| 506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 | 185.155.186.25 | 200 OK | 18 kB |
URL User Request GET HTTP/1.1506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 IP185.155.186.25:443
CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeHTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (637) Hash7d3116d1195546b33c6f74467eddde4c d5e96983f6166264ea443df87f6835097a2c6ccb efbb1268f039047220798da46e4267fa5192f6f81f6c61dc6dd63d75c8f77dd0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:51 GMT
Content-Type: text/html
Content-Length: 17553
Connection: keep-alive
cache-control: private
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/bootstrap-mini.css | 185.155.186.25 | 200 OK | 10 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/bootstrap-mini.css IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeASCII text, with very long lines (571), with CRLF line terminators Hashf0a842b8b8a52bb05e6c729828fbb40e f1fe8a76db92bc9bd3f9d70f3867f03d51ebbae5 eb9fe798331b592bd8fc54d5ede3ac19e961b5aa7c2dffb3dbb17ce5fcb88e01
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/bootstrap-mini.css HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/css
Content-Length: 10214
Connection: keep-alive
ETag: "f0a842b8b8a52bb05e6c729828fbb40e"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A77E1F7F2A80
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223404#571748836/gid:0/gname:root/mode:33279/mtime:1653412343#213095000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:23.213095Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/font-awesome-mini.css | 185.155.186.25 | 200 OK | 1.9 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/font-awesome-mini.css IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeASCII text, with very long lines (1857), with no line terminators Hash8b2fe9dcd9e31f21056ebc3d6667123c 49e6a844f0085d9f653faab8a451742be82ecdf7 e7eb3ba41e31f5d9710bb64a87a5e9e7664143a95f68d0f357fe0d4252bb58d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/font-awesome-mini.css HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/css
Content-Length: 1857
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8b2fe9dcd9e31f21056ebc3d6667123c"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C9A77E221AFCFE
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#911577422/gid:0/gname:root/mode:33279/mtime:1653412350#393111000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:30.393111Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/2.js | 185.155.186.25 | 200 OK | 15 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/2.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (15146), with no line terminators Hash0bddd3bcca2df107ca5b8187b8e2a3f8 8bb441d73dfd233f8db6bbaffc2b0227a329a0f7 03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/2.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/javascript
Content-Length: 15146
Connection: keep-alive
ETag: "0bddd3bcca2df107ca5b8187b8e2a3f8"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A77E2CA45644
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806892#746902194/gid:0/gname:root/mode:33188/mtime:1708809290#939090444/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.967Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/3.js | 185.155.186.25 | 200 OK | 15 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/3.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (14971), with no line terminators Hash55bab18cf6adc22fc3d91e30c20ce0e6 0f18ff18d3db09841c930241460d61bc136e5a34 b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/3.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/javascript
Content-Length: 14971
Connection: keep-alive
ETag: "55bab18cf6adc22fc3d91e30c20ce0e6"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A75E38F2ED15
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#30902711/gid:0/gname:root/mode:33188/mtime:1708809291#171090831/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.198Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/main-like.css | 185.155.186.25 | 200 OK | 7.2 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/main-like.css IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeASCII text, with very long lines (7181), with no line terminators Hash30d4bbfa0a8fa6727a9edb23be989598 39bc311daad791b9c7377e11fbb6f9b24c6b3d46 f2ead250f003ad44fad41af0a1554922e31ab930fa86d90a8f2df62c048c2843
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/main-like.css HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/css
Content-Length: 7181
Connection: keep-alive
ETag: "30d4bbfa0a8fa6727a9edb23be989598"
Last-Modified: Wed, 20 Sep 2023 15:23:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A77E23BBDC80
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412366#569146000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:46.569146Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/1.js | 185.155.186.25 | 200 OK | 12 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/1.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (12181), with no line terminators Hash4c0b32d32b0b7317afb94deba5cabeac ee478251de9e6c4046a72ae0dff93ba1ac06c85a b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/1.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/javascript
Content-Length: 12181
Connection: keep-alive
ETag: "4c0b32d32b0b7317afb94deba5cabeac"
Last-Modified: Sat, 24 Feb 2024 21:14:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A77E252886F8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806892#370901510/gid:0/gname:root/mode:33279/mtime:1708809290#731090096/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:50.756Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/8.js | 185.155.186.25 | 200 OK | 703 B |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/8.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeUnicode text, UTF-8 text, with CRLF line terminators Hasha0ff78ec0d6e7880c3a92bbe6d1bb834 78628e35f7a9d46a503d77bc730a60bf405b5c5a a188c9a05545e59ccdcb1f8038acf685c4c2cd8fd79cad8be5bab86bd868e0d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/8.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: application/javascript
Content-Length: 703
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a0ff78ec0d6e7880c3a92bbe6d1bb834"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C9A80F14B6E722
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#887577385/gid:0/gname:root/mode:33279/mtime:1653412360#61132000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.061132Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/4.js | 185.155.186.25 | 200 OK | 5.8 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/4.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (5828), with no line terminators Hash8c7a2e36533feed8cd5fbca8b8f91114 854cdef22953f1eab3d94eb6b421c433ad34f4c7 f39e5853927b10c6ac0a6c7533160a90a7f08bb2a8c59eb83d7b412f525eeed6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/4.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: application/javascript
Content-Length: 5828
Connection: keep-alive
ETag: "8c7a2e36533feed8cd5fbca8b8f91114"
Last-Modified: Wed, 20 Sep 2023 15:23:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A77E3745A7A5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#292024605/gid:0/gname:root/mode:33279/mtime:1653412338#153083000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.153083Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/5.js | 185.155.186.25 | 200 OK | 12 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/5.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (11920), with no line terminators Hashde362f15f5232df7747f7e741f587fcd 6353ff9bb0db73da818f1bc7250866f3d56bc8f8 e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/5.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/javascript
Content-Length: 11920
Connection: keep-alive
ETag: "de362f15f5232df7747f7e741f587fcd"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A77E5044C6BF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806893#798904105/gid:0/gname:root/mode:33279/mtime:1708809291#359091145/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.387Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/7.js | 185.155.186.25 | 200 OK | 7.9 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/7.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (7936), with no line terminators Hash114f0be35fbff35e205c5f0bc146d864 dad256468614b8bb885233a71b31751edc222c5d 7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/7.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/javascript
Content-Length: 7936
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "114f0be35fbff35e205c5f0bc146d864"
Last-Modified: Sat, 24 Feb 2024 21:14:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C9A77E8B2B6691
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708806894#614905586/gid:0/gname:root/mode:33279/mtime:1708809291#543091452/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-24T21:14:51.568Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/u.js | 185.155.186.25 | 200 OK | 24 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/u.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (24389), with no line terminators Hash89ed4b592ab506a6fca18e95657dfc4f 179998ad5741d669e75521fb943850a808917924 4ef3a6a1fd10bcf96549fd9a09bde836daea3343523644d1830367edc1f9031b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/u.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/javascript
Content-Length: 24389
Connection: keep-alive
ETag: "89ed4b592ab506a6fca18e95657dfc4f"
Last-Modified: Sun, 25 Feb 2024 11:59:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A73B1848FA75
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1708809189#0/gid:0/gname:root/mode:33188/mtime:1708862369#235249424/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2024-02-25T11:59:29.279Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jquery.min.js | 185.155.186.25 | 200 OK | 87 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jquery.min.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (32058) Hashc9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jquery.min.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: application/javascript
Content-Length: 86659
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c9f5aeeca3ad37bf2aa006139b935f0a"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C9A77E276BF257
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#915577428/gid:0/gname:root/mode:33279/mtime:1653412360#809134000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.809134Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/6.js | 185.155.186.25 | 200 OK | 29 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/6.js IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (28941) Hashba847811448ef90d98d272aeccef2a95 5814e91bb6276f4de8b7951c965f2f190a03978d 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/6.js HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: text/javascript
Content-Length: 29110
Connection: keep-alive
ETag: "ba847811448ef90d98d272aeccef2a95"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A77E88F41953
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223404#223748054/gid:0/gname:root/mode:33279/mtime:1653412338#597084000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:18.597084Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/2.png | 185.155.186.25 | 200 OK | 3.1 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/2.png IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typePNG image data, 50 x 50, 8-bit colormap, non-interlaced Hash0e727218699c74faabbe0ad5e12b73b0 122c8a9e849a677d55b48f70ef1bc07e69a700f9 4617364eb6384f95f78d288b828cae9f75f4d3712ff90633ff9c04489c8bc421
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/2.png HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/png
Content-Length: 3087
Connection: keep-alive
ETag: "0e727218699c74faabbe0ad5e12b73b0"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A80F4B0585C1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412359#665131000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.665131Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/3.jpg | 185.155.186.25 | 200 OK | 2.6 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/3.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hash351968d7194acf501347f0b4bda47f6d 61c016a5534700d211fa611bca2566ba84e36c44 5fc57ab8e453607691a7f0657f5bf26aa4f00f208a71e7b7d84435d7d3f8854a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/3.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2560
Connection: keep-alive
ETag: "351968d7194acf501347f0b4bda47f6d"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A80F4B05BA74
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412359#721131000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.721131Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/4.jpg | 185.155.186.25 | 200 OK | 2.3 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/4.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hash242c1429cdc0dcae0996dd446a347eb5 01b14ecdc178b8646a9ee226c749f0c5fcae5ba4 4cf8663aa3cefe3b7514a436fbad2f863f825d74457c238497ec35de1db123bd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/4.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2326
Connection: keep-alive
ETag: "242c1429cdc0dcae0996dd446a347eb5"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A80F52671FC1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#631751220/gid:0/gname:root/mode:33279/mtime:1653412359#777131000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.777131Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/1.jpg | 185.155.186.25 | 200 OK | 2.5 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/1.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hashe06747b406d16b181f67450ab3b58ecd ba09783ca252e0e93732b787052960530fa61928 169b08c3a009321e51aa83ed182af0f3c13f11d2a421688d4fb194f2f929a7ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/1.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2487
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "e06747b406d16b181f67450ab3b58ecd"
Last-Modified: Mon, 20 Feb 2023 09:33:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C9A80F4D656DD1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#887577385/gid:0/gname:root/mode:33279/mtime:1653412359#497131000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.497131Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/6.jpg | 185.155.186.25 | 200 OK | 2.1 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/6.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hashaa5b7125ed7e8f612bb95e62134bfe86 cf18c71adf626a2da3fbe4b574469962c35a1bf8 f3add7195cabb488d9a06cb96aacd8da1e81cec2b791600c6555e1824785f6fb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/6.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2096
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "aa5b7125ed7e8f612bb95e62134bfe86"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C9A80F54EACE09
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#887577385/gid:0/gname:root/mode:33279/mtime:1653412359#889132000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.889132Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/iphone15pro.png | 185.155.186.25 | 200 OK | 46 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/iphone15pro.png IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typePNG image data, 300 x 351, 8-bit colormap, non-interlaced Hash901fdfedb54cf1297edd1de54a893cf8 c9cd3908f28908392b45e1a54e7b350993eee53c f30ac8920f3a3ab6621abad202e015353d46b61233549dfabe927234a9a5b3c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/iphone15pro.png HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/png
Content-Length: 46124
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "901fdfedb54cf1297edd1de54a893cf8"
Last-Modified: Thu, 12 Oct 2023 21:10:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C9A80F23322A8D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1697145024#790103101/gid:0/gname:root/mode:33188/mtime:1697145024#886103343/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2023-10-12T21:10:24.913Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/9.jpg | 185.155.186.25 | 200 OK | 2.6 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/9.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3 Hash9202e3f114009194fb16f0c5a50b862c 74714de3b6247934fbaa9f5e4b2c76d64ec4c14d 1335427c770da556720585771cbcb32f70daa95bb475d804c09955f1e07f8350
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/9.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2581
Connection: keep-alive
ETag: "9202e3f114009194fb16f0c5a50b862c"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A80F59D57D00
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#655751274/gid:0/gname:root/mode:33279/mtime:1653412360#113132000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.113132Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/5.jpg | 185.155.186.25 | 200 OK | 2.5 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/5.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hash852cfd626510246b8bd0cd3bc32d0ac8 70206a229c9f9f220d0f81831fb2b132b9b03796 bf85d1059875ba21248c2194f9ca3cb606a88d56a0f607a0392018ce7d19113b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/5.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2489
Connection: keep-alive
ETag: "852cfd626510246b8bd0cd3bc32d0ac8"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A80F5295E1E5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223405#639751239/gid:0/gname:root/mode:33279/mtime:1653412359#833132000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.833132Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/8.jpg | 185.155.186.25 | 200 OK | 2.5 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/8.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hash4517b2175dc8e4d03b0318800083040b 01ef7855c4323fb3049c203947510481c6ec01a5 fbdf46af8a60426f2c7cf5e031558ef0ffe575ac25c546b9731a25866902e688
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/8.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2534
Connection: keep-alive
ETag: "4517b2175dc8e4d03b0318800083040b"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A80F59A0E754
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412360#1132000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:40.001132Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/7.jpg | 185.155.186.25 | 200 OK | 2.9 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/7.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3 Hash8d720d8ffbd5ccedc150825fe2a224e2 937c1f9784f492cd454ceb69bec6b136fd438691 1b14cf625820534009529ea6df234db44e74d0d86a15170947c206928562fa03
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/7.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2890
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8d720d8ffbd5ccedc150825fe2a224e2"
Last-Modified: Mon, 20 Feb 2023 09:33:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17C9A80F582FDA94
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1676843277#887577385/gid:0/gname:root/mode:33279/mtime:1653412359#945132000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.945132Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/logo_f01.png | 185.155.186.25 | 200 OK | 6.8 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/logo_f01.png IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typePNG image data, 130 x 126, 8-bit colormap, non-interlaced Hash192b810ba6ed4b80611aef274d85948d 2835cc503efcd77d03613293dbc33c4cc7b6b5b9 91e5c1968eee9298437a097fd47978a077d667e086593ab0fd7988ef60d2ddf4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/logo_f01.png HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/png
Content-Length: 6763
Connection: keep-alive
ETag: "192b810ba6ed4b80611aef274d85948d"
Last-Modified: Tue, 21 Nov 2023 12:30:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A75E45486FED
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695223406#15752084/gid:0/gname:root/mode:33279/mtime:1653412365#157143000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:45.157143Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/11.jpg | 185.155.186.25 | 200 OK | 2.6 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/11.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3 Hash19aa3d09c70872b6ac42c4360b3f6227 e3c6f51e0542974a41ba6da34174506fd30e1155 47a406e5ab92d3f42e0ecbc9e80e7458d7cc8b87ca72b0be668aa1dd069f616a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/11.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2628
Connection: keep-alive
ETag: "19aa3d09c70872b6ac42c4360b3f6227"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A80F5A452FF2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412359#609131000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.609131Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/all/mb/jp/10.jpg | 185.155.186.25 | 200 OK | 2.5 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/all/mb/jp/10.jpg IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 50x50, components 3 Hasha846e9065dadd35153e6be9126ab7518 f99ea60494758a09678b92c6b19a9b67bdfd0fe5 8535c8adea8e4648b873160db7d64130b23d38f6128db2b3c785455c864598fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/all/mb/jp/10.jpg HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/jpeg
Content-Length: 2514
Connection: keep-alive
ETag: "a846e9065dadd35153e6be9126ab7518"
Last-Modified: Wed, 20 Sep 2023 15:23:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A80F5A0C64AD
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1693134509#308024655/gid:0/gname:root/mode:33279/mtime:1653412359#553131000/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-05-24T17:12:39.553131Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/media/mainstream/us/wap/mobsurvey/ff.png | 185.155.186.25 | 200 OK | 11 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/us/wap/mobsurvey/ff.png IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typePNG image data, 245 x 253, 8-bit colormap, non-interlaced Hash2f5710ee40aba475e1d0cd9c9c953407 93ac36daaed5f1b86a2f301faddca673393996aa 38450abe3fe9fdc0c5c281fa3bc6532f9ffcd7632d6924f154444fba265a39f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/us/wap/mobsurvey/ff.png HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:52 GMT
Content-Type: image/png
Content-Length: 10691
Connection: keep-alive
ETag: "2f5710ee40aba475e1d0cd9c9c953407"
Last-Modified: Tue, 21 Nov 2023 12:30:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A813082715FC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695324012#424606891/gid:0/gname:root/mode:33279/mtime:1655387479#482644706/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:51:19.482644706Z
Expires: Fri, 25 Apr 2025 22:58:52 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|
| 506p8w3.faykitturn.live/favicon.ico | 185.155.186.25 | 204 No Content | 0 B |
URL GET HTTP/1.1506p8w3.faykitturn.live/favicon.ico IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: openresty
Date: Thu, 25 Apr 2024 22:58:53 GMT
Connection: keep-alive
|
|
| jsontdsexit2.com/ExtService.svc/getextparams | 136.243.216.235 | 200 OK | 9.2 kB |
URL GET HTTP/2jsontdsexit2.com/ExtService.svc/getextparams IP136.243.216.235:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectjsontdsexit2.com Fingerprint48:31:DD:61:15:18:42:C5:25:8C:3D:8D:29:32:35:54:12:C1:59:1C ValidityTue, 19 Mar 2024 13:03:39 GMT - Mon, 17 Jun 2024 13:03:38 GMT
File typegzip compressed data, from Unix Hashf238c3ad72d6a8e32f8f585d36f534cc aae0be088ead77233eea31a63e89b7f00dca04c4 2bc4bdd57426654b4097d3d09713d467edd6000316d96985c6ae9ff84c3b917d
GET /ExtService.svc/getextparams HTTP/1.1
Host: jsontdsexit2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://506p8w3.faykitturn.live
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 22:58:52 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 506p8w3.faykitturn.live/media/mainstream/alert.mp3 | 185.155.186.25 | 200 OK | 8.8 kB |
URL GET HTTP/1.1506p8w3.faykitturn.live/media/mainstream/alert.mp3 IP185.155.186.25:443
Requested byhttps://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605 CertificateIssuerLet's Encrypt Subjectfaykitturn.live Fingerprint57:D1:4F:75:7A:46:FB:9A:6E:7F:E1:EC:BC:12:23:D2:CE:37:3D:64 ValidityThu, 25 Apr 2024 18:22:54 GMT - Wed, 24 Jul 2024 18:22:53 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural Hash6d2d3da2ea28ace816fa4a138829dc18 606e0ec3d7fb05c69f16233cfe1ff0a0ee760505 d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/mainstream/alert.mp3 HTTP/1.1
Host: 506p8w3.faykitturn.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://506p8w3.faykitturn.live/lrfrrpcj/?f=1&fp=ORJIfXWCRN5Pdc//pYcfcw==&o=pn1kfzq&sid=t1~frdotwy2zavzslcdsipwsy1z&t=pshtb_redirectUrl_body&u=3w8p605
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 22:58:53 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Tue, 21 Nov 2023 12:30:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
X-Amz-Request-Id: 17C9A73D85C278DC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
x-amz-meta-mc-attrs: atime:1695324533#997523934/gid:0/gname:root/mode:33279/mtime:1655387452#802583242/uid:0/uname:root
x-amz-meta-mm-source-mtime: 2022-06-16T13:50:52.802583242Z
Expires: Fri, 25 Apr 2025 22:58:53 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
|
|