEZMn7D0DHfWpxRTrgvyO%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd289bda8f5b-CPH
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/js/progress.js

172.66.46.246

869 B

URL
wmutqnzfeddd.pages.dev/smart89/js/progress.js
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators
Size
869 B (869 bytes)
Hash
c169d3a792ac5e863d595454ced3d9e9
82a940a1f99100d746617354d628b75cf3617438
ec26e7b3ffc4e5ac78cb13db7c37f7a799f05a58aebf82454a261ee40298b20c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/js/progress.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2940b823dee8ccc2f31d8ba73c1e08ac"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xgK4hZJXyqdZKSSB7iBlr97i2u4V4fKFkFLMr%2BX5gbPPyGS9e8Il2hTGB6zNoZv5X77GYUGHzf89%2BO3HT%2F3JuWlJEk7y5AC5K%2BmaIDOPJt2%2FmelK76xLsSmAcziDtuHBslif0P7PiJor"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f8f8f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/js/btn.js

172.66.46.246

658 B

URL
wmutqnzfeddd.pages.dev/smart89/js/btn.js
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
658 B (658 bytes)
Hash
7d3a1275f2e32ba593f7b3fd8632d97c
330a7a455635e494be7111f1ef0836ab7274bdc0
53bf10ee7f7e2fbc50a92980a64c87c95107e4192c719b63b561a641b6209fcf

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/js/btn.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7fe5dacbe160ece33e52c27802b25b6a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KW%2BtyDzHbu3TWVwqjsZNwYxLtCSNuAzDh9a%2BF3sgHMQ6fzjyLUlgh2DEIWfKxum%2Bq8NY13f3d81MHhkcNbvD%2FnwiYaJs8NZcM6XnY%2FisySm228Tyyx1ds5Seau7nBJJxDYNKoj5xYLNb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f928f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae

185.155.184.32

200 OK

63 kB

URL User Request GET HTTP/1.1
mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae
IP
185.155.184.32:443
ASN
#5398 AS5398 SA

Certificate
IssuerLet's Encrypt
Subjectmygiftaward.life
FingerprintC3:1E:96:B3:A8:E0:B6:EA:49:13:37:8D:F6:68:4D:9D:BD:8E:B7:0C
ValiditySun, 24 Mar 2024 23:31:16 GMT - Sat, 22 Jun 2024 23:31:15 GMT

File type
HTML document, ASCII text, with very long lines (47858), with CRLF line terminators
Size
63 kB (62695 bytes)
Hash
1ec05550e0d654ec1e2f91404cc8fe89
fea405f99706354c3cdfe16687e523e76a276f26
5b4b0bbff650a29a669383c65d252067d645cb427aa193143fd47ea2908efbe2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae HTTP/1.1
Host: mygiftaward.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://checking-browser.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2024 04:40:48 GMT
Content-Type: text/html
Content-Length: 62695
Connection: keep-alive
set-cookie: sid=t2~3q5xlkhas3hui2ae4cc24cvd; path=/
sid=t2~3q5xlkhas3hui2ae4cc24cvd; path=/
p1=https://lessemujust.live/avlitlec/; path=/
s1=u1n5x5lopva1udzy; path=/
cache-control: private, no-transform

mygiftaward.life/favicon.ico

185.155.184.32

0 B

URL
mygiftaward.life/favicon.ico
IP
185.155.184.32:0
ASN
#5398 AS5398 SA

Certificate
IssuerLet's Encrypt
Subjectmygiftaward.life
FingerprintC3:1E:96:B3:A8:E0:B6:EA:49:13:37:8D:F6:68:4D:9D:BD:8E:B7:0C
ValiditySun, 24 Mar 2024 23:31:16 GMT - Sat, 22 Jun 2024 23:31:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mygiftaward.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mygiftaward.life/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae
Cookie: sid=t2~3q5xlkhas3hui2ae4cc24cvd; p1=https://lessemujust.live/avlitlec/; s1=u1n5x5lopva1udzy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 17 Apr 2024 04:40:48 GMT
Connection: keep-alive
Cache-Control: no-transform

wmutqnzfeddd.pages.dev/smart89/js/jquery-1.4.4.min.js

172.66.46.246

29 kB

URL
wmutqnzfeddd.pages.dev/smart89/js/jquery-1.4.4.min.js
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (820)
Size
29 kB (28940 bytes)
Hash
2130b7ed48a1006f774734218d916dee
86d0aaf4ecb3ead31c3c2739853c089d8d1dc619
d8af41d20b1af69b8c2a8e0776d181a8224f17d314fc2479c8a389a9e79d0542

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/js/jquery-1.4.4.min.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"0e620b1668791704ec2fed2350e0857f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4gzFatADknulyxPNfgKNIz8I09aluExsOlG8qkz47CrHp9Bz6yMeqVALDuau3UMXjuKIz%2FH%2FhLQNqJe%2B1aK8nuBt4dZ8ZjVJ37wWsLHPB6q0IXuSE6nKWSk4FpOA8BEncIAfUy5EYlY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ef498f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D

185.155.186.25

200 OK

17 kB

URL User Request GET HTTP/1.1
weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (562)
Size
17 kB (16903 bytes)
Hash
2ba1dc20ea836e3b651748ce3bc19fc3
5a230bc59f1507fa66548fc4dded85537697c3c2
6533061b92934f0ff94b3d8073eef77f5ffd6ff98b45a7d7bc0de9124bbdc130

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mygiftaward.life/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:48 GMT
Content-Type: text/html
Content-Length: 16903
Connection: keep-alive
cache-control: private

weak3w6.lessemujust.live/media/mainstream/all/mb/bootstrap-mini.css

185.155.186.25

200 OK

10 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/bootstrap-mini.css
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
ASCII text, with very long lines (571), with CRLF line terminators
Size
10 kB (10214 bytes)
Hash
f0a842b8b8a52bb05e6c729828fbb40e
f1fe8a76db92bc9bd3f9d70f3867f03d51ebbae5
eb9fe798331b592bd8fc54d5ede3ac19e961b5aa7c2dffb3dbb17ce5fcb88e01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/bootstrap-mini.css HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/css
Content-Length: 10214
Connection: keep-alive
ETag: "f0a842b8b8a52bb05e6c729828fbb40e"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F702546C4ECB
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#292024605/gid:0/gname:root/mode:33279/mtime:1653412343#213095000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:23.213095Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/font-awesome-mini.css

185.155.186.25

200 OK

1.9 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/font-awesome-mini.css
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
ASCII text, with very long lines (1857), with no line terminators
Size
1.9 kB (1857 bytes)
Hash
8b2fe9dcd9e31f21056ebc3d6667123c
49e6a844f0085d9f653faab8a451742be82ecdf7
e7eb3ba41e31f5d9710bb64a87a5e9e7664143a95f68d0f357fe0d4252bb58d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/font-awesome-mini.css HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/css
Content-Length: 1857
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8b2fe9dcd9e31f21056ebc3d6667123c"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F70257D4190E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#911577422/gid:0/gname:root/mode:33279/mtime:1653412350#393111000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:30.393111Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

wmutqnzfeddd.pages.dev/smart89/js/main.js

172.66.46.246

7.8 kB

URL
wmutqnzfeddd.pages.dev/smart89/js/main.js
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
7.8 kB (7813 bytes)
Hash
a8083679971ecd63a124db5693b9209c
968b872b5ec517f01fde36917e9a1e571d5c68d9
16f624b7ce0ec6c382437722455158ffe67735c0afd8a2326ce4a1415cb1327a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/js/main.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"72906a057a813f68182faf14937568f0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5J0dELGXES9CLIFhUrgbxOSk%2B7XysdOcPLpGxbvNADeig9CPTkmRbItM3Qrx5vScsdXsUu81EcWcmE2Aq4AxdHwV6E6haDnb2t2ls%2FdbBxYtC12geUWjpoadzFGaLlxks7tWO1Zsa4Z%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f908f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

weak3w6.lessemujust.live/media/mainstream/all/mb/jquery.min.js

185.155.186.25

200 OK

87 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/jquery.min.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/jquery.min.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 86659
Connection: keep-alive
ETag: "c9f5aeeca3ad37bf2aa006139b935f0a"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F702630FCCC7
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#691751355/gid:0/gname:root/mode:33279/mtime:1653412360#809134000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.809134Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/4.js

185.155.186.25

200 OK

5.8 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/4.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (5828), with no line terminators
Size
5.8 kB (5828 bytes)
Hash
8c7a2e36533feed8cd5fbca8b8f91114
854cdef22953f1eab3d94eb6b421c433ad34f4c7
f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/4.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 5828
Connection: keep-alive
ETag: "8c7a2e36533feed8cd5fbca8b8f91114"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F77B45B7E816
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223404#199748000/gid:0/gname:root/mode:33279/mtime:1653412338#153083000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.153083Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

wmutqnzfeddd.pages.dev/smart89/js/noir.js

172.66.46.246

43 kB

URL
wmutqnzfeddd.pages.dev/smart89/js/noir.js
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (32478)
Size
43 kB (43146 bytes)
Hash
433b079c773ae63f4e1af2f9b92d09f1
54f6987c955ace72deb8864572be36e526029614
e6aa5558980389b32f515fbccd1c46dd127ceb9705908f2df2405c96713a5e7c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/js/noir.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"0194b4a6ea0f5c52fb89ceca7a265a8b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2FKobL50ZU%2BT0DqqdEMpNBlxX3RiGrJm41cpRPdcySf0v2NZNflSnxHhnqa0JqwtceBeEReRdx6MMjqxJwdjcW%2F%2FYWSe37kMMCb6zgDBu3N4jgaEeNxYb44YiXJuYlK2vbS4rtYeuOu3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd22ff508f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

wmutqnzfeddd.pages.dev/smart89/images/bx1.png

172.66.46.246

1.2 kB

URL
wmutqnzfeddd.pages.dev/smart89/images/bx1.png
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text
Size
1.2 kB (1242 bytes)
Hash
dbdb981f8658c845968ec8226f81d1d8
d679b7bf47f71cd55b6c307cf96146a95660d667
5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/images/bx1.png HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: image/png
content-length: 119006
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b439c2f816d481fcd7e2eb2937f1fdbf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDvqwuHacvUJjMLrBeyw%2BKa6SMPlrO13KMJUd3ueNUtTWkH4mO%2Br%2FIyAtQhCVhuGQa2krnXessTQ8Dd223tk5RAdWty2k4r02HyXzPSY0%2FrGADElvBWg%2FwzjEK3t%2Fm62TMwUBzgd5U%2Bs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd230f6f8f5b-CPH
alt-svc: h3=":443"; ma=86400

weak3w6.lessemujust.live/media/mainstream/all/mb/5.js

185.155.186.25

200 OK

12 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/5.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (11920), with no line terminators
Size
12 kB (11920 bytes)
Hash
de362f15f5232df7747f7e741f587fcd
6353ff9bb0db73da818f1bc7250866f3d56bc8f8
e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/5.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 11920
Connection: keep-alive
ETag: "de362f15f5232df7747f7e741f587fcd"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F77B990134A3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#798904105/gid:0/gname:root/mode:33279/mtime:1708809291#359091145/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.387Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/7.js

185.155.186.25

200 OK

7.9 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/7.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (7936), with no line terminators
Size
7.9 kB (7936 bytes)
Hash
114f0be35fbff35e205c5f0bc146d864
dad256468614b8bb885233a71b31751edc222c5d
7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/7.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 7936
Connection: keep-alive
ETag: "114f0be35fbff35e205c5f0bc146d864"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C312EF8C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809291#567091493/gid:0/gname:root/mode:33279/mtime:1708809291#543091452/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.569Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/u.js

185.155.186.25

200 OK

24 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/u.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (24389), with no line terminators
Size
24 kB (24389 bytes)
Hash
89ed4b592ab506a6fca18e95657dfc4f
179998ad5741d669e75521fb943850a808917924
4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/u.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 24389
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "89ed4b592ab506a6fca18e95657dfc4f"
Last-Modified: Sun, 25 Feb 2024 11:59:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F6915129A9E3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809189#0/gid:0/gname:root/mode:33188/mtime:1708862369#235249424/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-25T11:59:29.279Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/2.js

185.155.186.25

200 OK

15 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/2.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (15146), with no line terminators
Size
15 kB (15146 bytes)
Hash
0bddd3bcca2df107ca5b8187b8e2a3f8
8bb441d73dfd233f8db6bbaffc2b0227a329a0f7
03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/2.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 15146
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0bddd3bcca2df107ca5b8187b8e2a3f8"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F7027339CC29
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809290#963090484/gid:0/gname:root/mode:33188/mtime:1708809290#939090444/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.967Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/3.js

185.155.186.25

200 OK

15 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/3.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (14971), with no line terminators
Size
15 kB (14971 bytes)
Hash
55bab18cf6adc22fc3d91e30c20ce0e6
0f18ff18d3db09841c930241460d61bc136e5a34
b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/3.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 14971
Connection: keep-alive
ETag: "55bab18cf6adc22fc3d91e30c20ce0e6"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F6F2A9C569C2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#30902711/gid:0/gname:root/mode:33188/mtime:1708809291#171090831/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.198Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/6.js

185.155.186.25

200 OK

29 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/6.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (28941)
Size
29 kB (29110 bytes)
Hash
ba847811448ef90d98d272aeccef2a95
5814e91bb6276f4de8b7951c965f2f190a03978d
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/6.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: application/javascript
Content-Length: 29110
Connection: keep-alive
ETag: "ba847811448ef90d98d272aeccef2a95"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C2A2AD29
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#292024605/gid:0/gname:root/mode:33279/mtime:1653412338#597084000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.597084Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img1.jpg

185.155.186.25

200 OK

1.3 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img1.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.3 kB (1315 bytes)
Hash
c3c59916d3b4977017c89125dc42b664
c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img1.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C5927886
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412354#865120000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.86512Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img3.jpg

185.155.186.25

200 OK

2.3 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img3.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.3 kB (2336 bytes)
Hash
5edf4db493423ac10c72a27ad5c4a618
5c535d00eaeaa725b39e3e1167a12de5bd66a1f2
a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img3.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F6698C8E2228
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#109121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.109121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img5.jpg

185.155.186.25

200 OK

2.0 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img5.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.0 kB (2037 bytes)
Hash
6d02d5cf49120718501b9a6629290c48
a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1
84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img5.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F77BA9014B4C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#379750654/gid:0/gname:root/mode:33279/mtime:1653412355#241121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.241121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img4.jpg

185.155.186.25

200 OK

1.2 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img4.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.2 kB (1169 bytes)
Hash
a848711320a9df61e6457f65b0dfa9fb
68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img4.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C5F0DCEB
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#375750645/gid:0/gname:root/mode:33279/mtime:1653412355#181121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.181121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img6.jpg

185.155.186.25

200 OK

2.1 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img6.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.1 kB (2143 bytes)
Hash
f48aa7778890400e3be6131e64cd4236
9341d039b9f7de4eac9070c36fecac2772cc1ba0
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img6.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C73AA067
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#383750663/gid:0/gname:root/mode:33279/mtime:1653412355#293121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.293121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

wmutqnzfeddd.pages.dev/smart89/js/nvidia.js

172.66.46.246

2.0 kB

URL
wmutqnzfeddd.pages.dev/smart89/js/nvidia.js
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (2051), with no line terminators
Size
2.0 kB (2041 bytes)
Hash
2dcb8bbd4be0845b6eba41578137ef61
5c71a26c9c3cc73b15a888dbddbbe6ceb2189984
f84bea5397057e0ab07efc0dd7f7b674783df7234276dc010bb88fb84ddfd4a1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/js/nvidia.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"f423f9c7d2b9809bb9730e80eb5dcd74"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouMT3TMUMA2pjKOtsmqF7qPlIN8ypYwxgDIc3fjQC1Z5hVsKRUfRl3utMtlzbdik%2BmkokTGHRzGMo%2FtettOYwniGO3AxHyBSgped12jTD8p9Ngaf7wvzLAPNJpv%2FMGr0c8EjCbkbZOQs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f8d8f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

weak3w6.lessemujust.live/media/mainstream/all/mb/img10.jpg

185.155.186.25

200 OK

1.5 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img10.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3
Size
1.5 kB (1506 bytes)
Hash
0d0f29abfcedc7dfffe3811a5100a6cd
19567e85aab4fd05d752cfa86f88087465042b0a
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img10.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F669C3B62C83
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412354#925121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.925121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img2.jpg

185.155.186.25

200 OK

1.3 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img2.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.3 kB (1297 bytes)
Hash
92b944714cea3e478a8e50dea1a80b26
f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img2.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F782C7FD8BE9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#53121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.053121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img11.jpg

185.155.186.25

200 OK

1.6 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img11.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
Size
1.6 kB (1610 bytes)
Hash
14ca7a7e1bb1db7a31af7c44a0ae9062
7293947d75065f3def42439f32138127d605bc8f
d8d2b0e0baad97e943838712911352a8c9dd0d5bf2114e78c3d1649bcc0d634a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img11.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1610
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "14ca7a7e1bb1db7a31af7c44a0ae9062"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F669CF241B93
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412354#997121000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:34.997121Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/logo_f01.png

185.155.186.25

200 OK

6.8 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/logo_f01.png
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
PNG image data, 130 x 126, 8-bit colormap, non-interlaced
Size
6.8 kB (6763 bytes)
Hash
192b810ba6ed4b80611aef274d85948d
2835cc503efcd77d03613293dbc33c4cc7b6b5b9
91e5c1968eee9298437a097fd47978a077d667e086593ab0fd7988ef60d2ddf4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/logo_f01.png HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/png
Content-Length: 6763
Connection: keep-alive
ETag: "192b810ba6ed4b80611aef274d85948d"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F6F2BDF7FAF4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223406#15752084/gid:0/gname:root/mode:33279/mtime:1653412365#157143000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:45.157143Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img7.jpg

185.155.186.25

200 OK

2.3 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img7.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, baseline, precision 8, 50x50, components 3
Size
2.3 kB (2264 bytes)
Hash
7364bf39dcf0941d3a1760e46a562710
a358405162193128cceae8551e14648798bd4254
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img7.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F782CA3018AD
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#349122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.349122Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img8.jpg

185.155.186.25

200 OK

1.6 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img8.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3
Size
1.6 kB (1608 bytes)
Hash
5da3831556c780010e0e5c5b967e43ce
574623afde349258b91d44849ef16d483b61e223
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img8.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C6F782CB4A750D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412355#405122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.405122Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/iphone15pro.png

185.155.186.25

200 OK

46 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/iphone15pro.png
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
PNG image data, 300 x 351, 8-bit colormap, non-interlaced
Size
46 kB (46124 bytes)
Hash
901fdfedb54cf1297edd1de54a893cf8
c9cd3908f28908392b45e1a54e7b350993eee53c
f30ac8920f3a3ab6621abad202e015353d46b61233549dfabe927234a9a5b3c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/iphone15pro.png HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/png
Content-Length: 46124
Connection: keep-alive
ETag: "901fdfedb54cf1297edd1de54a893cf8"
Last-Modified: Thu, 12 Oct 2023 21:10:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782CA1811EF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1697145024#790103101/gid:0/gname:root/mode:33188/mtime:1697145024#886103343/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2023-10-12T21:10:24.913Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

wmutqnzfeddd.pages.dev/smart89/js/jupiter.js

172.66.46.246

731 B

URL
wmutqnzfeddd.pages.dev/smart89/js/jupiter.js
IP
172.66.46.246:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
731 B (731 bytes)
Hash
cd6c33fbc221d0271c910af910e6ebed
9b52f24d6f10b885bb19db1c4b531469f96d2914
318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /smart89/js/jupiter.js HTTP/1.1
Host: wmutqnzfeddd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wmutqnzfeddd.pages.dev/smart89/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:40:45 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"57ba525bb338c70835d5893885a8a80a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TYixAvKpqas5wdB1whC57ARQrGCQrzuaulw4jA0KhTP00nqzks0LcRZA6Am0Y%2FZWx58vYfg3SqsYxTTiYp2fQKPfghKz0gofFEE2Kq6NoZC%2FJy%2FHrVTYqePEN9N88%2B3z5My6%2B6%2BFOJDJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759bd232f8e8f5b-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

weak3w6.lessemujust.live/media/mainstream/us/wap/mobsurvey/ff.png

185.155.186.25

200 OK

11 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/us/wap/mobsurvey/ff.png
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
PNG image data, 245 x 253, 8-bit colormap, non-interlaced
Size
11 kB (10691 bytes)
Hash
2f5710ee40aba475e1d0cd9c9c953407
93ac36daaed5f1b86a2f301faddca673393996aa
38450abe3fe9fdc0c5c281fa3bc6532f9ffcd7632d6924f154444fba265a39f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/us/wap/mobsurvey/ff.png HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/png
Content-Length: 10691
Connection: keep-alive
ETag: "2f5710ee40aba475e1d0cd9c9c953407"
Last-Modified: Tue, 21 Nov 2023 12:30:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782E1D2B245
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695324012#424606891/gid:0/gname:root/mode:33279/mtime:1655387479#482644706/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:51:19.482644706Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/favicon.ico

185.155.186.25

204 No Content

0 B

URL GET HTTP/1.1
weak3w6.lessemujust.live/favicon.ico
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Connection: keep-alive

weak3w6.lessemujust.live/media/mainstream/alert.mp3

185.155.186.25

200 OK

8.8 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/alert.mp3
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural
Size
8.8 kB (8802 bytes)
Hash
6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/alert.mp3 HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:50 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 20 Sep 2023 15:23:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F691F46DF6D0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#348024780/gid:0/gname:root/mode:33279/mtime:1655387452#802583242/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.802583242Z
Expires: Thu, 17 Apr 2025 04:40:50 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/img9.jpg

185.155.186.25

200 OK

1.4 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/img9.jpg
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
Size
1.4 kB (1374 bytes)
Hash
a2dbd5c25807fbad37aceb676e90cd66
6972c6df94b50dd66111d5a555bdf2907b6f3e7e
6592c5497d79980109ee577663beac8d709726a63329f893775f89083cc8858e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/img9.jpg HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: image/jpeg
Content-Length: 1374
Connection: keep-alive
ETag: "a2dbd5c25807fbad37aceb676e90cd66"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F669B4297B60
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#304024643/gid:0/gname:root/mode:33279/mtime:1653412355#461122000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:35.461122Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

jsontdsexit2.com/ExtService.svc/getextparams

136.243.216.235

200 OK

537 B

URL GET HTTP/2
jsontdsexit2.com/ExtService.svc/getextparams
IP
136.243.216.235:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectjsontdsexit2.com
Fingerprint48:31:DD:61:15:18:42:C5:25:8C:3D:8D:29:32:35:54:12:C1:59:1C
ValidityTue, 19 Mar 2024 13:03:39 GMT - Mon, 17 Jun 2024 13:03:38 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (628), with no line terminators
Size
537 B (537 bytes)
Hash
f0ff9519ad22b8b518b843ffb173ccc7
2a756d59ca73ebca175cfe427486b7c2b7c18b2f
bfc8dedb9d5109a40b1efa76f59438c1e54993399d2a8a01aff0c1a46d7574a5

HTTP Headers

GET /ExtService.svc/getextparams HTTP/1.1
Host: jsontdsexit2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://weak3w6.lessemujust.live
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 04:40:49 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

weak3w6.lessemujust.live/media/mainstream/all/mb/1.js

185.155.186.25

200 OK

12 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/1.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
JavaScript source, ASCII text, with very long lines (12181), with no line terminators
Size
12 kB (12181 bytes)
Hash
4c0b32d32b0b7317afb94deba5cabeac
ee478251de9e6c4046a72ae0dff93ba1ac06c85a
b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/1.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/javascript
Content-Length: 12181
Connection: keep-alive
ETag: "4c0b32d32b0b7317afb94deba5cabeac"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F702672A5B37
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806892#370901510/gid:0/gname:root/mode:33279/mtime:1708809290#731090096/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.756Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/main-like.css

185.155.186.25

200 OK

7.2 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/main-like.css
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
ASCII text, with very long lines (7181), with no line terminators
Size
7.2 kB (7181 bytes)
Hash
30d4bbfa0a8fa6727a9edb23be989598
39bc311daad791b9c7377e11fbb6f9b24c6b3d46
f2ead250f003ad44fad41af0a1554922e31ab930fa86d90a8f2df62c048c2843

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/main-like.css HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: text/css
Content-Length: 7181
Connection: keep-alive
ETag: "30d4bbfa0a8fa6727a9edb23be989598"
Last-Modified: Wed, 20 Sep 2023 15:23:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F7025D963DE2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412366#569146000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:46.569146Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

weak3w6.lessemujust.live/media/mainstream/all/mb/no/8.js

185.155.186.25

200 OK

1.2 kB

URL GET HTTP/1.1
weak3w6.lessemujust.live/media/mainstream/all/mb/no/8.js
IP
185.155.186.25:443
ASN
#203639 Teknology SA

Requested by
https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Certificate
IssuerLet's Encrypt
Subjectlessemujust.live
Fingerprint17:17:0C:E7:00:17:AB:53:62:87:E2:64:1A:87:CE:D0:5C:D8:F2:D8
ValiditySun, 14 Apr 2024 13:03:59 GMT - Sat, 13 Jul 2024 13:03:58 GMT

File type
Unicode text, UTF-8 text, with very long lines (1314), with no line terminators
Size
1.2 kB (1242 bytes)
Hash
4f9eb4da2af764ef9ea7ec219fbe645f
2798051626be61b360b6697c43ffc6833f825ccf
d72e99a243d5ca936c19aa6501e9065447fe329aa2ecc99b970f60f10d68542a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /media/mainstream/all/mb/no/8.js HTTP/1.1
Host: weak3w6.lessemujust.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://weak3w6.lessemujust.live/avlitlec/?u=6w3kaew&o=uvdg6dv&cid=q1zy5xva&t=sweepwae&f=1&sid=t2~3q5xlkhas3hui2ae4cc24cvd&fp=ECy0QURxS0drRD%2BDgCqQfw%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 17 Apr 2024 04:40:49 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 20 Sep 2023 15:23:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C6F782C0D8363E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#312024668/gid:0/gname:root/mode:33279/mtime:1653412375#277166000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:55.277166Z
Expires: Thu, 17 Apr 2025 04:40:49 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML