Report - play-google-gathreprany.xyz/

Report Overview

Submitted URL
play-google-gathreprany.xyz/
IP
104.21.3.47
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 07:45:50
Access
public
Website Title
Luva Bet
Final URL
play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
72

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.onesignal.com	3015	2011-09-10	2015-04-22	2024-04-24	439 B	2.5 kB	104.17.111.223
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-25	2.2 kB	0 B	0.0.0.0
play-google-gathreprany.xyz	unknown	unknown	No data	No data	31 kB	1.3 MB	104.21.3.47
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-25	485 B	1.8 kB	142.250.74.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed
2024-04-25	medium	play-google-gathreprany.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/js/jquery.min.js	88 kB	2023-10-13	2024-05-03
Pretty URL play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/js/jquery.min.js IP 104.21.3.47 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 22:05:06 Last Seen2024-05-03 15:00:43 Times Seen10995 Hash c9771cc3e90e18f5336eedbd0fffb2cf 6ee8aaa3ac1f4e0ae18717a3fd26892e9f0e4cc5 3e7501d15c3630e791c8b20392eb9dee31a9f65ce3efdde76cef5c710141ab24 Loading...

	play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/js/uaParser.js	19 kB	2024-04-25	2024-04-25
Pretty URL play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/js/uaParser.js IP 104.21.3.47 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 09:45:56 Last Seen2024-04-25 09:45:56 Times Seen1 Hash fae74f6b710e428ad5ca0378fc339859 0d8f92bc5fcfb0ef72ee329f0a0763524443b5bd 9735a83f5152c01eefe3ca9457e3b440502b60246d60f232196eb36c126f2125 Loading...

	play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa	1.3 kB	2024-04-25	2024-04-25
Pretty URL play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa IP 104.21.3.47 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 09:45:56 Last Seen2024-04-25 09:45:56 Times Seen1 Hash ced382f5a38aa794b4bbed4d85810aec f6bfd4be8b58352c4dd9bd69dcf97c7ad4cfc54b d957645705977b3e263c85a1c41250cb7a1d396727bdc873dc34986e5ef3024a Loading...

	play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa	13 kB	2024-04-25	2024-04-25
Pretty URL play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa IP 104.21.3.47 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 09:45:56 Last Seen2024-04-25 09:45:56 Times Seen1 Hash 8028e0115a3de55590c3e95313d4c90f d0ac8ae10bb5cea06aa82eaf9dfe0b0c7aa5dfe4 971ee17dd269d572fe333ca85c528749dd2ddf495e3ce29f6a99a59847cf0b1f Loading...

	cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js	1.7 kB	2024-03-29	2024-05-02
Pretty URL cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js IP 104.17.111.223 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 05:25:11 Last Seen2024-05-02 09:58:40 Times Seen28 Hash c9bad19ca9a1e2dfab454f1faa3fadcf e8b449b415b3ff9d589659c2f1270a0efa551036 5a8c9a1e5c6b40425fce6ffbef960972322ab37c4a68795145ccc3dc098fc900 Loading...

	play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa	0 B	2023-03-07	2024-05-04
Pretty URL play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa IP 104.21.3.47 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 17:43:27 Times Seen37340332 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (42)

URL IP Response Size

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_7.jpg

104.21.3.47

200 OK

5.9 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_7.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
Size
5.9 kB (5888 bytes)
Hash
4973a6b497ccfa4ad55210f741130997
a07260767ae4aabbecd531a68293c27cac98d21a
bbe648b2d31477152b1887aa59bac33776e4dad6c71a30679d433dba75b6f0bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_7.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 5888
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-1700"
expires: Fri, 03 May 2024 18:19:15 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: HIT
age: 134769
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6t7AJbqZyFxRmc1ZgKtTbUjvPrjmEQLpPS22KdjfF3T9Bidr0pOiEZNKI7TPuO6VhT4DfhSvdzPlxfUpX4twjHxqd5X0ldl9uyAD2oHacP4BVFkbcllofNkzfRSDzoEd1Yt60oj0rXbtDb7hdtc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e5eef7127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_1.jpg

104.21.3.47

200 OK

1.1 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_1.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 32x32, components 3
Size
1.1 kB (1136 bytes)
Hash
ef808c0eabf8c425914c5d386288125c
bf66dae21fd148e6a703d8d8141b0beec071ff6d
06a8f7be93cddd0f6043d8fd6d1c8543446cff40dd418fef18eeec184c2cedad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_1.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 1136
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-470"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0gwyB3LVxfmLs4Haj373AeMy%2BEtMLp1%2FNMR%2FRQKYoNKZZtcrpTce7OaQ%2Fbi%2FZZRU7x%2BeaKIHH6hHPxkchDYx35WLUuvcV7uBAp2N2dD0bLL1iQ3wCor9LprHVVjTNsw0LC0nu02yhYUJtsIf2nA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ede7127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_5.jpg

104.21.3.47

200 OK

980 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_5.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 24x32, components 3
Size
980 B (980 bytes)
Hash
5a1d81179dfdd3813e7df81ad43d96f7
3bfd1e4c402cfacc1db64945a84b2520a8a9c73c
0acdca6edc9301fb2ad6b47c25587c395952569ebf740e4bdce75702f7add906

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_5.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 980
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-3d4"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lwqiW%2FVdzRwa9LJh4Uaznci9ur3bbwJAhfS52oZW9UMaWiHO6BupqRxiAwrI1fcsOFsX1Dbain2zMeVyjDEHI6nSElkVLDRJTTKiiuHXnEr0%2BvBa4kVG2B38mF%2BfYB1zfxyDN%2FFCVBcaAVJKCQ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ee87127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_4.jpg

104.21.3.47

200 OK

1.5 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_4.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 32x32, components 3
Size
1.5 kB (1458 bytes)
Hash
17ff1ccdb2a25691ceff8940c8d5e9dd
8be4e47d262baae3a8c5751e6690e129f533e2f5
e50b55fb6ab12ee66bee62d92ab4f8f147c2c5e38b4ea69bd016c7e1197d754e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_4.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 1458
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-5b2"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=phaObg91%2FcsN3ppb9wGSiUqr%2FzCVec2bwZ%2B8soP2NdZG3xM2XkN6M4dfauLLesma9bSLhXogOzu3%2BbOiuP07QacPdJttBiRkiWuxGdi%2Brc8%2BM4vw0LmLoU%2BTaFcSCuRA%2BYS%2FvW9Bf3FPwvYBKUA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ee77127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_9.jpg

104.21.3.47

200 OK

7.2 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_9.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
Size
7.2 kB (7177 bytes)
Hash
7a6a42e71a0343685e77998525c65628
203c7a44dadb3586e6f645ac3f740ed7752a6118
e421e0d17508585bcc1dda36c7862eb49c91bd22a89ef7639a1436866650c2de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_9.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 7177
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-1c09"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gTZHlyByVa3iTM1eIEDtF7%2B9rdaYbjOj8KRaPRwS2kYej7qNm%2FddCB0IxbtCGOroBhaMMoop80KHzOvmiftHuOffY1Ihwh3p5kPU1ecWaYxwyw3Z%2FawiAFOTXXH56TQL%2BJ4SRkuWfMGU6dUr%2By0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e5ef37127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_3.jpg

104.21.3.47

200 OK

839 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_3.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 32x32, components 3
Size
839 B (839 bytes)
Hash
fc1231d95c63467fce3b5eab817e1888
8cc285d5bd033d033e96d64dbf7682b3db5f08df
52832c6fc41d8a2139404795fd0cad7cfaf8d3dfbaa490f72528273453d1c1a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_3.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 839
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-347"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CRjne2TjLkzWNWYdJUgUacD4aBeK7WIn%2FoCKaBg5mWD21%2BSndq%2F0KYtYeSEhKlRxdIzhgbcw8hmMvu06u3lJVyJ2gZtFcNZcDzq3ubXkbAlnsxvZhlxgMpq6k7kr%2FKl0BE6PlEXm%2BuVvX7QANSQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ee57127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_8.jpg

104.21.3.47

200 OK

5.4 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_8.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
Size
5.4 kB (5371 bytes)
Hash
da1262b0afe1c0dce1278574120465f7
58023f4ec1d9a0cb0d82c7760edb88b1af4cda2a
659346784fb456516c4d4121241475b6a5d02ae71404b5390045d832b014bf6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_8.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 5371
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-14fb"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RKcwu5%2BPmIZ%2Bt8iG71djaBHQQP3wKqhp%2B%2Fx3oK3d9caxKRWlpB4RBuIQIbxv5gfzk9m1gH9u6%2F95qRdhXoo9KpbGauE5edNbahJ6wwxzX7j4l8sIntwttHR8ut2Ifc2IcZs4D7fgY0hAqS7APJw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e5ef07127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_6.jpg

104.21.3.47

200 OK

7.4 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_6.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
Size
7.4 kB (7365 bytes)
Hash
a45f1f9dff5f3af2db84d438e34f7d69
f135f9f73020154ab862928e5b22b5b546b840bf
242fa08f8380aff04fdfbf356aa3a20a5a65817042057a107e45afbfe5a2e7bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_6.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 7365
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-1cc5"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gj4c2hWTbnZIctXS7nBRFQUsSEH6x81yGaT8jmIVgZhbW8kMvt%2BnJ3gCalW1M3aFB152pUfPiqA2boqZGYfmMuky9nuokUGBGvJxIRA45bKIftY02U1SwfKUtqO81NbCVZOYWDpplZW6ejxtUG8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e5eed7127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_2.jpg

104.21.3.47

200 OK

984 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_2.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 32x32, components 3
Size
984 B (984 bytes)
Hash
06761095d42e4244e03e7f13bfbc2b82
5f27ef2b0f717b43365654b1917b1e92fc2e9a8c
4bdfdd44fae0379d43c7a718c57c1920ed34f500a036f80448393efd31cc432a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_2.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 984
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-3d8"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kGD3yxv0rqfaKxjorV5%2FnVovR4a9XwnHNoNztPU8vqMFa7j8rurvND%2BX4jFVnn4u2NvzvvjZsYXaEg5xdvH3KsGbSP%2B2%2F6olY8B82EEWELlkj5dGE%2BHJmyVXkcaxZjei94H7AVjp5C5Sa4r3r6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ee17127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_10.jpg

104.21.3.47

200 OK

2.9 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/ava_10.jpg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
Size
2.9 kB (2861 bytes)
Hash
4d90ef36f31719a6a6192db003e34d3e
fa13937629cb13819e509d10b66ed4ffd2a9d3f9
7793dab9c7c8dea4a384d09fb59cc8763a5a5e58fdf6267d40dfd47a404b95ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/ava_10.jpg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/jpeg
content-length: 2861
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-b2d"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oKF27QMmsBs5mNn6%2FOvchVpiNMUbzPF34LGApihfv0V1JVkWdj%2FKZWI3UXmZDah7U73B4ZGJsa4xXvIG8YxhPBkReNSffXdFqisr0dD7Lew3XIEod7%2F%2FRKj4GZ%2FRxFmROV9CQIIxGpxhfVpmMT8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e5ef57127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_close.png

104.21.3.47

200 OK

427 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_close.png
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
PNG image data, 96 x 96, 4-bit colormap, non-interlaced
Size
427 B (427 bytes)
Hash
26e9ae28962f669b44198d28293dbe30
27b6e3581b6c98fc5934f4e4af1698cab270ef7e
f67d193e6472e73251254135e0eee99f529bb8d14c4e434d40d9e7a53a37ce9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_close.png HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/png
content-length: 427
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-1ab"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B307zvA6lyLUks39X5XfVkTet5BcQdhAT3qdP1q%2FiF6plR2FNgl02LW7gg2fXYseUBfi9huVRvQf9s3pAQa%2F4r4KLP%2FpfAxeaO%2F1GezyN5sPLONxbVZs2dTQe8u7AynBeJPj1D%2F905qWyqPy4Rs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e6efd7127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(14).webp

104.21.3.47

200 OK

127 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(14).webp
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
RIFF (little-endian) data, Web/P image
Size
127 kB (127022 bytes)
Hash
7e6d2580176f23b7b03f338e894b1335
8a27367ec88e9055cbd20ab41c51dd8ad67a5118
72a59744638a789bb73d38073d157a3c4b1db3e78bc0f136a93b9f34e42d2c1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(14).webp HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/webp
content-length: 127022
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-1f02e"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2F4ZIhi13y27NyEdYUo1v2WyNF8%2FWb0WjJ8GzBJu1weIikV%2Bw9UNWzzcCDmUQ7zRzLPcVyCZUA5xgmD6LjzhQaNdysW2vShO9KbOhQKde0okr1ys5OUVoO%2BdRn229SzaW7FIfbmddFiGzleVsTA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ed37127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(11).webp

104.21.3.47

200 OK

132 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(11).webp
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
RIFF (little-endian) data, Web/P image
Size
132 kB (131878 bytes)
Hash
4cbb4c602e9a16bb0d802fe50eb4d70c
4a949726538ec78b043514c1d4e7b2b2a47bf5b6
8a7b15a5efa2ec10692f17a690635ea3c093f99783c6995f8bbb3c28208b20c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(11).webp HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/webp
content-length: 131878
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-20326"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x6tS8KiMWKFptj5dblljSnI034XkwwxRdGCp2KYtXHlimHiVZFzP6Fy4OoZ9jO7Wc1d1tNKJduz9YfP6E8XvBsTueakEbTMpGvuNvXkfsQUGerGQPf3sRIauyrMr41%2BqUsRS3MqzpsK1O9vPOHE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e3ebf7127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(12).webp

104.21.3.47

200 OK

180 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(12).webp
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
RIFF (little-endian) data, Web/P image
Size
180 kB (179918 bytes)
Hash
4ef8a004e9065bf25bc536d8e396ae58
efa56f2f50fb3f21cc70ce36b42817ac6bf116c0
6af0857811922eb5a91213a6cce89b9cbfa2207e62b6850e12cec84aa8f59771

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(12).webp HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/webp
content-length: 179918
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-2bece"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvCEgpyCD8RVa1bWsyGnNvgU99jDXUuP6sDUDAnDaUFrvbvKuZHdEN1sqYIs0p9fh9gYqmKmqqsbzbCpin40EJfvmk9aX3%2BZGciDdJpsSHIeReezkllbco2Lwi13JlyLtfonhpAfmKY7ufy3bk0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ecf7127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(13).webp

104.21.3.47

200 OK

183 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(13).webp
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
RIFF (little-endian) data, Web/P image
Size
183 kB (182772 bytes)
Hash
77e0aebe34ee007da5c0b50cbdefca3c
b1f53cd89559721a996685b81ac383be8d7c2d97
c031b7999e85ecc105c79a4241208c6e22baad8effb0eab745a2875f034d6e72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/unnamed%20(13).webp HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/webp
content-length: 182772
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-2c9f4"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pJDgJPE3b%2Boma5%2BHBBHhzZZ8xJARU5ntgDPkvrFAfTmKqWD9%2FuSVVBxUtu%2BldVqcDTE5jGdUOb5tBC3lPRSy16PEaAZ9MOM2BNFWVO90An%2FDCYwKDsqBDHjFq6R8xslS%2BBL8%2BXo4F6TUMH%2BiLEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ed17127-OSL
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/icon.png

104.21.3.47

200 OK

364 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/icon.png
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced
Size
364 kB (364016 bytes)
Hash
43a2a2c3e1534bc87310aed12e481b55
6b68e416a60db437f4b4d687bade8f42c4b34ea9
616fce40e9b90d172c3ff80f8db45d5695f4bd76f331beff3335ddf831e0c2cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/icon.png HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/png
content-length: 364016
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: "661543d5-58df0"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=repNltC9K1Y4ysR2YmZ2XiIdE3q0lXyPA79G2aOlcajcryGVOKYLWdFqH1wxycBKEWNI5i%2F7w7JNjVur1YtCdwXP6vVqdLaMDKuZgW7ICdh8ZbAJvAI6ArBqRN77wjKrFpwizBCBM9XaqeXSWqc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e3eb77127-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700;800;900&display=swap

142.250.74.138

200 OK

1.1 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700;800;900&display=swap
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
gzip compressed data, max compression
Size
1.1 kB (1143 bytes)
Hash
585b13094d4376bddb45d1378869ac85
489999bd95545dce92b7eba45982474490dbff1e
12a10ec134c8b08298c1de69cacadc68cbd5ea5d4cb1403c31c249a9df9fb737

HTTP Headers

GET /css2?family=Montserrat:wght@400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 25 Apr 2024 07:45:24 GMT
date: Thu, 25 Apr 2024 07:45:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_lock.svg

104.21.3.47

200 OK

999 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_lock.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
999 B (999 bytes)
Hash
d950dd16c0657b1c82b02f16fafed968
45a3fbe15926951f49def8ab64eb85cde3fc0d70
932533fb9bf574bb1b71e61ff42d99c7309fe23e8cb8d522e5b5b87934689a62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_lock.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-3f5"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l9%2Bmp8LF%2FYTJUiFlqdDHVd45GfNSx3fvsTWDXtAsblsFycD%2BgL9%2BqDQd%2FML4%2BDaeNSZ5xuqrUzvlfh1aJPgIm3m7QM8xEsFX5f7W4hsHaOdJDTNygdzbLnwQkyaYCYMNySV98mx2ogkQlkCRiSo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ed57127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_downloads.svg

104.21.3.47

200 OK

647 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_downloads.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
647 B (647 bytes)
Hash
91ea58f7d3d9ba78c33526fe3066bd3c
1945cf243a16d857eaaf20d9354ed162ceef668c
ca8179979790b5da4b66f047d7dc5860cebc8bb61979c4838e989a811e12bd6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_downloads.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-287"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pSH9vz8qRp8El5W3Nqmj0mt%2BnmxsXGGexUBx9sBNX6mz30HTGZYKc8y2843S28vQBG7KWrIQWFqw%2Be6LNFZ1w5JvwvN59KeZH6Z3OP5nQ9loTaEm%2BfXaaPZKybjXzBGQzKQfp4Y91AMj0VslBNc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e3ebc7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa

104.21.3.47

200 OK

40 kB

URL User Request GET HTTP/2
play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type

Size
40 kB (39754 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _subid=376l60jb37or; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzfSxcImNhbXBhaWduc1wiOntcIjYxMlwiOjE3MTQwMzExMjN9LFwidGltZVwiOjE3MTQwMzExMjN9In0.OviyFUQCiBByi9__jVENib9BE5McnUaEoBY-yYALq7g
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:23 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 25 Apr 2024 07:45:23 GMT
set-cookie: _subid=376l60jb37ou; expires=Sun, 26 May 2024 07:45:23 GMT; path=/
4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58; expires=Fri, 19 Aug 2078 15:30:46 GMT; path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M0JYwIOprsA0NEp0YsDLru2T4jLGtacaE14GAwIRIxo0ilY%2B%2FfsUbk4ZwFSAZSFvFarUWU5rUp5qHx3jIVE9VbM0O4BnazkU0Zx3Iqk2SE%2F6YPbVf8lk3b%2FU3FInrRuoT%2BCDwJyRrRpCLz1tKUc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb69c696556b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/script/manifest.php?start_url=https%3A%2F%2Fplay-google-gathreprany.xyz%2F8hz40ro

0.0.0.0

0 B

URL GET
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/script/manifest.php?start_url=https%3A%2F%2Fplay-google-gathreprany.xyz%2F8hz40ro
IP
0.0.0.0:0
ASN
#0

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/script/manifest.php?start_url=https%3A%2F%2Fplay-google-gathreprany.xyz%2F8hz40ro HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_arrow.svg

104.21.3.47

200 OK

219 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_arrow.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
219 B (219 bytes)
Hash
126337c334dc82061091a1314dc0f2be
2538f5744c1ffbc47b1a29fb4290dee948e84868
5ef67d5f150f264ba9b0482d25dcd5e607552368e0123d1b6985b5e1607181e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_arrow.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-db"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SIkER1RGr8JxjEb4WVHjcPEU4DJe64y38DfR5X7rstFf9ej%2F9urvg2M5uYpFLh0FxoKGDuIw%2FEva7tjZw8KOyyEfnB7X30WEJ6wtrT5AE5%2BMS1EZRmSyH%2BON7m3O%2F0ccXTKpaGAxqkQERusyU1k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e3e9c7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_star_gray.svg

104.21.3.47

200 OK

252 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_star_gray.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
252 B (252 bytes)
Hash
5024b2f950143ca076464c137dbc14b4
0fbeec8748118146199918b62b8d37bcfe7eba0b
2a42b784e11afef58e94c671cbf57fc89c08557f7cf4c09f9fa505cabcd5cc5e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_star_gray.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-fc"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UXQhEvrCA37eJmo%2BA2mdKazxDsinly0thrzzDgpG42QTIJNCsl8MUUk%2BPoKvPrX5ekK%2BmnFY1S%2F5GO1HDyNM1oBUFDqh4DzO8zn08gWdOgOorancMssOQrxSHRgzzYqGNarxbOm0Riqm%2Bkqc%2BQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4edd7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_3.svg

104.21.3.47

200 OK

156 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_3.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
156 B (156 bytes)
Hash
d8b75ab89441e7c748dae80fa82f4d4d
2412b77517c56faaae5b0dc232097e2056610769
e32563203e47cbc716b8b688facce6a22d10ac3f68a330641cd3c5a8177da222

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/rect_blue_3.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-9c"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ltsb%2FlG%2F3Hr852myAuEtDHSqpVdoLkEl7f13BrFwIpW4diOUfDYaJsvI7nmyAZLs4OMt3XMiJ0eGMTMyOxgVobe9Fe9hvJn750mBZmclu9urW2wTFtiXm4bBaUZFAX1Rewm48%2FhihX6GUS6g8o0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ed97127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_1.svg

104.21.3.47

200 OK

156 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_1.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
156 B (156 bytes)
Hash
7fc0c6b684d32fd87306834fb911e362
a7f9a4f3874fad961c315ecb3f601d7860485e5d
f109c0881f452754551e719aa537dc4098127cff74fb4e0567b8ffad658da54f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/rect_blue_1.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-9c"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IbUZBWUWnIObmxbZi32B1XHY5rzYR1BsGo65l20tgE%2B8cZMXevIdozkhqr1HReP4lDPelf8QoNwqNgoPOhbTIoGuOGCrl4gAno%2BEWrxoZ20csA%2BjcHmMorzi5YOe%2BPGO%2F8EXbTGpvkMJFZaSx64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4edb7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/style/style.css

104.21.3.47

200 OK

8.6 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/style/style.css
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
ASCII text, with very long lines (8606), with no line terminators
Size
8.6 kB (8602 bytes)
Hash
e8a96c073e63747e4f1e43e8f5fcdf1b
d8e53f1ebfe4459e0bfb4d0dc9f1d2d94098b714
7cd53ca55f7f813da80d89f843472c0e58bb2a70cbba31a326175cdb7058096d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/style/style.css HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: text/css
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-219a"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kZ6lzv%2B9XsEWd5AiiCaBEWVmWjG%2F7zolVc88aIsvQHfKYiPrROl6NG%2FqDZpkVNXFiezrOKdwYYUu%2F6Za2spSae4YpFxmM1nzhct9xAjP7Hbj66vDLqyTwpdrkyKvohYfvcJP1U67g9ZZxXny%2Ff4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e2e7b7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_zoom.svg

104.21.3.47

200 OK

1.0 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_zoom.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1010 bytes)
Hash
a81b73bca75f836145dd591b8cb59cf8
68bdf5c66e3fcba96e123a0e3d6bd3b6b44cad0f
6dcfb31f6307ea70d1204434b4dd3fe37743f3a367c5f0970780fa03f0bb0754

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_zoom.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-3f2"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iMZTtw1LKnps%2BjzdS1CkrQlj%2BS2T9YMnaYI207Sm%2BABQ22xL7rd%2FzTa6pMYnL%2FMdlb91MPG2JPEcKEwwRxEgEXRTLcKl8UmpAEcLCaCWcN%2Fkh9av6PivxkTsKhl%2BA1s5b1AIh8hQber4YmlTSog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e3ea07127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_star_black.svg

104.21.3.47

200 OK

252 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_star_black.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
252 B (252 bytes)
Hash
4d74a498f1af33e1c651f6146e14d20a
13c9432e22514354b16c784f037d0c714d69aec4
32f8c15f1c550e92b12075a3e461ee1c15070ade04897bad67c7da3510e2d60d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_star_black.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-fc"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1sGBQ7WelHblTqc01HvkzxcFKzgujlWx5XBbk9npgHWm0AF%2F4Kl%2BrsrYm2L4l7xO4MRb6%2BVRP7WnKFgN6Oomh6SeUGTrlZzMBfzh9UixQfpMF8%2BGc%2B5u8Zaa6%2Bv0dgzJJ6i3JMGH9lM8WXrKjsQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e3eb97127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/js/jquery.min.js

104.21.3.47

200 OK

88 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/js/jquery.min.js
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
88 kB (87532 bytes)
Hash
c9771cc3e90e18f5336eedbd0fffb2cf
6ee8aaa3ac1f4e0ae18717a3fd26892e9f0e4cc5
3e7501d15c3630e791c8b20392eb9dee31a9f65ce3efdde76cef5c710141ab24

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/js/jquery.min.js HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: application/javascript
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-155ec"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGG0oH0x40Qr8oVKgdLvDdKXQ9SMvEfteJt9UdpljNzhflXMJP8cJbu%2F7Kmf%2BX5%2FQMFzh6ULbK9Vs1zkWhCRwW60uzUyuvY20c8BEqkYrZ4q%2BlZhOsxiTO3ijE4euoSweWiKB44YaJGY56wd1Q0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e6eff7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js

104.17.111.223

200 OK

1.7 kB

URL GET HTTP/2
cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js
IP
104.17.111.223:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerGoogle Trust Services LLC
Subjectonesignal.com
Fingerprint28:4D:B2:BB:68:03:29:A7:D8:CB:4B:48:D4:14:BD:A4:4C:0F:D8:70
ValidityMon, 01 Apr 2024 23:12:28 GMT - Sun, 30 Jun 2024 23:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (1766), with no line terminators
Size
1.7 kB (1741 bytes)
Hash
991b01dd377e282ecdce63f4c7a9c337
502552331f169dd27f10a63ac511619e2e9d8b06
3c8001c5da6f8c6a841999ebfba361a8b9293d71f5699df9f2fad9e96ce8d89f

HTTP Headers

GET /sdks/web/v16/OneSignalSDK.page.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: application/javascript
etag: W/"c9bad19ca9a1e2dfab454f1faa3fadcf"
access-control-allow-headers: OneSignal-Subscription-Id
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2515
expires: Sun, 28 Apr 2024 07:45:24 GMT
cache-control: public, max-age=259200
set-cookie: __cf_bm=x_5gEIvV6HWiGa5frGQRRRkuFinyFH4UCYfk4aMqL1c-1714031124-1.0.1.1-AFDL_8Khtx2nrOT1lR7YJx7rlYwwYvuloES6Wt7pSxz2WHoWEns7FnP05q7FPhK3sD3e.lMHoFH0Z1r9RndtoQ; path=/; expires=Thu, 25-Apr-24 08:15:24 GMT; domain=.onesignal.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 879cb69e4f06568b-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

0.0.0.0

0 B

URL GET
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
0.0.0.0:0
ASN
#0

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://play-google-gathreprany.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

0.0.0.0

0 B

URL GET
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
0.0.0.0:0
ASN
#0

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://play-google-gathreprany.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_point.svg

104.21.3.47

200 OK

949 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_point.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
949 B (949 bytes)
Hash
6697a0645f1c1d0ca491cb856de3d8e4
ee61b8a9f069c539d42cae6309bc869247d99960
999f32a420a4397edc429a36ea55bcc6ec7b736a0f62f838534cae9186a0fb0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_point.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-3b5"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2BgQ8d%2Fj4EuKLbd3KU%2BOD99uY7xxmQfNqSfS8md7NgcrYDLw5u6KU4V9odNYxYVv3UUbVYWNiYk4RT6laaGoZynDcUHIoyT5FLHxtMw6S7KZMLeNoVY9OtvYpglNg9LTlUc9V6Iyk7YMujSlDi0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e3eb47127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_4.svg

104.21.3.47

200 OK

156 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_4.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
156 B (156 bytes)
Hash
42c232fe407fdf1df74f8ada7f41c840
b2811e099f9b1cc20168c3d18c95248a73838f51
12455ed93862961ca3ad9b5f5711dfe6639bca1b62bd43ccc2293ca6a23d30e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/rect_blue_4.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-9c"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L5CNq0aBr12PwBnbTKU5Af7aVSImEMRYydhlNR4zIWZyAMlO0WhJiv5fb%2BxyV2p2rhfuJ4E3ZkdusowI8ynjeOP6j3TA3X%2B3dfIaA3rr%2FtLhfk4ajJPi99HW3iPKE43kqEX0u6OF62HkS1AfugA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ed77127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/js/uaParser.js

104.21.3.47

200 OK

19 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/js/uaParser.js
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type

Size
19 kB (19388 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/js/uaParser.js HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: application/javascript
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-4bbc"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tab9lJPuRJMlzWrtl4ztmHJAeRyhhexYyZ5xTF3wNPKBiqoJRqF26IY7wsTDg2u4nbYuBM%2BNpvOFRPnrg7aiJbmY4d7KOlR%2BF8th3i0K7lmuW%2F%2BBlsD4KgRkmqFOiOg6%2F5bNIBByvugafswZYmo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e6f007127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/

104.21.3.47

302 Found

40 kB

URL User Request GET HTTP/2
play-google-gathreprany.xyz/
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type

Size
40 kB (39754 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 25 Apr 2024 07:45:23 GMT
content-type: text/html; charset=utf-8
location: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 25 Apr 2024 07:45:23 GMT
set-cookie: _subid=376l60jb37or; expires=Sun, 26 May 2024 07:45:23 GMT; path=/
4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzfSxcImNhbXBhaWduc1wiOntcIjYxMlwiOjE3MTQwMzExMjN9LFwidGltZVwiOjE3MTQwMzExMjN9In0.OviyFUQCiBByi9__jVENib9BE5McnUaEoBY-yYALq7g; expires=Fri, 19 Aug 2078 15:30:46 GMT; path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=taTp4%2F7RwyUkmcX3tTjrYXt4nxkrh%2B%2FyDT9IFpFQ29l%2FvW2J3%2BYxgRxIQ0G7BvfvUjq5IVVi4q6NFqpeO2eVnvhoBzWCxDJo8cYVRCUWXQijZjiJNMnNNpAj%2BOw7NGJJO%2BjoBZHR6n4CxOuHp3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb69bc8fa56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_2.svg

104.21.3.47

200 OK

156 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_2.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
156 B (156 bytes)
Hash
945192306560983744bc20646856a495
b62fd12a25a31a6dae358dd2c6d347d855ce3384
031b6ab2e4ec5216a43e47af3eaa3046ac3821c45842cacb43c837c58d09d70d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/rect_blue_2.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-9c"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WNyhAGnLlw%2B%2B6KQTHtGcB4dT7cBqM7jXvSUQ7Vm%2BA6GdsqBFqqo5%2BbWI3w6RZk7E4%2By3QRlLEs7MuzifezzzLEvqqCBn0wU7CoPfe%2BfsZlQY1QAV9DMrOXFQ8Yu1MAF2QXh4fJcaJw6RQUB%2Bj80%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4eda7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_star_blue.svg

104.21.3.47

200 OK

252 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_star_blue.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
252 B (252 bytes)
Hash
1ea93a6895199d30fee870f5c1c905fa
6e535881c32872ffdbf12f2bb6ff4d5032699ca5
907556bb8a7d106c1ee570d7248e33f12cdcc4535daff4b20ed5ad36108374c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_star_blue.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-fc"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2EDgwoqD8i%2FrRCfIljEgUIjOaTJrQGQYr9Di604qxstwK6q0WWuMXCaqfZDZMoYWr2eA5MCaUE8GwjUAB67fhNalp39PSn3mFBhSRTCmV7t2WFU%2BHQ8Ac8L6ugRFB%2FNkfnxIPfVe0%2Bwa4yYi9TY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4edc7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_share.svg

104.21.3.47

200 OK

2.7 kB

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/icon_share.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2701 bytes)
Hash
5ac581eaf82db31b5bc6544cc6a44889
1e8a184714c5081bda5a3035f0307e6001faae70
3e48ae1f6db4074a7c447d6b6ed4d472be50d869e9aba325b6740f718df93ad7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/icon_share.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-a8d"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJBezzOAeLmaoumuuZss4xnA0uePWCztWOTh5uUDzUlCuPiX2QIbok%2FFCJM5LJkJQQUnCylux6XjAvLXgGqCdOdWRheLJhTf6k8GMENzkBFMog%2FzQljsvDahjWo9kDT3IBikKr0xBJUPVMsLnso%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ed47127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_5.svg

104.21.3.47

200 OK

159 B

URL GET HTTP/3
play-google-gathreprany.xyz/lander/template-2024-04-09-13-29-50.101922/images/rect_blue_5.svg
IP
104.21.3.47:443
ASN
#13335 CLOUDFLARENET

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Certificate
IssuerLet's Encrypt
Subjectplay-google-gathreprany.xyz
Fingerprint30:6A:B1:A8:C3:C7:82:96:FD:62:BA:55:57:88:2E:4D:86:A9:03:7A
ValidityMon, 08 Apr 2024 08:24:59 GMT - Sun, 07 Jul 2024 08:24:58 GMT

File type
SVG Scalable Vector Graphics image
Size
159 B (159 bytes)
Hash
f2bbe82e7d39eeb437a0bffff1130c7f
c38f50703c4dcd4c7551c9f36907c17209c3b254
49b57a3f097e94047349a567c72fbb367c69868f32038b9e0f3d9afcd1230ed9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /lander/template-2024-04-09-13-29-50.101922/images/rect_blue_5.svg HTTP/1.1
Host: play-google-gathreprany.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa
Cookie: _subid=376l60jb37ou; 4e582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5MTJcIjoxNzE0MDMxMTIzLFwiMTkxMVwiOjE3MTQwMzExMjN9LFwiY2FtcGFpZ25zXCI6e1wiNjEyXCI6MTcxNDAzMTEyM30sXCJ0aW1lXCI6MTcxNDAzMTEyM30ifQ.1wB91_RzmAX8FPzEKQ7eQeTfRKEgc5-4epxzE958r58
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:24 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 13:34:13 GMT
etag: W/"661543d5-9f"
expires: Sun, 05 May 2024 07:45:24 GMT
cache-control: max-age=864000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2xTeWikwko3EkAv4mwjF2LvsO87VN%2Bu7CewJSf9hvazlCekM1R04s6k6ZtqmMSIGQIWGYSvtTA2Zr%2FxYXpWmmkRe7Pea%2FvAMP60BZs8p31qGYWH9o29NpSMsBkGrtUO5wxFyq2lGygqyxIYbSrE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb69e4ed67127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

0.0.0.0

0 B

URL GET
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
0.0.0.0:0
ASN
#0

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://play-google-gathreprany.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

0.0.0.0

0 B

URL GET
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
0.0.0.0:0
ASN
#0

Requested by
https://play-google-gathreprany.xyz/8hz40ro?lead_id=376l60jb37or&sub1=&sub2=&sub3=&sub4=&sub5=&sub6=&key={key}&sub_id_30=open_pwa

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://play-google-gathreprany.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3